Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add limits to provider ASN set in both repository and rtr. #316

Merged
merged 2 commits into from
Jan 20, 2025
Merged

Add limits to provider ASN set in both repository and rtr. #316

merged 2 commits into from
Jan 20, 2025

Conversation

partim
Copy link
Member

@partim partim commented Jan 10, 2025

This PR limits the lengths of the ASPA provider set to 16380 entries both in ASPA object parsing and in RTR payload sending.

Limiting in ASPA object creation and RTR payload receiving is not covered yet.

@partim partim requested a review from a team January 10, 2025 14:13
@partim partim merged commit ca82ee0 into main Jan 20, 2025
24 checks passed
@partim partim deleted the fix-aspa-limits branch January 20, 2025 16:03
partim added a commit that referenced this pull request Jan 22, 2025
@partim
Release 0.18.5. (#322)
3cbda55 
New

* `ca::idexchange::Error` now impls `std::error::Error`. ([#297])
* Re-export `bcder` as `dep::bcder` if it is enabled. ([#299])
* Added `PublisherRequest::set_publisher_handle`. ([#300])
* Added `uri::{Rsync,Https}::path_into_dir` ([#302])
* Added `Ipv4Block` and `Ipv6Block` and `FromIterator` impls for
  `Ipv4Blocks` and `Ipv6Blocks`. ([#298])
* Made `AddressRange` public and added methods to convert ranges into
  a set of prefixes. ([#306])
* Updated the ASPA RTR PDU to conform with version -14 of
  draft-ietf-sidrops-8210bis. ([#309])
* Enable ASPA version 2 in the RTR server. ([#318])
* The ASPA `ProviderAsSet` now keeps track of its length and exposes it
  via the new `len` method. ([#315])
* The ASPA Provider AS Set is now limited to 16380 entries when parsing from
  ASPA objects and creating RTR PDUs. ([#316])
* Exposed `ca::idcert::TbsIdCert::validity`. ([#310]);
* Protect against maliciously large XML input to the RRDP parser. This
  will allow re-enabling GZIP support in RRDP clients. ([#319])

Bug fixes

* Do not allow backslashes in idexchange handles. ([#304])
* Check the content of file names in a manifest during parsing. This fixes a
  crash when later code assumes that the file names only contain ASCII
  characters and otherwise panics. ([#320])

Other changes

* The minimum supported Rust version is now 1.73. ([#319])
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Koenvh1 Koenvh1 Koenvh1 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@partim @Koenvh1