github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-12-07 18:06:21 +00:00
Code Issues Projects Releases Wiki Activity

ClusterTrustBundle: Enforce max size during validation

Browse Source
This commit is contained in:
Taahir Ahmed
2023-07-06 23:50:30 -07:00
parent 1ebe5774d0
commit 96e610ac18
3 changed files with 212 additions and 183 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/apis/certificates/validation/validation.go
View File

@@ -508,6 +508,11 @@ func ValidateClusterTrustBundleUpdate(newBundle, oldBundle *certificates.Cluster
func validateTrustBundle(path *field.Path, in string) field.ErrorList {
var allErrors field.ErrorList
if len(in) > certificates.MaxTrustBundleSize {
allErrors = append(allErrors, field.TooLong(path, fmt.Sprintf("<value omitted, len %d>", len(in)), certificates.MaxTrustBundleSize))
return allErrors
}
blockDedupe := map[string][]int{}
rest := []byte(in)