Skip to content

证书及私钥解析处理优化及bugfix#298

Open
MiKKiYang wants to merge 2 commits intosecretflow:mainfrom
MiKKiYang:fix_r
Open

证书及私钥解析处理优化及bugfix#298
MiKKiYang wants to merge 2 commits intosecretflow:mainfrom
MiKKiYang:fix_r

Conversation

@MiKKiYang
Copy link
Contributor

@MiKKiYang MiKKiYang commented Jul 22, 2025

  1. 明确限制私钥文件大小
  2. 证书文件及私钥文件加载均进行大小限制判断处理,防止恶意大文件注入导致的OOM攻击
  3. decodePem函数处理过于简单,且对于全类型的PEM文件无法支持,现提供完备的PEM文件decode函数实现

可采用如下符合PKCS规范的PEM文件进行测试:
-----BEGIN PRIVATE KEY-----
MIICeQIBADANBgkqhkiG9w0BAQEFAASCAmMwggJfAgEAAoGBAM4/FeFMbkC+VWA5
NmjYt8Bty64ieC5m6e6r6fsSt2sVnovtHxtBEPBDAviDHzgfNxX/obld2nFD6GSg
MPeZcEcgYg3nb0Znw2iDPK5juwhS8N00/CsttnWpeqfXwCM7wnqtZCZg63NsflTC
+5i7Zw2HQQ1as9wrfPldOYlEqjGLAgMBAAECgYEAioaQuZxOSSoNye1jgBRfht23
+iOouPHima3aIAq4KzKAJNeFFxciu10m96eKJnXA2AO0qf5Bo+XKhxuZCBSE9ew2
PLmNnx9M0eTMsMwtjlSvlYHt8Kg/INAel6dGZFjDuTu49PWUl/W9JPRYvTP8e5LE
a7awbikPEB08wb5efbECQQDoxBjKbCjPH7Ei+GW9cMqfzuyRzaGyTeoNEplQ75Dh
qQYEV8MYOzZW31p+YIs/vjACvD6MXtryXBEF3/3OiJa1AkEA4tVUgV4eC2Wzhzez
Y0RCaLzBansduc0y+Is7ZvGhg0lay30MLvBL6a6YRlE6v8C8ZSvwh/u3M90rgBcZ
biaPPwJBANeVQAzDbmyfwrVL8RcrT1ACG9PS6480YLFo530x1TNcFAmTq0tXFDYT
ukHQc0g/g0IVTa0+8XSFVvLlCbLviP0CQQCb4Thicrg44tn9yURoqibs7RIJx7OE
1MP7U0suEk0I+KcBgdyWgSHZ49bXM8korx2IdSqleFDMvme/baBXNv5nAkEA238a
PkZQJ2vNDTazrH4Ycha0boCnDDiFvP53trXUP53HRozA2EC+pF5oXRANzDojsSvy
ngRT6Y2dFV/qV0yOrA==
-----END PRIVATE KEY-----

MiKKiYang added 2 commits July 22, 2025 17:24
@MiKKiYang
证书处理优化及bugfix
b4e4460 
Signed-off-by: MikkiYang <hecy7@asiainfo.com>
@MiKKiYang
证书及私钥解析处理优化及bugfix
075714b 
Signed-off-by: MikkiYang <hecy7@asiainfo.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MiKKiYang