System: Trust: Authorities - prevent recusrion loop when ca's are cross referencing eachother.

Although this is highly uncommon, it's very annoying when the certificate path leads to an "Fatat error: Allowed memory size exhausted...". If we do end in a loop (e.g. same ca already in the path), exit the calculation and return what we found sofar.
2026-03-13 00:07:26 +00:00 · 2025-04-08 11:41:04 +02:00 · 2025-04-08 11:41:04 +02:00 · 5629911558
commit 5629911558
parent d240c8b0fa
2 changed files with 8 additions and 1 deletions
--- a/src/etc/inc/certs.inc
+++ b/src/etc/inc/certs.inc
@ -107,6 +107,9 @@ function ca_chain_array(&$cert)
                $crt = false;
            }
            if ($crt) {
+                if (in_array($crt, $chain)) {
+                    break; /* exit endless loop */
+                }
                $chain[] = $crt;
            }
        }
--- a/src/opnsense/mvc/app/library/OPNsense/Trust/Store.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Trust/Store.php
@ -596,7 +596,11 @@ class Store
    {
        $chain = [];
        while (($item = self::getCA(!isset($item) ? $caref : $item->caref)) != null) {
-            $chain[] = base64_decode((string)$item->crt);
+            $data = base64_decode((string)$item->crt);
+            if (in_array($data, $chain)) {
+                break; /* exit endless loop */
+            }
+            $chain[] = $data;
        }
        return implode("\n", $chain);
    }