sts: Reject policies with max_age > 1y, as per RFC

The MTA-STS standard explicitly says the maximum max_age is 1 year. This patch adds a check to the STS library to enforce this. Policies with max_age > 1y will be treated as invalid. See this email thread for some discussion on the topic: https://mailarchive.ietf.org/arch/msg/uta/bnUjy9jxM_Va-lDXVtbB32zIkYI
2025-12-21 15:17:01 +00:00 · 2019-08-31 01:03:24 +01:00
parent 0f487e5fb5
commit f63e5bf0b2
2 changed files with 9 additions and 1 deletions
--- a/internal/sts/sts.go
+++ b/internal/sts/sts.go
@@ -125,7 +125,11 @@ func (p *Policy) Check() error {
 	if p.Version != "STSv1" {
 		return ErrUnknownVersion
 	}
-	if p.MaxAge <= 0 {
+
+	// A 0 max age is invalid (could also represent an Atoi error), and so is
+	// one greater than 31557600 (1 year), as per
+	// https://tools.ietf.org/html/rfc8461#section-3.2.
+	if p.MaxAge <= 0 || p.MaxAge > 31557600*time.Second {
 		return ErrInvalidMaxAge
 	}