From 00ba27c5ad34cee612cb8fdf1ee69f414ed2fb36 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Tue, 27 Jan 2015 20:30:45 +0000 Subject: Fix crash in ocsp_url extract --- src/src/functions.h | 1 + src/src/string.c | 40 ++++++++++++++++++++++++++++++++++++++++ src/src/tlscert-openssl.c | 16 ++++++++++++---- 3 files changed, 53 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/src/functions.h b/src/src/functions.h index 2e18fd963..9d0ca190c 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -391,6 +391,7 @@ extern int stdin_ferror(void); extern int stdin_ungetc(int); extern uschar *string_append(uschar *, int *, int *, int, ...); extern uschar *string_append_listele(uschar *, uschar, const uschar *); +extern uschar *string_append_listele_n(uschar *, uschar, const uschar *, unsigned); extern uschar *string_base62(unsigned long int); extern uschar *string_cat(uschar *, int *, int *, const uschar *, int); extern uschar *string_copy_dnsdomain(uschar *); diff --git a/src/src/string.c b/src/src/string.c index 71c7f6f8e..f4e44cabb 100644 --- a/src/src/string.c +++ b/src/src/string.c @@ -1008,6 +1008,46 @@ new = string_cat(new, &sz, &off, ele, Ustrlen(ele)); new[off] = '\0'; return new; } + + +static const uschar * +Ustrnchr(const uschar * s, int c, unsigned * len) +{ +while (*len) + { + if (!*s) return NULL; + if (*s == c) return s; + s++; + *len--; + } +return NULL; +} + +uschar * +string_append_listele_n(uschar * list, uschar sep, const uschar * ele, + unsigned len) +{ +uschar * new = NULL; +int sz = 0, off = 0; +const uschar * sp; + +if (list) + { + new = string_cat(new, &sz, &off, list, Ustrlen(list)); + new = string_cat(new, &sz, &off, &sep, 1); + } + +while((sp = Ustrnchr(ele, sep, &len))) + { + new = string_cat(new, &sz, &off, ele, sp-ele+1); + new = string_cat(new, &sz, &off, &sep, 1); + ele = sp+1; + len--; + } +new = string_cat(new, &sz, &off, ele, len); +new[off] = '\0'; +return new; +} #endif /* COMPILE_UTILITY */ diff --git a/src/src/tlscert-openssl.c b/src/src/tlscert-openssl.c index de6979a18..b100e222b 100644 --- a/src/src/tlscert-openssl.c +++ b/src/src/tlscert-openssl.c @@ -406,9 +406,13 @@ for (i = 0; i < adsnum; i++) ACCESS_DESCRIPTION * ad = sk_ACCESS_DESCRIPTION_value(ads, i); if (ad && OBJ_obj2nid(ad->method) == NID_ad_OCSP) - list = string_append_listele(list, sep, - ASN1_STRING_data(ad->location->d.ia5)); + { + uschar * ele = ASN1_STRING_data(ad->location->d.ia5); + int len = ASN1_STRING_length(ad->location->d.ia5); + list = string_append_listele_n(list, sep, ele, len); + } } +sk_ACCESS_DESCRIPTION_free(ads); return list; } @@ -439,9 +443,13 @@ if (dps) for (i = 0; i < dpsnum; i++) if ( (np = sk_GENERAL_NAME_value(names, j)) && np->type == GEN_URI ) - list = string_append_listele(list, sep, - ASN1_STRING_data(np->d.uniformResourceIdentifier)); + { + uschar * ele = ASN1_STRING_data(np->d.uniformResourceIdentifier); + int len = ASN1_STRING_length(np->d.uniformResourceIdentifier); + list = string_append_listele_n(list, sep, ele, len); + } } +sk_DIST_POINT_free(dps); return list; } -- cgit v1.2.3