[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 111/256: darwinssl: handle long strings in TLS cert
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnurl] 111/256: darwinssl: handle long strings in TLS certs (follow-up) |
|
Date: |
Fri, 06 Oct 2017 19:43:22 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit aa2ea66cdac57868c821190dc30d6bb6d58b4a58
Author: Jay Satiro <address@hidden>
AuthorDate: Sun Aug 27 23:37:02 2017 -0400
darwinssl: handle long strings in TLS certs (follow-up)
- Fix handling certificate subjects that are already UTF-8 encoded.
Follow-up to b3b75d1 from two days ago. Since then a copy would be
skipped if the subject was already UTF-8, possibly resulting in a NULL
deref later on.
Ref: https://github.com/curl/curl/issues/1823
Ref: https://github.com/curl/curl/pull/1831
Closes https://github.com/curl/curl/pull/1836
---
lib/vtls/darwinssl.c | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c
index d6503216a..b4747dcf2 100644
--- a/lib/vtls/darwinssl.c
+++ b/lib/vtls/darwinssl.c
@@ -910,11 +910,26 @@ static CURLcode CopyCertSubject(struct Curl_easy *data,
{
CFStringRef c = getsubject(cert);
CURLcode result = CURLE_OK;
+ const char *direct;
char *cbuf = NULL;
*certp = NULL;
- /* If subject is not UTF-8 then check if it can be converted */
- if(!CFStringGetCStringPtr(c, kCFStringEncodingUTF8)) {
+ if(!c) {
+ failf(data, "SSL: invalid CA certificate subject");
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ /* If the subject is already available as UTF-8 encoded (ie 'direct') then
+ use that, else convert it. */
+ direct = CFStringGetCStringPtr(c, kCFStringEncodingUTF8);
+ if(direct) {
+ *certp = strdup(direct);
+ if(!*certp) {
+ failf(data, "SSL: out of memory");
+ result = CURLE_OUT_OF_MEMORY;
+ }
+ }
+ else {
size_t cbuf_size = ((size_t)CFStringGetLength(c) * 4) + 1;
cbuf = calloc(cbuf_size, 1);
if(cbuf) {
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 184/256: checksrc: detect and warn for lack of spaces next to plus signs, (continued)
- [GNUnet-SVN] [gnurl] 184/256: checksrc: detect and warn for lack of spaces next to plus signs, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 202/256: schannel: Support partial send for when data is too large, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 162/256: configure: remove --enable-soname-bump and SONAME_BUMP, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 207/256: ossfuzz: don't write out to stdout, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 108/256: configure: remove the leading comma from the backends list, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 107/256: examples/sslbackend.c: fix failure of 'make checksrc', gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 89/256: metalink: allow compiling with multiple SSL backends, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 81/256: vtls: encapsulate SSL backend-specific data, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 78/256: urldata.h: remove support for obsolete PolarSSL version, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 116/256: ossfuzz: additional seed corpora, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 111/256: darwinssl: handle long strings in TLS certs (follow-up),
gnunet <=
- [GNUnet-SVN] [gnurl] 144/256: docs: Update to secure URL versions, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 152/256: docs/curl_mime_*.3: use correct variable types in examples, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 74/256: vtls: remove obsolete declarations of SSL backend functionality, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 124/256: checksrc: disable SPACEBEFOREPAREN for case statement., gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 121/256: Curl_base64_encode: always call with a real data handle., gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 153/256: curl.h: use lower case curl_mime* as for all public symbols, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 171/256: http-proxy: when not doing CONNECT, that phase is done immediately, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 175/256: configure: check for C++ compiler after C, to make it non-fatal, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 72/256: axtls: reorder functions topologically, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 165/256: HISTORY: added some recent items, gnunet, 2017/10/06