forked from wolfSSL/wolfssl
Fixes from review, adds some error checking, and adds const variables
This commit is contained in:
Carie Pointer
117
src/ssl.c
117
src/ssl.c
@ -7924,64 +7924,67 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case ALT_NAMES_OID:
|
case ALT_NAMES_OID:
|
||||||
if (!isSet)
|
{
|
||||||
break;
|
WOLFSSL_GENERAL_NAME* gn = NULL;
|
||||||
|
DNS_entry* dns = NULL;
|
||||||
|
if (!isSet)
|
||||||
|
break;
|
||||||
|
|
||||||
WOLFSSL_GENERAL_NAME* gn = NULL;
|
sk = (WOLF_STACK_OF(WOLFSSL_GENERAL_NAME)*)XMALLOC(
|
||||||
DNS_entry* dns = NULL;
|
sizeof(WOLF_STACK_OF(WOLFSSL_GENERAL_NAME)), NULL,
|
||||||
sk = (WOLF_STACK_OF(WOLFSSL_GENERAL_NAME)*)XMALLOC(
|
|
||||||
sizeof(WOLF_STACK_OF(WOLFSSL_GENERAL_NAME)), NULL,
|
|
||||||
DYNAMIC_TYPE_ASN1);
|
DYNAMIC_TYPE_ASN1);
|
||||||
if (sk == NULL) {
|
if (sk == NULL) {
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
XMEMSET(sk, 0, sizeof(WOLF_STACK_OF(WOLFSSL_GENERAL_NAME)));
|
XMEMSET(sk, 0, sizeof(WOLF_STACK_OF(WOLFSSL_GENERAL_NAME)));
|
||||||
sk->type = STACK_TYPE_GEN_NAME;
|
sk->type = STACK_TYPE_GEN_NAME;
|
||||||
|
|
||||||
if (x509->subjAltNameSet && x509->altNames != NULL) {
|
if (x509->subjAltNameSet && x509->altNames != NULL) {
|
||||||
/* alt names are DNS_entry structs */
|
/* alt names are DNS_entry structs */
|
||||||
dns = x509->altNames;
|
dns = x509->altNames;
|
||||||
/* Currenlty only support GEN_DNS type */
|
/* Currenlty only support GEN_DNS type */
|
||||||
while (dns != NULL) {
|
while (dns != NULL) {
|
||||||
gn = wolfSSL_GENERAL_NAME_new();
|
gn = wolfSSL_GENERAL_NAME_new();
|
||||||
if (gn == NULL) {
|
if (gn == NULL) {
|
||||||
WOLFSSL_MSG("Error creating GENERAL_NAME");
|
WOLFSSL_MSG("Error creating GENERAL_NAME");
|
||||||
wolfSSL_sk_free(sk);
|
wolfSSL_sk_free(sk);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
gn->type = dns->type;
|
gn->type = dns->type;
|
||||||
gn->d.ia5->length = (int)XSTRLEN(dns->name);
|
gn->d.ia5->length = (int)XSTRLEN(dns->name);
|
||||||
if (wolfSSL_ASN1_STRING_set(gn->d.ia5, dns->name,
|
if (wolfSSL_ASN1_STRING_set(gn->d.ia5, dns->name,
|
||||||
gn->d.ia5->length) != WOLFSSL_SUCCESS) {
|
gn->d.ia5->length) != WOLFSSL_SUCCESS) {
|
||||||
WOLFSSL_MSG("ASN1_STRING_set failed");
|
WOLFSSL_MSG("ASN1_STRING_set failed");
|
||||||
wolfSSL_GENERAL_NAME_free(gn);
|
wolfSSL_GENERAL_NAME_free(gn);
|
||||||
wolfSSL_sk_free(sk);
|
wolfSSL_sk_free(sk);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
dns = dns->next;
|
dns = dns->next;
|
||||||
/* last dns in list add at end of function */
|
/* last dns in list add at end of function */
|
||||||
if (dns != NULL) {
|
if (dns != NULL) {
|
||||||
if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) !=
|
if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) !=
|
||||||
WOLFSSL_SUCCESS) {
|
WOLFSSL_SUCCESS) {
|
||||||
WOLFSSL_MSG("Error pushing ASN1 object onto stack");
|
WOLFSSL_MSG("Error pushing onto stack");
|
||||||
|
wolfSSL_GENERAL_NAME_free(gn);
|
||||||
|
wolfSSL_sk_free(sk);
|
||||||
|
sk = NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (wolfSSL_sk_GENERAL_NAME_push(sk,gn) !=
|
||||||
|
WOLFSSL_SUCCESS) {
|
||||||
|
WOLFSSL_MSG("Error pushing onto stack");
|
||||||
wolfSSL_GENERAL_NAME_free(gn);
|
wolfSSL_GENERAL_NAME_free(gn);
|
||||||
wolfSSL_sk_free(sk);
|
wolfSSL_sk_free(sk);
|
||||||
sk = NULL;
|
sk = NULL;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (wolfSSL_sk_GENERAL_NAME_push(sk,gn) != WOLFSSL_SUCCESS) {
|
ext->ext_sk = sk;
|
||||||
WOLFSSL_MSG("Error pushing ASN1 object onto stack");
|
ext->crit = x509->subjAltNameCrit;
|
||||||
wolfSSL_GENERAL_NAME_free(gn);
|
|
||||||
wolfSSL_sk_free(sk);
|
|
||||||
sk = NULL;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
ext->ext_sk = sk;
|
|
||||||
ext->crit = x509->subjAltNameCrit;
|
|
||||||
|
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
@ -8088,7 +8091,7 @@ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext,
|
|||||||
ASN1_OBJECT* obj;
|
ASN1_OBJECT* obj;
|
||||||
ASN1_STRING* str;
|
ASN1_STRING* str;
|
||||||
int nid;
|
int nid;
|
||||||
int sz = CTC_NAME_SIZE*2;
|
const int sz = CTC_NAME_SIZE*2;
|
||||||
int rc = WOLFSSL_FAILURE;
|
int rc = WOLFSSL_FAILURE;
|
||||||
char tmp[sz];
|
char tmp[sz];
|
||||||
WOLFSSL_ENTER("wolfSSL_X509V3_EXT_print");
|
WOLFSSL_ENTER("wolfSSL_X509V3_EXT_print");
|
||||||
@ -8133,8 +8136,17 @@ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext,
|
|||||||
/* str is GENERAL_NAME for subject alternative name ext */
|
/* str is GENERAL_NAME for subject alternative name ext */
|
||||||
str = sk->data.gn->d.ia5;
|
str = sk->data.gn->d.ia5;
|
||||||
len = str->length + 2; /* + 2 for NULL char and "," */
|
len = str->length + 2; /* + 2 for NULL char and "," */
|
||||||
|
if (len > sz) {
|
||||||
|
WOLFSSL_MSG("len greater than buffer size");
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
val = (char*)XMALLOC(len + indent, NULL,
|
val = (char*)XMALLOC(len + indent, NULL,
|
||||||
DYNAMIC_TYPE_TMP_BUFFER);
|
DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
if (val == NULL) {
|
||||||
|
WOLFSSL_MSG("Memory error");
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
if (sk->next)
|
if (sk->next)
|
||||||
XSNPRINTF(val, len, "%*s%s, ", indent, "", str->strData);
|
XSNPRINTF(val, len, "%*s%s, ", indent, "", str->strData);
|
||||||
else
|
else
|
||||||
@ -40568,7 +40580,7 @@ void wolfSSL_sk_X509_NAME_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk)
|
|||||||
#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL)
|
#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL)
|
||||||
/* Helper function for X509_NAME_print_ex. Sets *buf to string for domain
|
/* Helper function for X509_NAME_print_ex. Sets *buf to string for domain
|
||||||
name attribute based on NID. Returns size of buf */
|
name attribute based on NID. Returns size of buf */
|
||||||
static int get_dn_attr_by_nid(int n, char** buf)
|
static int get_dn_attr_by_nid(int n, const char** buf)
|
||||||
{
|
{
|
||||||
int len = 0;
|
int len = 0;
|
||||||
const char *str;
|
const char *str;
|
||||||
@ -40609,7 +40621,7 @@ static int get_dn_attr_by_nid(int n, char** buf)
|
|||||||
|
|
||||||
}
|
}
|
||||||
if (buf != NULL)
|
if (buf != NULL)
|
||||||
*buf = (char*)str;
|
*buf = str;
|
||||||
return len;
|
return len;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@ -40621,7 +40633,7 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
|
|||||||
int count = 0, len = 0, totalSz = 0, tmpSz = 0;
|
int count = 0, len = 0, totalSz = 0, tmpSz = 0;
|
||||||
char tmp[ASN_NAME_MAX];
|
char tmp[ASN_NAME_MAX];
|
||||||
char fullName[ASN_NAME_MAX];
|
char fullName[ASN_NAME_MAX];
|
||||||
char *buf = NULL;
|
const char *buf = NULL;
|
||||||
WOLFSSL_X509_NAME_ENTRY* ne;
|
WOLFSSL_X509_NAME_ENTRY* ne;
|
||||||
WOLFSSL_ASN1_STRING* str;
|
WOLFSSL_ASN1_STRING* str;
|
||||||
#endif
|
#endif
|
||||||
@ -40653,6 +40665,11 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
|
|||||||
return WOLFSSL_FAILURE;
|
return WOLFSSL_FAILURE;
|
||||||
|
|
||||||
tmpSz = str->length + len + 2; /* + 2 for '=' and null char */
|
tmpSz = str->length + len + 2; /* + 2 for '=' and null char */
|
||||||
|
if (tmpSz > ASN_NAME_MAX) {
|
||||||
|
WOLFSSL_MSG("Size greater than ASN_NAME_MAX");
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
if (i < count - 1) {
|
if (i < count - 1) {
|
||||||
XSNPRINTF(tmp, tmpSz+1, "%s=%s,", buf, str->data);
|
XSNPRINTF(tmp, tmpSz+1, "%s=%s,", buf, str->data);
|
||||||
XSTRNCAT(fullName, tmp, tmpSz);
|
XSTRNCAT(fullName, tmp, tmpSz);
|
||||||
|
|||||||
Reference in New Issue
Block a user