diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2014-12-25 13:30:12 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2014-12-25 20:12:12 +0000 |
| commit | bfbad1dddf8b26ef0e14e48a36edc4a8bf1425e4 (patch) | |
| tree | d4a76f7144e7f6e3dba6135f15173fd68fce5024 | |
| parent | 3c71915d2f4f00f7e159808c70ae2513f03b7be4 (diff) | |
Fix null-indirection in certextract expansion
Found-by: Roman Rybalko
| -rw-r--r-- | src/src/tls.c | 10 | ||||
| -rw-r--r-- | test/confs/5750 | 2 | ||||
| -rw-r--r-- | test/confs/5760 | 2 | ||||
| -rw-r--r-- | test/log/5750 | 4 | ||||
| -rw-r--r-- | test/log/5760 | 4 |
5 files changed, 18 insertions, 4 deletions
diff --git a/src/src/tls.c b/src/src/tls.c index 305eaa410..b3d088df3 100644 --- a/src/src/tls.c +++ b/src/src/tls.c @@ -246,7 +246,7 @@ NOTE: We modify the supplied dn string during operation. Arguments: dn Distinguished Name string - mod string containing optional list-sep and + mod list containing optional output list-sep and field selector match, comma-separated Return: allocated string with list of matching fields, @@ -267,13 +267,15 @@ while ((ele = string_nextinlist(&mod, &insep, NULL, 0))) if (ele[0] != '>') match = ele; /* field tag to match */ else if (ele[1]) - outsep = ele[1]; /* nondefault separator */ + outsep = ele[1]; /* nondefault output separator */ dn_to_list(dn); insep = ','; -len = Ustrlen(match); +len = match ? Ustrlen(match) : -1; while ((ele = string_nextinlist(&dn, &insep, NULL, 0))) - if (Ustrncmp(ele, match, len) == 0 && ele[len] == '=') + if ( !match + || Ustrncmp(ele, match, len) == 0 && ele[len] == '=' + ) list = string_append_listele(list, outsep, ele+len+1); return list; } diff --git a/test/confs/5750 b/test/confs/5750 index a0bce0282..364f73a90 100644 --- a/test/confs/5750 +++ b/test/confs/5750 @@ -58,6 +58,8 @@ ev_msg: accept logwrite = Peer cert: logwrite = ver <${certextract {version} {$tls_out_peercert}}> logwrite = SN <${certextract {subject} {$tls_out_peercert}}> + logwrite = SN; <${certextract {subject,>;} {$tls_out_peercert}}> + logwrite = SNCN<${certextract {subject,CN} {$tls_out_peercert}}> logwrite = IN <${certextract {issuer} {$tls_out_peercert}}> logwrite = NB <${certextract {notbefore} {$tls_out_peercert}}> logwrite = NA <${certextract {notafter} {$tls_out_peercert}}> diff --git a/test/confs/5760 b/test/confs/5760 index 3417a2d32..60f386ba4 100644 --- a/test/confs/5760 +++ b/test/confs/5760 @@ -58,6 +58,8 @@ ev_msg: accept logwrite = Peer cert: logwrite = ver <${certextract {version} {$tls_out_peercert}}> logwrite = SN <${certextract {subject} {$tls_out_peercert}}> + logwrite = SN; <${certextract {subject,>;} {$tls_out_peercert}}> + logwrite = SNO <${certextract {subject,O} {$tls_out_peercert}}> logwrite = IN <${certextract {issuer} {$tls_out_peercert}}> logwrite = NB <${certextract {notbefore} {$tls_out_peercert}}> logwrite = NA <${certextract {notafter} {$tls_out_peercert}}> diff --git a/test/log/5750 b/test/log/5750 index d08589257..774668ffb 100644 --- a/test/log/5750 +++ b/test/log/5750 @@ -8,6 +8,8 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 Peer cert: 1999-03-02 09:44:33 10HmaX-0005vi-00 ver <3> 1999-03-02 09:44:33 10HmaX-0005vi-00 SN <CN=server1.example.com> +1999-03-02 09:44:33 10HmaX-0005vi-00 SN; <CN=server1.example.com> +1999-03-02 09:44:33 10HmaX-0005vi-00 SNCN<server1.example.com> 1999-03-02 09:44:33 10HmaX-0005vi-00 IN <O=example.com,CN=clica Signing Cert> 1999-03-02 09:44:33 10HmaX-0005vi-00 NB <Nov 1 12:34:05 2012 GMT> 1999-03-02 09:44:33 10HmaX-0005vi-00 NA <Jan 1 12:34:05 2038 GMT> @@ -28,6 +30,8 @@ 1999-03-02 09:44:33 10HmaY-0005vi-00 Peer cert: 1999-03-02 09:44:33 10HmaY-0005vi-00 ver <3> 1999-03-02 09:44:33 10HmaY-0005vi-00 SN <CN=server1.example.com> +1999-03-02 09:44:33 10HmaY-0005vi-00 SN; <CN=server1.example.com> +1999-03-02 09:44:33 10HmaY-0005vi-00 SNCN<server1.example.com> 1999-03-02 09:44:33 10HmaY-0005vi-00 IN <O=example.com,CN=clica Signing Cert> 1999-03-02 09:44:33 10HmaY-0005vi-00 NB <Nov 1 12:34:05 2012 GMT> 1999-03-02 09:44:33 10HmaY-0005vi-00 NA <Jan 1 12:34:05 2038 GMT> diff --git a/test/log/5760 b/test/log/5760 index 37757791b..b3dba457b 100644 --- a/test/log/5760 +++ b/test/log/5760 @@ -8,6 +8,8 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 Peer cert: 1999-03-02 09:44:33 10HmaX-0005vi-00 ver <2> 1999-03-02 09:44:33 10HmaX-0005vi-00 SN <CN=clica CA,O=example.com> +1999-03-02 09:44:33 10HmaX-0005vi-00 SN; <CN=clica CA;O=example.com> +1999-03-02 09:44:33 10HmaX-0005vi-00 SNO <example.com> 1999-03-02 09:44:33 10HmaX-0005vi-00 IN <CN=clica CA,O=example.com> 1999-03-02 09:44:33 10HmaX-0005vi-00 NB <Nov 1 12:34:04 2012 +0000> 1999-03-02 09:44:33 10HmaX-0005vi-00 NA <Jan 1 12:34:04 2038 +0000> @@ -31,6 +33,8 @@ 1999-03-02 09:44:33 10HmaY-0005vi-00 Peer cert: 1999-03-02 09:44:33 10HmaY-0005vi-00 ver <2> 1999-03-02 09:44:33 10HmaY-0005vi-00 SN <CN=server1.example.com> +1999-03-02 09:44:33 10HmaY-0005vi-00 SN; <CN=server1.example.com> +1999-03-02 09:44:33 10HmaY-0005vi-00 SNO <> 1999-03-02 09:44:33 10HmaY-0005vi-00 IN <CN=clica Signing Cert,O=example.com> 1999-03-02 09:44:33 10HmaY-0005vi-00 NB <Nov 1 12:34:05 2012 +0000> 1999-03-02 09:44:33 10HmaY-0005vi-00 NA <Jan 1 12:34:05 2038 +0000> |