diff options
author | Attila Molnar <attilamolnar@hush.com> | 2014-07-22 20:05:10 +0200 |
---|---|---|
committer | Attila Molnar <attilamolnar@hush.com> | 2014-07-24 14:05:50 +0200 |
commit | de78843144d40b991cefc652532c03dd8c56e5cc (patch) | |
tree | 3e354a2f0fabf496b67746a9f354a9f3e0f53052 /src | |
parent | cb24e182f85cb09557a980c674b45b3273d68a68 (diff) |
Make sure the DN strings obtained from the SSL mods are always valid
Diffstat (limited to 'src')
-rw-r--r-- | src/modules/extra/m_ssl_gnutls.cpp | 20 | ||||
-rw-r--r-- | src/modules/extra/m_ssl_openssl.cpp | 6 |
2 files changed, 22 insertions, 4 deletions
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 03673d7a0..6a6a7923a 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -880,11 +880,23 @@ class ModuleSSLGnuTLS : public Module goto info_done_dealloc; } - gnutls_x509_crt_get_dn(cert, name, &name_size); - certinfo->dn = name; + if (gnutls_x509_crt_get_dn(cert, name, &name_size) == 0) + { + std::string& dn = certinfo->dn; + dn = name; + // Make sure there are no chars in the string that we consider invalid + if (dn.find_first_of("\r\n") != std::string::npos) + dn.clear(); + } - gnutls_x509_crt_get_issuer_dn(cert, name, &name_size); - certinfo->issuer = name; + name_size = sizeof(name); + if (gnutls_x509_crt_get_issuer_dn(cert, name, &name_size) == 0) + { + std::string& issuer = certinfo->issuer; + issuer = name; + if (issuer.find_first_of("\r\n") != std::string::npos) + issuer.clear(); + } if ((ret = gnutls_x509_crt_get_fingerprint(cert, hash, digest, &digest_size)) < 0) { diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 60c90988a..33f848798 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -639,8 +639,14 @@ class ModuleSSLOpenSSL : public Module char buf[512]; X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf)); certinfo->dn = buf; + // Make sure there are no chars in the string that we consider invalid + if (certinfo->dn.find_first_of("\r\n") != std::string::npos) + certinfo->dn.clear(); + X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf)); certinfo->issuer = buf; + if (certinfo->issuer.find_first_of("\r\n") != std::string::npos) + certinfo->issuer.clear(); if (!X509_digest(cert, digest, md, &n)) { |