summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorAttila Molnar <attilamolnar@hush.com>2014-07-22 20:05:10 +0200
committerAttila Molnar <attilamolnar@hush.com>2014-07-24 14:05:50 +0200
commitde78843144d40b991cefc652532c03dd8c56e5cc (patch)
tree3e354a2f0fabf496b67746a9f354a9f3e0f53052 /src
parentcb24e182f85cb09557a980c674b45b3273d68a68 (diff)
Make sure the DN strings obtained from the SSL mods are always valid
Diffstat (limited to 'src')
-rw-r--r--src/modules/extra/m_ssl_gnutls.cpp20
-rw-r--r--src/modules/extra/m_ssl_openssl.cpp6
2 files changed, 22 insertions, 4 deletions
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index 03673d7a0..6a6a7923a 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -880,11 +880,23 @@ class ModuleSSLGnuTLS : public Module
goto info_done_dealloc;
}
- gnutls_x509_crt_get_dn(cert, name, &name_size);
- certinfo->dn = name;
+ if (gnutls_x509_crt_get_dn(cert, name, &name_size) == 0)
+ {
+ std::string& dn = certinfo->dn;
+ dn = name;
+ // Make sure there are no chars in the string that we consider invalid
+ if (dn.find_first_of("\r\n") != std::string::npos)
+ dn.clear();
+ }
- gnutls_x509_crt_get_issuer_dn(cert, name, &name_size);
- certinfo->issuer = name;
+ name_size = sizeof(name);
+ if (gnutls_x509_crt_get_issuer_dn(cert, name, &name_size) == 0)
+ {
+ std::string& issuer = certinfo->issuer;
+ issuer = name;
+ if (issuer.find_first_of("\r\n") != std::string::npos)
+ issuer.clear();
+ }
if ((ret = gnutls_x509_crt_get_fingerprint(cert, hash, digest, &digest_size)) < 0)
{
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 60c90988a..33f848798 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -639,8 +639,14 @@ class ModuleSSLOpenSSL : public Module
char buf[512];
X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf));
certinfo->dn = buf;
+ // Make sure there are no chars in the string that we consider invalid
+ if (certinfo->dn.find_first_of("\r\n") != std::string::npos)
+ certinfo->dn.clear();
+
X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf));
certinfo->issuer = buf;
+ if (certinfo->issuer.find_first_of("\r\n") != std::string::npos)
+ certinfo->issuer.clear();
if (!X509_digest(cert, digest, md, &n))
{