]> git.netwichtig.de Git - user/henk/code/inspircd.git/commitdiff
projects / user / henk / code / inspircd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: cb24e18)
Make sure the DN strings obtained from the SSL mods are always valid
authorAttila Molnar <attilamolnar@hush.com>
Tue, 22 Jul 2014 18:05:10 +0000 (20:05 +0200)
committerAttila Molnar <attilamolnar@hush.com>
Thu, 24 Jul 2014 12:05:50 +0000 (14:05 +0200)
src/modules/extra/m_ssl_gnutls.cpp patch | blob | history
src/modules/extra/m_ssl_openssl.cpp patch | blob | history

diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index 03673d7a06a4363aad55ca4ea5beb85644d20088..6a6a7923ad8e4ca6c4988759ffe5ba66aa140e8c 100644 (file)
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -880,11 +880,23 @@ class ModuleSSLGnuTLS : public Module
                        goto info_done_dealloc;
                }
 
-               gnutls_x509_crt_get_dn(cert, name, &name_size);
-               certinfo->dn = name;
+               if (gnutls_x509_crt_get_dn(cert, name, &name_size) == 0)
+               {
+                       std::string& dn = certinfo->dn;
+                       dn = name;
+                       // Make sure there are no chars in the string that we consider invalid
+                       if (dn.find_first_of("\r\n") != std::string::npos)
+                               dn.clear();
+               }
 
-               gnutls_x509_crt_get_issuer_dn(cert, name, &name_size);
-               certinfo->issuer = name;
+               name_size = sizeof(name);
+               if (gnutls_x509_crt_get_issuer_dn(cert, name, &name_size) == 0)
+               {
+                       std::string& issuer = certinfo->issuer;
+                       issuer = name;
+                       if (issuer.find_first_of("\r\n") != std::string::npos)
+                               issuer.clear();
+               }
 
                if ((ret = gnutls_x509_crt_get_fingerprint(cert, hash, digest, &digest_size)) < 0)
                {
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 60c90988a7aed04b4d87e67795f1d6e341b2f6dc..33f848798cddae98e9b782c69d5ff5f23da014d8 100644 (file)
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -639,8 +639,14 @@ class ModuleSSLOpenSSL : public Module
                char buf[512];
                X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf));
                certinfo->dn = buf;
+               // Make sure there are no chars in the string that we consider invalid
+               if (certinfo->dn.find_first_of("\r\n") != std::string::npos)
+                       certinfo->dn.clear();
+
                X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf));
                certinfo->issuer = buf;
+               if (certinfo->issuer.find_first_of("\r\n") != std::string::npos)
+                       certinfo->issuer.clear();
 
                if (!X509_digest(cert, digest, md, &n))
                {