From de78843144d40b991cefc652532c03dd8c56e5cc Mon Sep 17 00:00:00 2001
From: Attila Molnar <attilamolnar@hush.com>
Date: Tue, 22 Jul 2014 20:05:10 +0200
Subject: [PATCH] Make sure the DN strings obtained from the SSL mods are
 always valid

---
 src/modules/extra/m_ssl_gnutls.cpp  | 20 ++++++++++++++++----
 src/modules/extra/m_ssl_openssl.cpp |  6 ++++++
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index 03673d7a0..6a6a7923a 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -880,11 +880,23 @@ class ModuleSSLGnuTLS : public Module
 			goto info_done_dealloc;
 		}
 
-		gnutls_x509_crt_get_dn(cert, name, &name_size);
-		certinfo->dn = name;
+		if (gnutls_x509_crt_get_dn(cert, name, &name_size) == 0)
+		{
+			std::string& dn = certinfo->dn;
+			dn = name;
+			// Make sure there are no chars in the string that we consider invalid
+			if (dn.find_first_of("\r\n") != std::string::npos)
+				dn.clear();
+		}
 
-		gnutls_x509_crt_get_issuer_dn(cert, name, &name_size);
-		certinfo->issuer = name;
+		name_size = sizeof(name);
+		if (gnutls_x509_crt_get_issuer_dn(cert, name, &name_size) == 0)
+		{
+			std::string& issuer = certinfo->issuer;
+			issuer = name;
+			if (issuer.find_first_of("\r\n") != std::string::npos)
+				issuer.clear();
+		}
 
 		if ((ret = gnutls_x509_crt_get_fingerprint(cert, hash, digest, &digest_size)) < 0)
 		{
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 60c90988a..33f848798 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -639,8 +639,14 @@ class ModuleSSLOpenSSL : public Module
 		char buf[512];
 		X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf));
 		certinfo->dn = buf;
+		// Make sure there are no chars in the string that we consider invalid
+		if (certinfo->dn.find_first_of("\r\n") != std::string::npos)
+			certinfo->dn.clear();
+
 		X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf));
 		certinfo->issuer = buf;
+		if (certinfo->issuer.find_first_of("\r\n") != std::string::npos)
+			certinfo->issuer.clear();
 
 		if (!X509_digest(cert, digest, md, &n))
 		{
-- 
2.39.5