moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00
Code Issues Releases Wiki Activity

darwinssl: handle long strings in TLS certs (follow-up)

Browse Source 
- Fix handling certificate subjects that are already UTF-8 encoded.

Follow-up to b3b75d1 from two days ago. Since then a copy would be
skipped if the subject was already UTF-8, possibly resulting in a NULL
deref later on.

Ref: https://github.com/curl/curl/issues/1823
Ref: https://github.com/curl/curl/pull/1831

Closes https://github.com/curl/curl/pull/1836
This commit is contained in:
Jay Satiro 2017-08-27 23:37:02 -04:00
parent 410bf6b7b1
commit aa2ea66cda
1 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
lib/vtls/darwinssl.c
View File

@ -910,11 +910,26 @@ static CURLcode CopyCertSubject(struct Curl_easy *data,
{ {
CFStringRef c = getsubject(cert); CFStringRef c = getsubject(cert);
CURLcode result = CURLE_OK; CURLcode result = CURLE_OK;
const char *direct;
char *cbuf = NULL; char *cbuf = NULL;
*certp = NULL; *certp = NULL;
/* If subject is not UTF-8 then check if it can be converted */ if(!c) {
if(!CFStringGetCStringPtr(c, kCFStringEncodingUTF8)) { failf(data, "SSL: invalid CA certificate subject");
return CURLE_OUT_OF_MEMORY;
}
/* If the subject is already available as UTF-8 encoded (ie 'direct') then
use that, else convert it. */
direct = CFStringGetCStringPtr(c, kCFStringEncodingUTF8);
if(direct) {
*certp = strdup(direct);
if(!*certp) {
failf(data, "SSL: out of memory");
result = CURLE_OUT_OF_MEMORY;
}
}
else {
size_t cbuf_size = ((size_t)CFStringGetLength(c) * 4) + 1; size_t cbuf_size = ((size_t)CFStringGetLength(c) * 4) + 1;
cbuf = calloc(cbuf_size, 1); cbuf = calloc(cbuf_size, 1);
if(cbuf) { if(cbuf) {