Fix crash in ocsp_url extract

[exim.git] / src / src / tls.c

diff --git a/src/src/tls.c b/src/src/tls.c
index b5ef965951ff3634471f7777438ebf2052877481..11823795ce9ccd13b3cdda9b644cf41706082805 100644 (file)
--- a/src/src/tls.c
+++ b/src/src/tls.c
@@ -80,6 +80,28 @@ return TRUE;
 }
 
 
+/*************************************************
+*        Timezone environment flipping           *
+*************************************************/
+
+static uschar *
+to_tz(uschar * tz)
+{
+  uschar * old = US getenv("TZ");
+  setenv("TZ", CS tz, 1);
+  tzset(); 
+  return old;
+}
+static void
+restore_tz(uschar * tz)
+{
+  if (tz)
+    setenv("TZ", CS tz, 1);
+  else
+    unsetenv("TZ");
+  tzset(); 
+}
+
 /*************************************************
 *        Many functions are package-specific     *
 *************************************************/
@@ -196,6 +218,8 @@ modify_variable(US"tls_sni",                  &dest_tsp->sni);
 #endif
 }
 
+
+#ifdef SUPPORT_TLS
 /************************************************
 *      TLS certificate name operations         *
 ************************************************/
@@ -222,7 +246,7 @@ NOTE: We modify the supplied dn string during operation.
 
 Arguments:
        dn      Distinguished Name string
-       mod     string containing optional list-sep and
+       mod     list containing optional output list-sep and
                field selector match, comma-separated
 Return:
        allocated string with list of matching fields,
@@ -239,23 +263,24 @@ uschar * match = NULL;
 int len;
 uschar * list = NULL;
 
-while (ele = string_nextinlist(&mod, &insep, NULL, 0))
+while ((ele = string_nextinlist(&mod, &insep, NULL, 0)))
   if (ele[0] != '>')
     match = ele;       /* field tag to match */
   else if (ele[1])
-    outsep = ele[1];   /* nondefault separator */
+    outsep = ele[1];   /* nondefault output separator */
 
 dn_to_list(dn);
 insep = ',';
-len = Ustrlen(match);
-while (ele = string_nextinlist(&dn, &insep, NULL, 0))
-  if (Ustrncmp(ele, match, len) == 0 && ele[len] == '=')
+len = match ? Ustrlen(match) : -1;
+while ((ele = string_nextinlist(&dn, &insep, NULL, 0)))
+  if (  !match
+     || Ustrncmp(ele, match, len) == 0 && ele[len] == '='
+     )
     list = string_append_listele(list, outsep, ele+len+1);
 return list;
 }
 
 
-#ifdef EXPERIMENTAL_CERTNAMES
 /* Compare a domain name with a possibly-wildcarded name. Wildcards
 are restricted to a single one, as the first element of patterns
 having at least three dot-separated elements.  Case-independent.
@@ -299,10 +324,10 @@ uschar * cmpname;
 if ((altnames = tls_cert_subject_altname(cert, US"dns")))
   {
   int alt_sep = '\n';
-  while (cmpname = string_nextinlist(&namelist, &cmp_sep, NULL, 0))
+  while ((cmpname = string_nextinlist(&namelist, &cmp_sep, NULL, 0)))
     {
     uschar * an = altnames;
-    while (certname = string_nextinlist(&an, &alt_sep, NULL, 0))
+    while ((certname = string_nextinlist(&an, &alt_sep, NULL, 0)))
       if (is_name_match(cmpname, certname))
        return TRUE;
     }
@@ -311,13 +336,12 @@ if ((altnames = tls_cert_subject_altname(cert, US"dns")))
 else if ((subjdn = tls_cert_subject(cert, NULL)))
   {
   int sn_sep = ',';
-  uschar * sn;
 
   dn_to_list(subjdn);
-  while (cmpname = string_nextinlist(&namelist, &cmp_sep, NULL, 0))
+  while ((cmpname = string_nextinlist(&namelist, &cmp_sep, NULL, 0)))
     {
     uschar * sn = subjdn;
-    while (certname = string_nextinlist(&sn, &sn_sep, NULL, 0))
+    while ((certname = string_nextinlist(&sn, &sn_sep, NULL, 0)))
       if (  *certname++ == 'C'
         && *certname++ == 'N'
         && *certname++ == '='
@@ -328,7 +352,7 @@ else if ((subjdn = tls_cert_subject(cert, NULL)))
   }
 return FALSE;
 }
-#endif
+#endif /*SUPPORT_TLS*/
 
 /* vi: aw ai sw=2
 */