Fix crash in ocsp_url extract

diff --git a/src/src/functions.h b/src/src/functions.h
index 2e18fd96364545c544f4d9498d50b87b4827f190..9d0ca190ce6294cc8cbc0c876b8c81abac6d28a6 100644 (file)
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -391,6 +391,7 @@ extern int     stdin_ferror(void);
 extern int     stdin_ungetc(int);
 extern uschar *string_append(uschar *, int *, int *, int, ...);
 extern uschar *string_append_listele(uschar *, uschar, const uschar *);
+extern uschar *string_append_listele_n(uschar *, uschar, const uschar *, unsigned);
 extern uschar *string_base62(unsigned long int);
 extern uschar *string_cat(uschar *, int *, int *, const uschar *, int);
 extern uschar *string_copy_dnsdomain(uschar *);

diff --git a/src/src/string.c b/src/src/string.c
index 71c7f6f8e86188692f5da6a45620fa62607238cb..f4e44cabb6023d30ec3f2d9ac0f7d247d4270552 100644 (file)
--- a/src/src/string.c
+++ b/src/src/string.c
@@ -1008,6 +1008,46 @@ new = string_cat(new, &sz, &off, ele, Ustrlen(ele));
 new[off] = '\0';
 return new;
 }
+
+
+static const uschar *
+Ustrnchr(const uschar * s, int c, unsigned * len)
+{
+while (*len)
+  {
+  if (!*s) return NULL;
+  if (*s == c) return s;
+  s++;
+  *len--;
+  }
+return NULL;
+}
+
+uschar *
+string_append_listele_n(uschar * list, uschar sep, const uschar * ele,
+  unsigned len)
+{
+uschar * new = NULL;
+int sz = 0, off = 0;
+const uschar * sp;
+
+if (list)
+  {
+  new = string_cat(new, &sz, &off, list, Ustrlen(list));
+  new = string_cat(new, &sz, &off, &sep, 1);
+  }
+
+while((sp = Ustrnchr(ele, sep, &len)))
+  {
+  new = string_cat(new, &sz, &off, ele, sp-ele+1);
+  new = string_cat(new, &sz, &off, &sep, 1);
+  ele = sp+1;
+  len--;
+  }
+new = string_cat(new, &sz, &off, ele, len);
+new[off] = '\0';
+return new;
+}
 #endif  /* COMPILE_UTILITY */
 
 

diff --git a/src/src/tlscert-openssl.c b/src/src/tlscert-openssl.c
index de6979a18b85b5b60acd8c3dde5ac72ecd37c9c8..b100e222bc4eaaaef700bebde9072ffe52a9098a 100644 (file)
--- a/src/src/tlscert-openssl.c
+++ b/src/src/tlscert-openssl.c
@@ -406,9 +406,13 @@ for (i = 0; i < adsnum; i++)
   ACCESS_DESCRIPTION * ad = sk_ACCESS_DESCRIPTION_value(ads, i);
 
   if (ad && OBJ_obj2nid(ad->method) == NID_ad_OCSP)
-    list = string_append_listele(list, sep,
-             ASN1_STRING_data(ad->location->d.ia5));
+    {
+    uschar * ele = ASN1_STRING_data(ad->location->d.ia5);
+    int len =  ASN1_STRING_length(ad->location->d.ia5);
+    list = string_append_listele_n(list, sep, ele, len);
+    }
   }
+sk_ACCESS_DESCRIPTION_free(ads);
 return list;
 }
 
@@ -439,9 +443,13 @@ if (dps) for (i = 0; i < dpsnum; i++)
       if (  (np = sk_GENERAL_NAME_value(names, j))
         && np->type == GEN_URI
         )
-       list = string_append_listele(list, sep,
-               ASN1_STRING_data(np->d.uniformResourceIdentifier));
+       {
+       uschar * ele = ASN1_STRING_data(np->d.uniformResourceIdentifier);
+       int len =  ASN1_STRING_length(np->d.uniformResourceIdentifier);
+       list = string_append_listele_n(list, sep, ele, len);
+       }
     }
+sk_DIST_POINT_free(dps);
 return list;
 }