From bfbad1dddf8b26ef0e14e48a36edc4a8bf1425e4 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Thu, 25 Dec 2014 13:30:12 +0000 Subject: [PATCH] Fix null-indirection in certextract expansion Found-by: Roman Rybalko --- src/src/tls.c | 10 ++++++---- test/confs/5750 | 2 ++ test/confs/5760 | 2 ++ test/log/5750 | 4 ++++ test/log/5760 | 4 ++++ 5 files changed, 18 insertions(+), 4 deletions(-) diff --git a/src/src/tls.c b/src/src/tls.c index 305eaa410..b3d088df3 100644 --- a/src/src/tls.c +++ b/src/src/tls.c @@ -246,7 +246,7 @@ NOTE: We modify the supplied dn string during operation. Arguments: dn Distinguished Name string - mod string containing optional list-sep and + mod list containing optional output list-sep and field selector match, comma-separated Return: allocated string with list of matching fields, @@ -267,13 +267,15 @@ while ((ele = string_nextinlist(&mod, &insep, NULL, 0))) if (ele[0] != '>') match = ele; /* field tag to match */ else if (ele[1]) - outsep = ele[1]; /* nondefault separator */ + outsep = ele[1]; /* nondefault output separator */ dn_to_list(dn); insep = ','; -len = Ustrlen(match); +len = match ? Ustrlen(match) : -1; while ((ele = string_nextinlist(&dn, &insep, NULL, 0))) - if (Ustrncmp(ele, match, len) == 0 && ele[len] == '=') + if ( !match + || Ustrncmp(ele, match, len) == 0 && ele[len] == '=' + ) list = string_append_listele(list, outsep, ele+len+1); return list; } diff --git a/test/confs/5750 b/test/confs/5750 index a0bce0282..364f73a90 100644 --- a/test/confs/5750 +++ b/test/confs/5750 @@ -58,6 +58,8 @@ ev_msg: accept logwrite = Peer cert: logwrite = ver <${certextract {version} {$tls_out_peercert}}> logwrite = SN <${certextract {subject} {$tls_out_peercert}}> + logwrite = SN; <${certextract {subject,>;} {$tls_out_peercert}}> + logwrite = SNCN<${certextract {subject,CN} {$tls_out_peercert}}> logwrite = IN <${certextract {issuer} {$tls_out_peercert}}> logwrite = NB <${certextract {notbefore} {$tls_out_peercert}}> logwrite = NA <${certextract {notafter} {$tls_out_peercert}}> diff --git a/test/confs/5760 b/test/confs/5760 index 3417a2d32..60f386ba4 100644 --- a/test/confs/5760 +++ b/test/confs/5760 @@ -58,6 +58,8 @@ ev_msg: accept logwrite = Peer cert: logwrite = ver <${certextract {version} {$tls_out_peercert}}> logwrite = SN <${certextract {subject} {$tls_out_peercert}}> + logwrite = SN; <${certextract {subject,>;} {$tls_out_peercert}}> + logwrite = SNO <${certextract {subject,O} {$tls_out_peercert}}> logwrite = IN <${certextract {issuer} {$tls_out_peercert}}> logwrite = NB <${certextract {notbefore} {$tls_out_peercert}}> logwrite = NA <${certextract {notafter} {$tls_out_peercert}}> diff --git a/test/log/5750 b/test/log/5750 index d08589257..774668ffb 100644 --- a/test/log/5750 +++ b/test/log/5750 @@ -8,6 +8,8 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 Peer cert: 1999-03-02 09:44:33 10HmaX-0005vi-00 ver <3> 1999-03-02 09:44:33 10HmaX-0005vi-00 SN +1999-03-02 09:44:33 10HmaX-0005vi-00 SN; +1999-03-02 09:44:33 10HmaX-0005vi-00 SNCN 1999-03-02 09:44:33 10HmaX-0005vi-00 IN 1999-03-02 09:44:33 10HmaX-0005vi-00 NB 1999-03-02 09:44:33 10HmaX-0005vi-00 NA @@ -28,6 +30,8 @@ 1999-03-02 09:44:33 10HmaY-0005vi-00 Peer cert: 1999-03-02 09:44:33 10HmaY-0005vi-00 ver <3> 1999-03-02 09:44:33 10HmaY-0005vi-00 SN +1999-03-02 09:44:33 10HmaY-0005vi-00 SN; +1999-03-02 09:44:33 10HmaY-0005vi-00 SNCN 1999-03-02 09:44:33 10HmaY-0005vi-00 IN 1999-03-02 09:44:33 10HmaY-0005vi-00 NB 1999-03-02 09:44:33 10HmaY-0005vi-00 NA diff --git a/test/log/5760 b/test/log/5760 index 37757791b..b3dba457b 100644 --- a/test/log/5760 +++ b/test/log/5760 @@ -8,6 +8,8 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 Peer cert: 1999-03-02 09:44:33 10HmaX-0005vi-00 ver <2> 1999-03-02 09:44:33 10HmaX-0005vi-00 SN +1999-03-02 09:44:33 10HmaX-0005vi-00 SN; +1999-03-02 09:44:33 10HmaX-0005vi-00 SNO 1999-03-02 09:44:33 10HmaX-0005vi-00 IN 1999-03-02 09:44:33 10HmaX-0005vi-00 NB 1999-03-02 09:44:33 10HmaX-0005vi-00 NA @@ -31,6 +33,8 @@ 1999-03-02 09:44:33 10HmaY-0005vi-00 Peer cert: 1999-03-02 09:44:33 10HmaY-0005vi-00 ver <2> 1999-03-02 09:44:33 10HmaY-0005vi-00 SN +1999-03-02 09:44:33 10HmaY-0005vi-00 SN; +1999-03-02 09:44:33 10HmaY-0005vi-00 SNO <> 1999-03-02 09:44:33 10HmaY-0005vi-00 IN 1999-03-02 09:44:33 10HmaY-0005vi-00 NB 1999-03-02 09:44:33 10HmaY-0005vi-00 NA -- 2.30.2