Fix null-indirection in certextract expansion

Found-by: Roman Rybalko

diff --git a/src/src/tls.c b/src/src/tls.c
index 305eaa410c9b7e91901012b380b2f532dce2ac9b..b3d088df3479fd691b63ba762c2be8ff6a6e93be 100644 (file)
--- a/src/src/tls.c
+++ b/src/src/tls.c
@@ -246,7 +246,7 @@ NOTE: We modify the supplied dn string during operation.
 
 Arguments:
        dn      Distinguished Name string
 
 Arguments:
        dn      Distinguished Name string

-       mod     string containing optional list-sep and
+       mod     list containing optional output list-sep and

                field selector match, comma-separated
 Return:
        allocated string with list of matching fields,
                field selector match, comma-separated
 Return:
        allocated string with list of matching fields,


@@ -267,13 +267,15 @@ while ((ele = string_nextinlist(&mod, &insep, NULL, 0)))
   if (ele[0] != '>')
     match = ele;       /* field tag to match */
   else if (ele[1])
   if (ele[0] != '>')
     match = ele;       /* field tag to match */
   else if (ele[1])

-    outsep = ele[1];   /* nondefault separator */
+    outsep = ele[1];   /* nondefault output separator */

 
 dn_to_list(dn);
 insep = ',';
 
 dn_to_list(dn);
 insep = ',';

-len = Ustrlen(match);
+len = match ? Ustrlen(match) : -1;

 while ((ele = string_nextinlist(&dn, &insep, NULL, 0)))
 while ((ele = string_nextinlist(&dn, &insep, NULL, 0)))

-  if (Ustrncmp(ele, match, len) == 0 && ele[len] == '=')
+  if (  !match
+     || Ustrncmp(ele, match, len) == 0 && ele[len] == '='
+     )

     list = string_append_listele(list, outsep, ele+len+1);
 return list;
 }
     list = string_append_listele(list, outsep, ele+len+1);
 return list;
 }

diff --git a/test/confs/5750 b/test/confs/5750
index a0bce0282bd8346992066104b0c6ec70047f16ec..364f73a90ce830b6590b6137cce747691965d53d 100644 (file)
--- a/test/confs/5750
+++ b/test/confs/5750
@@ -58,6 +58,8 @@ ev_msg:
   accept logwrite = Peer cert:
         logwrite =  ver <${certextract {version}       {$tls_out_peercert}}>
         logwrite =  SN  <${certextract {subject}       {$tls_out_peercert}}>
   accept logwrite = Peer cert:
         logwrite =  ver <${certextract {version}       {$tls_out_peercert}}>
         logwrite =  SN  <${certextract {subject}       {$tls_out_peercert}}>

+        logwrite =  SN; <${certextract {subject,>;}    {$tls_out_peercert}}>
+        logwrite =  SNCN<${certextract {subject,CN}    {$tls_out_peercert}}>

          logwrite =  IN  <${certextract {issuer}       {$tls_out_peercert}}>
          logwrite =  NB  <${certextract {notbefore}    {$tls_out_peercert}}>
          logwrite =  NA  <${certextract {notafter}     {$tls_out_peercert}}>
          logwrite =  IN  <${certextract {issuer}       {$tls_out_peercert}}>
          logwrite =  NB  <${certextract {notbefore}    {$tls_out_peercert}}>
          logwrite =  NA  <${certextract {notafter}     {$tls_out_peercert}}>

diff --git a/test/confs/5760 b/test/confs/5760
index 3417a2d3285f476b9122065ccf31b8de84fa2d4d..60f386ba41b47330586ab1586a7e470b708933a9 100644 (file)
--- a/test/confs/5760
+++ b/test/confs/5760
@@ -58,6 +58,8 @@ ev_msg:
   accept logwrite = Peer cert:
         logwrite =  ver <${certextract {version}       {$tls_out_peercert}}>
         logwrite =  SN  <${certextract {subject}       {$tls_out_peercert}}>
   accept logwrite = Peer cert:
         logwrite =  ver <${certextract {version}       {$tls_out_peercert}}>
         logwrite =  SN  <${certextract {subject}       {$tls_out_peercert}}>

+        logwrite =  SN; <${certextract {subject,>;}    {$tls_out_peercert}}>
+        logwrite =  SNO <${certextract {subject,O}     {$tls_out_peercert}}>

          logwrite =  IN  <${certextract {issuer}       {$tls_out_peercert}}>
          logwrite =  NB  <${certextract {notbefore}    {$tls_out_peercert}}>
          logwrite =  NA  <${certextract {notafter}     {$tls_out_peercert}}>
          logwrite =  IN  <${certextract {issuer}       {$tls_out_peercert}}>
          logwrite =  NB  <${certextract {notbefore}    {$tls_out_peercert}}>
          logwrite =  NA  <${certextract {notafter}     {$tls_out_peercert}}>

diff --git a/test/log/5750 b/test/log/5750
index d08589257a007a689d4a171e26ec8d2dc0676ce1..774668ffbb248f9a111bb8ea0ba5ba92dc6c5e12 100644 (file)
--- a/test/log/5750
+++ b/test/log/5750
@@ -8,6 +8,8 @@
 1999-03-02 09:44:33 10HmaX-0005vi-00 Peer cert:
 1999-03-02 09:44:33 10HmaX-0005vi-00 ver <3>
 1999-03-02 09:44:33 10HmaX-0005vi-00 SN  <CN=server1.example.com>
 1999-03-02 09:44:33 10HmaX-0005vi-00 Peer cert:
 1999-03-02 09:44:33 10HmaX-0005vi-00 ver <3>
 1999-03-02 09:44:33 10HmaX-0005vi-00 SN  <CN=server1.example.com>

+1999-03-02 09:44:33 10HmaX-0005vi-00 SN; <CN=server1.example.com>
+1999-03-02 09:44:33 10HmaX-0005vi-00 SNCN<server1.example.com>

 1999-03-02 09:44:33 10HmaX-0005vi-00 IN  <O=example.com,CN=clica Signing Cert>
 1999-03-02 09:44:33 10HmaX-0005vi-00 NB  <Nov  1 12:34:05 2012 GMT>
 1999-03-02 09:44:33 10HmaX-0005vi-00 NA  <Jan  1 12:34:05 2038 GMT>
 1999-03-02 09:44:33 10HmaX-0005vi-00 IN  <O=example.com,CN=clica Signing Cert>
 1999-03-02 09:44:33 10HmaX-0005vi-00 NB  <Nov  1 12:34:05 2012 GMT>
 1999-03-02 09:44:33 10HmaX-0005vi-00 NA  <Jan  1 12:34:05 2038 GMT>


@@ -28,6 +30,8 @@
 1999-03-02 09:44:33 10HmaY-0005vi-00 Peer cert:
 1999-03-02 09:44:33 10HmaY-0005vi-00 ver <3>
 1999-03-02 09:44:33 10HmaY-0005vi-00 SN  <CN=server1.example.com>
 1999-03-02 09:44:33 10HmaY-0005vi-00 Peer cert:
 1999-03-02 09:44:33 10HmaY-0005vi-00 ver <3>
 1999-03-02 09:44:33 10HmaY-0005vi-00 SN  <CN=server1.example.com>

+1999-03-02 09:44:33 10HmaY-0005vi-00 SN; <CN=server1.example.com>
+1999-03-02 09:44:33 10HmaY-0005vi-00 SNCN<server1.example.com>

 1999-03-02 09:44:33 10HmaY-0005vi-00 IN  <O=example.com,CN=clica Signing Cert>
 1999-03-02 09:44:33 10HmaY-0005vi-00 NB  <Nov  1 12:34:05 2012 GMT>
 1999-03-02 09:44:33 10HmaY-0005vi-00 NA  <Jan  1 12:34:05 2038 GMT>
 1999-03-02 09:44:33 10HmaY-0005vi-00 IN  <O=example.com,CN=clica Signing Cert>
 1999-03-02 09:44:33 10HmaY-0005vi-00 NB  <Nov  1 12:34:05 2012 GMT>
 1999-03-02 09:44:33 10HmaY-0005vi-00 NA  <Jan  1 12:34:05 2038 GMT>

diff --git a/test/log/5760 b/test/log/5760
index 37757791b056401607f52c8dc9404b8bfeb8e202..b3dba457ba15c8a734faa26824fadf71a1e6511e 100644 (file)
--- a/test/log/5760
+++ b/test/log/5760
@@ -8,6 +8,8 @@
 1999-03-02 09:44:33 10HmaX-0005vi-00 Peer cert:
 1999-03-02 09:44:33 10HmaX-0005vi-00 ver <2>
 1999-03-02 09:44:33 10HmaX-0005vi-00 SN  <CN=clica CA,O=example.com>
 1999-03-02 09:44:33 10HmaX-0005vi-00 Peer cert:
 1999-03-02 09:44:33 10HmaX-0005vi-00 ver <2>
 1999-03-02 09:44:33 10HmaX-0005vi-00 SN  <CN=clica CA,O=example.com>

+1999-03-02 09:44:33 10HmaX-0005vi-00 SN; <CN=clica CA;O=example.com>
+1999-03-02 09:44:33 10HmaX-0005vi-00 SNO <example.com>

 1999-03-02 09:44:33 10HmaX-0005vi-00 IN  <CN=clica CA,O=example.com>
 1999-03-02 09:44:33 10HmaX-0005vi-00 NB  <Nov  1 12:34:04 2012 +0000>
 1999-03-02 09:44:33 10HmaX-0005vi-00 NA  <Jan  1 12:34:04 2038 +0000>
 1999-03-02 09:44:33 10HmaX-0005vi-00 IN  <CN=clica CA,O=example.com>
 1999-03-02 09:44:33 10HmaX-0005vi-00 NB  <Nov  1 12:34:04 2012 +0000>
 1999-03-02 09:44:33 10HmaX-0005vi-00 NA  <Jan  1 12:34:04 2038 +0000>


@@ -31,6 +33,8 @@
 1999-03-02 09:44:33 10HmaY-0005vi-00 Peer cert:
 1999-03-02 09:44:33 10HmaY-0005vi-00 ver <2>
 1999-03-02 09:44:33 10HmaY-0005vi-00 SN  <CN=server1.example.com>
 1999-03-02 09:44:33 10HmaY-0005vi-00 Peer cert:
 1999-03-02 09:44:33 10HmaY-0005vi-00 ver <2>
 1999-03-02 09:44:33 10HmaY-0005vi-00 SN  <CN=server1.example.com>

+1999-03-02 09:44:33 10HmaY-0005vi-00 SN; <CN=server1.example.com>
+1999-03-02 09:44:33 10HmaY-0005vi-00 SNO <>

 1999-03-02 09:44:33 10HmaY-0005vi-00 IN  <CN=clica Signing Cert,O=example.com>
 1999-03-02 09:44:33 10HmaY-0005vi-00 NB  <Nov  1 12:34:05 2012 +0000>
 1999-03-02 09:44:33 10HmaY-0005vi-00 NA  <Jan  1 12:34:05 2038 +0000>
 1999-03-02 09:44:33 10HmaY-0005vi-00 IN  <CN=clica Signing Cert,O=example.com>
 1999-03-02 09:44:33 10HmaY-0005vi-00 NB  <Nov  1 12:34:05 2012 +0000>
 1999-03-02 09:44:33 10HmaY-0005vi-00 NA  <Jan  1 12:34:05 2038 +0000>