diff options
| author | william <william@25tandclement.com> | 2014-07-17 16:21:00 -0700 |
|---|---|---|
| committer | william <william@25tandclement.com> | 2014-07-17 16:21:00 -0700 |
| commit | b93223ff2e5a74f14431aa0fb09db55f0a96ecd9 (patch) | |
| tree | 42a9a2849493d2b58d70db0f12982d79f29d264e | |
| parent | 4d9f43266ae0e7669410df52762e6f5e879349ff (diff) | |
| download | luaossl-b93223ff2e5a74f14431aa0fb09db55f0a96ecd9.tar.gz luaossl-b93223ff2e5a74f14431aa0fb09db55f0a96ecd9.tar.bz2 luaossl-b93223ff2e5a74f14431aa0fb09db55f0a96ecd9.zip | |
in xe_new change casting to be more narrowly tailored; and replace malloc usage which failed to check for NULL with an automatic buffer
| -rw-r--r-- | src/openssl.c | 30 |
1 files changed, 17 insertions, 13 deletions
diff --git a/src/openssl.c b/src/openssl.c index 7bd9c61..0701642 100644 --- a/src/openssl.c +++ b/src/openssl.c | |||
| @@ -1829,15 +1829,15 @@ static int xe_new(lua_State *L) { | |||
| 1829 | 1829 | ||
| 1830 | X509_EXTENSION **ud = prepsimple(L, X509_EXT_CLASS); | 1830 | X509_EXTENSION **ud = prepsimple(L, X509_EXT_CLASS); |
| 1831 | 1831 | ||
| 1832 | char *name = (char *) luaL_checkstring(L, 1); | 1832 | const char *name = luaL_checkstring(L, 1); |
| 1833 | char *value = (char *) luaL_checkstring(L, 2); | 1833 | const char *value = luaL_checkstring(L, 2); |
| 1834 | 1834 | ||
| 1835 | CONF *conf = NULL; | 1835 | CONF *conf = NULL; |
| 1836 | X509V3_CTX *ctx = NULL; | 1836 | X509V3_CTX cbuf = { 0 }, *ctx = NULL; |
| 1837 | X509_EXTENSION *ext = NULL; | 1837 | X509_EXTENSION *ext = NULL; |
| 1838 | 1838 | ||
| 1839 | if (!lua_isnil(L, 3)) { | 1839 | if (!lua_isnil(L, 3)) { |
| 1840 | char *cdata = (char *) luaL_checkstring(L, 3); | 1840 | const char *cdata = luaL_checkstring(L, 3); |
| 1841 | BIO *bio = getbio(L); | 1841 | BIO *bio = getbio(L); |
| 1842 | if (BIO_puts(bio, cdata) < 0) | 1842 | if (BIO_puts(bio, cdata) < 0) |
| 1843 | goto error; | 1843 | goto error; |
| @@ -1847,23 +1847,27 @@ static int xe_new(lua_State *L) { | |||
| 1847 | if (!NCONF_load_bio(conf, bio, NULL)) | 1847 | if (!NCONF_load_bio(conf, bio, NULL)) |
| 1848 | goto error; | 1848 | goto error; |
| 1849 | 1849 | ||
| 1850 | ctx = (X509V3_CTX *) malloc(sizeof (X509V3_CTX)); | 1850 | ctx = &cbuf; |
| 1851 | X509V3_set_nconf(ctx, conf); | 1851 | X509V3_set_nconf(ctx, conf); |
| 1852 | } | 1852 | } |
| 1853 | 1853 | ||
| 1854 | if (!(*ud = X509V3_EXT_nconf(conf, ctx, name, value))) | 1854 | /* |
| 1855 | * NOTE: AFAICT neither name nor value are modified. The API just | ||
| 1856 | * doesn't have the proper const-qualifiers. See | ||
| 1857 | * crypto/x509v3/v3_conf.c in OpenSSL. | ||
| 1858 | * | ||
| 1859 | * Also seems to be okay to pass NULL conf. Both NCONF_get_section | ||
| 1860 | * and sk_CONF_VALUE_num can handle NULL arguments. See do_ext_nconf | ||
| 1861 | * in v3_conf.c. | ||
| 1862 | */ | ||
| 1863 | if (!(*ud = X509V3_EXT_nconf(conf, ctx, (char *)name, (char *)value))) | ||
| 1855 | goto error; | 1864 | goto error; |
| 1856 | 1865 | ||
| 1857 | if (conf) { | 1866 | if (conf) |
| 1858 | free(ctx); | ||
| 1859 | NCONF_free(conf); | 1867 | NCONF_free(conf); |
| 1860 | } | ||
| 1861 | 1868 | ||
| 1862 | return 1; | 1869 | return 1; |
| 1863 | 1870 | error: | |
| 1864 | error: | ||
| 1865 | if (ctx) | ||
| 1866 | free(ctx); | ||
| 1867 | if (conf) | 1871 | if (conf) |
| 1868 | NCONF_free(conf); | 1872 | NCONF_free(conf); |
| 1869 | 1873 | ||