summaryrefslogtreecommitdiff
path: root/src/lib/libc
diff options
context:
space:
mode:
authorbeck <>2016-12-21 18:13:59 +0000
committerbeck <>2016-12-21 18:13:59 +0000
commitd1989697283bac892dc967b0acd2633dcdb26c51 (patch)
treecf7e4fec41a18a2d93a5f30e387c9312c0c844dd /src/lib/libc
parent9ca0aa0051037154f9749fc28cdacbef0d5d9e4b (diff)
downloadopenbsd-d1989697283bac892dc967b0acd2633dcdb26c51.tar.gz
openbsd-d1989697283bac892dc967b0acd2633dcdb26c51.tar.bz2
openbsd-d1989697283bac892dc967b0acd2633dcdb26c51.zip
rewrite OCSP_parse_url to be sligthly less nasty and not have one byte buffer overreads
helpful nitpicking and ok tb@ miod@
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/ocsp/ocsp_lib.c112
1 files changed, 34 insertions, 78 deletions
diff --git a/src/lib/libcrypto/ocsp/ocsp_lib.c b/src/lib/libcrypto/ocsp/ocsp_lib.c
index be5bf7dab5..4a109b5513 100644
--- a/src/lib/libcrypto/ocsp/ocsp_lib.c
+++ b/src/lib/libcrypto/ocsp/ocsp_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ocsp_lib.c,v 1.18 2015/02/10 05:25:45 jsing Exp $ */ 1/* $OpenBSD: ocsp_lib.c,v 1.19 2016/12/21 18:13:59 beck Exp $ */
2/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL 2/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
3 * project. */ 3 * project. */
4 4
@@ -182,99 +182,55 @@ OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
182int 182int
183OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl) 183OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl)
184{ 184{
185 char *p, *buf; 185 char *host, *path, *port, *tmp;
186 char *host, *port;
187 186
188 *phost = NULL; 187 *phost = *pport = *ppath = NULL;
189 *pport = NULL; 188 *pssl = 0;
190 *ppath = NULL;
191 189
192 /* dup the buffer since we are going to mess with it */ 190 if (strncmp(url, "https://", 8) == 0) {
193 buf = url ? strdup(url) : NULL;
194 if (!buf)
195 goto mem_err;
196
197 /* Check for initial colon */
198 p = strchr(buf, ':');
199 if (!p)
200 goto parse_err;
201
202 *(p++) = '\0';
203
204 if (!strcmp(buf, "http")) {
205 *pssl = 0;
206 port = "80";
207 } else if (!strcmp(buf, "https")) {
208 *pssl = 1; 191 *pssl = 1;
209 port = "443"; 192 host = strdup(url + 8);
210 } else 193 } else if (strncmp(url, "http://", 7) == 0)
211 goto parse_err; 194 host = strdup(url + 7);
212
213 /* Check for double slash */
214 if ((p[0] != '/') || (p[1] != '/'))
215 goto parse_err;
216
217 p += 2;
218
219 host = p;
220
221 /* Check for trailing part of path */
222 p = strchr(p, '/');
223 if (!p)
224 *ppath = strdup("/");
225 else { 195 else {
226 *ppath = strdup(p); 196 OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL);
227 /* Set start of path to 0 so hostname is valid */ 197 return 0;
228 *p = '\0'; 198 }
199 if (host == NULL) {
200 OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);
201 return 0;
229 } 202 }
230 203
231 if (!*ppath) 204 if ((tmp = strchr(host, '/')) != NULL) {
232 goto mem_err; 205 path = strdup(tmp);
206 *tmp = '\0';
207 } else
208 path = strdup("/");
233 209
234 /* Look for optional ':' for port number */ 210 if ((tmp = strchr(host, ':')) != NULL ) {
235 if ((p = strchr(host, ':'))) { 211 port = strdup(tmp + 1);
236 *p = 0; 212 *tmp = '\0';
237 port = p + 1;
238 } else { 213 } else {
239 /* Not found: set default port */
240 if (*pssl) 214 if (*pssl)
241 port = "443"; 215 port = strdup("443");
242 else 216 else
243 port = "80"; 217 port = strdup("80");
244 } 218 }
245 219
246 *pport = strdup(port); 220 if (path == NULL || port == NULL) {
247 if (!*pport) 221 free(host);
248 goto mem_err; 222 free(path);
249 223 free(port);
250 *phost = strdup(host); 224 OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);
251 225 return 0;
252 if (!*phost) 226 }
253 goto mem_err;
254
255 free(buf);
256 227
228 *phost = host;
229 *ppath = path;
230 *pport = port;
257 return 1; 231 return 1;
258
259mem_err:
260 OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);
261 goto err;
262
263parse_err:
264 OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL);
265
266err:
267 free(buf);
268 free(*ppath);
269 free(*pport);
270 free(*phost);
271 *phost = NULL;
272 *pport = NULL;
273 *ppath = NULL;
274 return 0;
275} 232}
276 233
277
278OCSP_CERTID * 234OCSP_CERTID *
279OCSP_CERTID_dup(OCSP_CERTID *x) 235OCSP_CERTID_dup(OCSP_CERTID *x)
280{ 236{
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-31 22:53:01 +0000