Change X509_NAME_get_index_by[NID|OBJ] to be safer.

Currently these functions return raw ASN1_STRING bytes as a C string and ignore the encoding in a "hold my beer I am a toolkit not a functioning API surely it's just for testing and you'd never send nasty bytes" kind of way. Sadly some callers seem to use them to fetch things liks subject name components for comparisons, and often just use the result as a C string. Instead, encode the resulting bytes as UTF-8 so it is something like "text", Add a failure case if the length provided is inadequate or if the resulting text would contain an nul byte. based on boringssl. nits by dlg@ ok tb@
author: beck <> 2023-05-02 14:13:05 +0000
committer: beck <> 2023-05-02 14:13:05 +0000
commit: bcec9e3700677dff4d40f3813e166d89598a6329 (patch)
tree: 9b7516cbe9c5101c44087b7ca6a0b2d7374ebb84 /src/lib/libcrypto/x509/x509name.c
parent: b51ca2264f3c87ae6c0f6bd726ff14aae7906760 (diff)
download: openbsd-bcec9e3700677dff4d40f3813e166d89598a6329.tar.gz
openbsd-bcec9e3700677dff4d40f3813e166d89598a6329.tar.bz2
openbsd-bcec9e3700677dff4d40f3813e166d89598a6329.zip
1 files changed, 27 insertions, 10 deletions
diff --git a/src/lib/libcrypto/x509/x509name.c b/src/lib/libcrypto/x509/x509name.c
index a6e4dbef89..3c9e224c1b 100644
--- a/src/lib/libcrypto/x509/x509name.c
+++ b/src/lib/libcrypto/x509/x509name.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509name.c,v 1.31 2023/02/16 08:38:17 tb Exp $ */
+/* $OpenBSD: x509name.c,v 1.32 2023/05/02 14:13:05 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -66,6 +66,7 @@
 #include <openssl/stack.h>
 #include <openssl/x509.h>
+#include "bytestring.h"
 #include "x509_local.h"
 int
@@ -84,21 +85,37 @@ int
 X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, char *buf,
    int len)
 {
-        int i;
+        unsigned char *text = NULL;
        ASN1_STRING *data;
+        int i, text_len;
+        int ret = -1;
+        CBS cbs;
        i = X509_NAME_get_index_by_OBJ(name, obj, -1);
        if (i < 0)
-                return (-1);
+                goto err;
        data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
-        i = (data->length > (len - 1)) ? (len - 1) : data->length;
+        /*
-        if (buf == NULL)
+         * Fail if we cannot encode as UTF-8, or if the UTF-8 encoding of the
-                return (data->length);
+         * string contains a 0 byte, because mortal callers seldom handle the
-        if (i >= 0) {
+         * length difference correctly
-                memcpy(buf, data->data, i);
+         */
-                buf[i] = '\0';
+        if ((text_len = ASN1_STRING_to_UTF8(&text, data)) < 0)
+                goto err;
+        CBS_init(&cbs, text, text_len);
+        if (CBS_contains_zero_byte(&cbs))
+                goto err;
+        /* We still support the "pass NULL to find out how much" API */
+        if (buf != NULL) {
+                if (!CBS_write_bytes(&cbs, buf, len - 1, NULL))
+                        goto err;
+                /* It must be a C string */
+                buf[text_len] = '\0';
        }
-        return (i);
+        ret = text_len;
+ err:
+        free(text);
+        return (ret);
 }
 LCRYPTO_ALIAS(X509_NAME_get_text_by_OBJ);
author	beck <>	2023-05-02 14:13:05 +0000
committer	beck <>	2023-05-02 14:13:05 +0000
commit	bcec9e3700677dff4d40f3813e166d89598a6329 (patch)
tree	9b7516cbe9c5101c44087b7ca6a0b2d7374ebb84 /src/lib/libcrypto/x509/x509name.c
parent	b51ca2264f3c87ae6c0f6bd726ff14aae7906760 (diff)
download	openbsd-bcec9e3700677dff4d40f3813e166d89598a6329.tar.gz openbsd-bcec9e3700677dff4d40f3813e166d89598a6329.tar.bz2 openbsd-bcec9e3700677dff4d40f3813e166d89598a6329.zip