Fix some serious pointer-arithmatic-magic-number-unchecked-return eyebleed

that I stumbled into here and got stuck with. If modern society can get past selling daughters for cows, surely we can decide to write modern C code in an "application" that is probably 3 lines of shell/python/cgi away from talking to the internet in a lot of places.. (This file still needs a lot more love though) "oh god yuck" deraadt@ ok tedu@
author: beck <> 2014-04-19 15:37:35 +0000
committer: beck <> 2014-04-19 15:37:35 +0000
commit: 33436fc594a42c806061d0bd0a84a2edcc27aab4 (patch)
tree: f29d1302d8be06772a797c0630e407f32908fa20 /src/lib
parent: 0a43bea89e0285d9ce122b7667deb6dd63a538bc (diff)
download: openbsd-33436fc594a42c806061d0bd0a84a2edcc27aab4.tar.gz
openbsd-33436fc594a42c806061d0bd0a84a2edcc27aab4.tar.bz2
openbsd-33436fc594a42c806061d0bd0a84a2edcc27aab4.zip
1 files changed, 44 insertions, 53 deletions
diff --git a/src/lib/libssl/src/apps/ca.c b/src/lib/libssl/src/apps/ca.c
index c70ca5f168..297ddccded 100644
--- a/src/lib/libssl/src/apps/ca.c
+++ b/src/lib/libssl/src/apps/ca.c
@@ -221,6 +221,7 @@ static int do_revoke(X509 * x509, CA_DB * db, int ext, char *extval);
 static int get_certificate_status(const char *ser_status, CA_DB * db);
 static int do_updatedb(CA_DB * db);
 static int check_time_format(const char *str);
+static char * bin2hex(unsigned char *, size_t);
 char *make_revocation_str(int rev_type, char *rev_arg);
 int make_revoked(X509_REVOKED * rev, const char *str);
 int old_entry_print(BIO * bp, ASN1_OBJECT * obj, ASN1_STRING * str);
@@ -1123,40 +1124,31 @@ ca_main(int argc, char **argv)
                        BIO_printf(bio_err, "writing new certificates\n");
                for (i = 0; i < sk_X509_num(cert_sk); i++) {
                        int k;
-                        char *n;
+                        char *serial;
+                        unsigned char *data;
                        x = sk_X509_value(cert_sk, i);
                        j = x->cert_info->serialNumber->length;
-                        p = (const char *) x->cert_info->serialNumber->data;
+                        data = (unsigned char *) x->cert_info->serialNumber->data;
+                        if (j > 0)
-                        if (strlen(outdir) >= (size_t) (j ? BSIZE - j * 2 - 6 : BSIZE - 8)) {
+                                serial = bin2hex(data, j);
-                                BIO_printf(bio_err, "certificate file name too long\n");
+                        else
-                                goto err;
+                                serial = strdup("00");
-                        }
+                        if (serial) {
-                        strlcpy(buf[2], outdir, sizeof(buf[2]));
+                                k = snprintf(buf[2], sizeof(buf[2]),
+                                    "%s/%s.pem", outdir, serial);
-                        strlcat(buf[2], "/", sizeof(buf[2]));
+                                free(serial);
+                                if (k == -1 || k >= sizeof(buf[2])) {
-                        n = (char *) &(buf[2][strlen(buf[2])]);
+                                        BIO_printf(bio_err,
-                        if (j > 0) {
+                                            "certificate file name too long\n");
-                                for (k = 0; k < j; k++) {
+                                        goto err;
-                                        if (n >= &(buf[2][sizeof(buf[2])]))
-                                                break;
-                                        snprintf(n,
-                                            &buf[2][0] + sizeof(buf[2]) - n,
-                                            "%02X", (unsigned char) *(p++));
-                                        n += 2;
                                }
                        } else {
-                                *(n++) = '0';
+                                BIO_printf(bio_err,
-                                *(n++) = '0';
+                                    "memory allocation failed\n");
+                                goto err;
                        }
-                        *(n++) = '.';
-                        *(n++) = 'p';
-                        *(n++) = 'e';
-                        *(n++) = 'm';
-                        *n = '\0';
                        if (verbose)
                                BIO_printf(bio_err, "writing %s\n", buf[2]);
@@ -1955,7 +1947,7 @@ do_body(X509 ** xret, EVP_PKEY * pkey, X509 * x509, const EVP_MD * dgst,
                BIO_printf(bio_err, "Memory allocation failure\n");
                goto err;
        }
-        strlcpy(row[DB_file], "unknown", 8);
+        (void) strlcpy(row[DB_file], "unknown", 8);
        row[DB_type][0] = 'V';
        row[DB_type][1] = '\0';
@@ -2211,7 +2203,7 @@ do_revoke(X509 * x509, CA_DB * db, int type, char *value)
                        BIO_printf(bio_err, "Memory allocation failure\n");
                        goto err;
                }
-                strlcpy(row[DB_file], "unknown", 8);
+                (void) strlcpy(row[DB_file], "unknown", 8);
                row[DB_type][0] = 'V';
                row[DB_type][1] = '\0';
@@ -2482,30 +2474,10 @@ make_revocation_str(int rev_type, char *rev_arg)
        }
        revtm = X509_gmtime_adj(NULL, 0);
+        if (asprintf(&str, "%s%s%s%s%s", revtm->data,
-        i = revtm->length + 1;
+                reason ? "," : "", reason ? reason : "",
+                other ? "," : "", other ? other : "") == -1)
-        if (reason)
+            str = NULL;
-                i += strlen(reason)
-                    + 1;
-        if (other)
-                i += strlen(other)
-                    + 1;
-        str = malloc(i);
-        if (!str)
-                return NULL;
-        strlcpy(str, (char *) revtm->data, i);
-        if (reason) {
-                strlcat(str, ",", i);
-                strlcat(str, reason, i);
-        }
-        if (other) {
-                strlcat(str, ",", i);
-                strlcat(str, other, i);
-        }
        ASN1_UTCTIME_free(revtm);
        return str;
 }
@@ -2705,3 +2677,22 @@ err:
        return ret;
 }
+static char *
+bin2hex(unsigned char * data, size_t len)
+{
+        char *ret = NULL;
+        char hex[]= "0123456789ABCDEF";
+        int i;
+        if ((ret = malloc(len * 2 + 1))) {
+                for (i = 0; i < len; i++)
+                {
+                        ret[i * 2 + 0] = hex[data[i] >> 4  ];
+                        ret[i * 2 + 1] = hex[data[i] & 0x0F];
+                }
+                ret[len * 2] = '\0';
+        }
+        return ret;
+}
author	beck <>	2014-04-19 15:37:35 +0000
committer	beck <>	2014-04-19 15:37:35 +0000
commit	33436fc594a42c806061d0bd0a84a2edcc27aab4 (patch)
tree	f29d1302d8be06772a797c0630e407f32908fa20 /src/lib
parent	0a43bea89e0285d9ce122b7667deb6dd63a538bc (diff)
download	openbsd-33436fc594a42c806061d0bd0a84a2edcc27aab4.tar.gz openbsd-33436fc594a42c806061d0bd0a84a2edcc27aab4.tar.bz2 openbsd-33436fc594a42c806061d0bd0a84a2edcc27aab4.zip

diff --git a/src/lib/libssl/src/apps/ca.c b/src/lib/libssl/src/apps/ca.c index c70ca5f168..297ddccded 100644 --- a/src/lib/libssl/src/apps/ca.c +++ b/src/lib/libssl/src/apps/ca.c
@@ -221,6 +221,7 @@ static int do_revoke(X509 * x509, CA_DB * db, int ext, char *extval);
221	static int get_certificate_status(const char ser_status, CA_DB db);	221	static int get_certificate_status(const char ser_status, CA_DB db);
222	static int do_updatedb(CA_DB * db);	222	static int do_updatedb(CA_DB * db);
223	static int check_time_format(const char *str);	223	static int check_time_format(const char *str);
		224	static char * bin2hex(unsigned char *, size_t);
224	char make_revocation_str(int rev_type, char rev_arg);	225	char make_revocation_str(int rev_type, char rev_arg);
225	int make_revoked(X509_REVOKED * rev, const char *str);	226	int make_revoked(X509_REVOKED * rev, const char *str);
226	int old_entry_print(BIO * bp, ASN1_OBJECT * obj, ASN1_STRING * str);	227	int old_entry_print(BIO * bp, ASN1_OBJECT * obj, ASN1_STRING * str);
@@ -1123,40 +1124,31 @@ ca_main(int argc, char **argv)
1123	BIO_printf(bio_err, "writing new certificates\n");	1124	BIO_printf(bio_err, "writing new certificates\n");
1124	for (i = 0; i < sk_X509_num(cert_sk); i++) {	1125	for (i = 0; i < sk_X509_num(cert_sk); i++) {
1125	int k;	1126	int k;
1126	char *n;	1127	char *serial;
		1128	unsigned char *data;
1127		1129
1128	x = sk_X509_value(cert_sk, i);	1130	x = sk_X509_value(cert_sk, i);
1129		1131
1130	j = x->cert_info->serialNumber->length;	1132	j = x->cert_info->serialNumber->length;
1131	p = (const char *) x->cert_info->serialNumber->data;	1133	data = (unsigned char *) x->cert_info->serialNumber->data;
1132		1134	if (j > 0)
1133	if (strlen(outdir) >= (size_t) (j ? BSIZE - j * 2 - 6 : BSIZE - 8)) {	1135	serial = bin2hex(data, j);
1134	BIO_printf(bio_err, "certificate file name too long\n");	1136	else
1135	goto err;	1137	serial = strdup("00");
1136	}	1138	if (serial) {
1137	strlcpy(buf[2], outdir, sizeof(buf[2]));	1139	k = snprintf(buf[2], sizeof(buf[2]),
1138		1140	"%s/%s.pem", outdir, serial);
1139	strlcat(buf[2], "/", sizeof(buf[2]));	1141	free(serial);
1140		1142	if (k == -1 \|\| k >= sizeof(buf[2])) {
1141	n = (char *) &(buf[2][strlen(buf[2])]);	1143	BIO_printf(bio_err,
1142	if (j > 0) {	1144	"certificate file name too long\n");
1143	for (k = 0; k < j; k++) {	1145	goto err;
1144	if (n >= &(buf[2][sizeof(buf[2])]))
1145	break;
1146	snprintf(n,
1147	&buf[2][0] + sizeof(buf[2]) - n,
1148	"%02X", (unsigned char) *(p++));
1149	n += 2;
1150	}	1146	}
1151	} else {	1147	} else {
1152	*(n++) = '0';	1148	BIO_printf(bio_err,
1153	*(n++) = '0';	1149	"memory allocation failed\n");
		1150	goto err;
1154	}	1151	}
1155	*(n++) = '.';
1156	*(n++) = 'p';
1157	*(n++) = 'e';
1158	*(n++) = 'm';
1159	*n = '\0';
1160	if (verbose)	1152	if (verbose)
1161	BIO_printf(bio_err, "writing %s\n", buf[2]);	1153	BIO_printf(bio_err, "writing %s\n", buf[2]);
1162		1154
@@ -1955,7 +1947,7 @@ do_body(X509 ** xret, EVP_PKEY * pkey, X509 * x509, const EVP_MD * dgst,
1955	BIO_printf(bio_err, "Memory allocation failure\n");	1947	BIO_printf(bio_err, "Memory allocation failure\n");
1956	goto err;	1948	goto err;
1957	}	1949	}
1958	strlcpy(row[DB_file], "unknown", 8);	1950	(void) strlcpy(row[DB_file], "unknown", 8);
1959	row[DB_type][0] = 'V';	1951	row[DB_type][0] = 'V';
1960	row[DB_type][1] = '\0';	1952	row[DB_type][1] = '\0';
1961		1953
@@ -2211,7 +2203,7 @@ do_revoke(X509 * x509, CA_DB * db, int type, char *value)
2211	BIO_printf(bio_err, "Memory allocation failure\n");	2203	BIO_printf(bio_err, "Memory allocation failure\n");
2212	goto err;	2204	goto err;
2213	}	2205	}
2214	strlcpy(row[DB_file], "unknown", 8);	2206	(void) strlcpy(row[DB_file], "unknown", 8);
2215	row[DB_type][0] = 'V';	2207	row[DB_type][0] = 'V';
2216	row[DB_type][1] = '\0';	2208	row[DB_type][1] = '\0';
2217		2209
@@ -2482,30 +2474,10 @@ make_revocation_str(int rev_type, char *rev_arg)
2482	}	2474	}
2483		2475
2484	revtm = X509_gmtime_adj(NULL, 0);	2476	revtm = X509_gmtime_adj(NULL, 0);
2485		2477	if (asprintf(&str, "%s%s%s%s%s", revtm->data,
2486	i = revtm->length + 1;	2478	reason ? "," : "", reason ? reason : "",
2487		2479	other ? "," : "", other ? other : "") == -1)
2488	if (reason)	2480	str = NULL;
2489	i += strlen(reason)
2490	+ 1;
2491	if (other)
2492	i += strlen(other)
2493	+ 1;
2494
2495	str = malloc(i);
2496
2497	if (!str)
2498	return NULL;
2499
2500	strlcpy(str, (char *) revtm->data, i);
2501	if (reason) {
2502	strlcat(str, ",", i);
2503	strlcat(str, reason, i);
2504	}
2505	if (other) {
2506	strlcat(str, ",", i);
2507	strlcat(str, other, i);
2508	}
2509	ASN1_UTCTIME_free(revtm);	2481	ASN1_UTCTIME_free(revtm);
2510	return str;	2482	return str;
2511	}	2483	}
@@ -2705,3 +2677,22 @@ err:
2705		2677
2706	return ret;	2678	return ret;
2707	}	2679	}
		2680
		2681
		2682	static char *
		2683	bin2hex(unsigned char * data, size_t len)
		2684	{
		2685	char *ret = NULL;
		2686	char hex[]= "0123456789ABCDEF";
		2687	int i;
		2688
		2689	if ((ret = malloc(len * 2 + 1))) {
		2690	for (i = 0; i < len; i++)
		2691	{
		2692	ret[i * 2 + 0] = hex[data[i] >> 4 ];
		2693	ret[i * 2 + 1] = hex[data[i] & 0x0F];
		2694	}
		2695	ret[len * 2] = '\0';
		2696	}
		2697	return ret;
		2698	}