summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl/ocsp.c
diff options
context:
space:
mode:
authorguenther <>2017-11-29 23:47:18 +0000
committerguenther <>2017-11-29 23:47:18 +0000
commit7e9c5e1bdd0accb58b9e2ead152ef85403ea662b (patch)
tree6aa2868db8379fbc7be66f04f08af0cc760e8785 /src/usr.bin/openssl/ocsp.c
parentc6fd1f3146d18e788d976c587c1cc38d1ff98d89 (diff)
downloadopenbsd-7e9c5e1bdd0accb58b9e2ead152ef85403ea662b.tar.gz
openbsd-7e9c5e1bdd0accb58b9e2ead152ef85403ea662b.tar.bz2
openbsd-7e9c5e1bdd0accb58b9e2ead152ef85403ea662b.zip
Mixing -url with any of -host, -port, or -path should be a usage error
instead of trying to work and then triggering a double-free(). problem noted by trondd (trondd (at) kagu-tsuchi.com) ok beck@
Diffstat (limited to 'src/usr.bin/openssl/ocsp.c')
-rw-r--r--src/usr.bin/openssl/ocsp.c15
1 files changed, 8 insertions, 7 deletions
diff --git a/src/usr.bin/openssl/ocsp.c b/src/usr.bin/openssl/ocsp.c
index 64eeef8e5c..ad657b8a66 100644
--- a/src/usr.bin/openssl/ocsp.c
+++ b/src/usr.bin/openssl/ocsp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ocsp.c,v 1.12 2017/01/21 09:29:09 deraadt Exp $ */ 1/* $OpenBSD: ocsp.c,v 1.13 2017/11/29 23:47:18 guenther Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
@@ -106,7 +106,7 @@ int
106ocsp_main(int argc, char **argv) 106ocsp_main(int argc, char **argv)
107{ 107{
108 char **args; 108 char **args;
109 char *host = NULL, *port = NULL, *path = "/"; 109 char *host = NULL, *port = NULL, *path = NULL;
110 char *reqin = NULL, *respin = NULL; 110 char *reqin = NULL, *respin = NULL;
111 char *reqout = NULL, *respout = NULL; 111 char *reqout = NULL, *respout = NULL;
112 char *signfile = NULL, *keyfile = NULL; 112 char *signfile = NULL, *keyfile = NULL;
@@ -177,7 +177,8 @@ ocsp_main(int argc, char **argv)
177 } else 177 } else
178 badarg = 1; 178 badarg = 1;
179 } else if (!strcmp(*args, "-url")) { 179 } else if (!strcmp(*args, "-url")) {
180 if (args[1]) { 180 if (args[1] && host == NULL && port == NULL &&
181 path == NULL) {
181 args++; 182 args++;
182 if (!OCSP_parse_url(*args, &host, &port, &path, &use_ssl)) { 183 if (!OCSP_parse_url(*args, &host, &port, &path, &use_ssl)) {
183 BIO_printf(bio_err, "Error parsing URL\n"); 184 BIO_printf(bio_err, "Error parsing URL\n");
@@ -186,13 +187,13 @@ ocsp_main(int argc, char **argv)
186 } else 187 } else
187 badarg = 1; 188 badarg = 1;
188 } else if (!strcmp(*args, "-host")) { 189 } else if (!strcmp(*args, "-host")) {
189 if (args[1]) { 190 if (args[1] && use_ssl == -1) {
190 args++; 191 args++;
191 host = *args; 192 host = *args;
192 } else 193 } else
193 badarg = 1; 194 badarg = 1;
194 } else if (!strcmp(*args, "-port")) { 195 } else if (!strcmp(*args, "-port")) {
195 if (args[1]) { 196 if (args[1] && use_ssl == -1) {
196 args++; 197 args++;
197 port = *args; 198 port = *args;
198 } else 199 } else
@@ -331,7 +332,7 @@ ocsp_main(int argc, char **argv)
331 } else 332 } else
332 badarg = 1; 333 badarg = 1;
333 } else if (!strcmp(*args, "-path")) { 334 } else if (!strcmp(*args, "-path")) {
334 if (args[1]) { 335 if (args[1] && use_ssl == -1) {
335 args++; 336 args++;
336 path = *args; 337 path = *args;
337 } else 338 } else
@@ -629,7 +630,7 @@ redo_accept:
629 if (cbio) 630 if (cbio)
630 send_ocsp_response(cbio, resp); 631 send_ocsp_response(cbio, resp);
631 } else if (host) { 632 } else if (host) {
632 resp = process_responder(bio_err, req, host, path, 633 resp = process_responder(bio_err, req, host, path ? path : "/",
633 port, use_ssl, headers, req_timeout); 634 port, use_ssl, headers, req_timeout);
634 if (!resp) 635 if (!resp)
635 goto end; 636 goto end;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 01:46:00 +0000