diff options
| author | beck <> | 2024-03-25 00:05:49 +0000 |
|---|---|---|
| committer | beck <> | 2024-03-25 00:05:49 +0000 |
| commit | e9b001f0ec0e1d250cdf229432ac3949a3580968 (patch) | |
| tree | e85f499e6080f22102d08a49b6f7ce777768d4c3 /src | |
| parent | ba4c518e207b14a673a38e3d710160e9011bc408 (diff) | |
| download | openbsd-e9b001f0ec0e1d250cdf229432ac3949a3580968.tar.gz openbsd-e9b001f0ec0e1d250cdf229432ac3949a3580968.tar.bz2 openbsd-e9b001f0ec0e1d250cdf229432ac3949a3580968.zip | |
Remove unnecessary stat() calls from by_dir
When searching for a CA or CRL file in by_dir, this stat()
was used to short circuit attempting to open the file with
X509_load_cert_file(). This was a deliberate TOCTOU introduced
to avoid setting an error on the error stack, when what you
really want to say is "we couldn't find a CA" and continue
merrily on your way.
As it so happens you really do not care why the load_file failed
in any of these cases, it all boils down to "I can't find the CA
or CRL". Instead we just omit the stat call, and clear the error
stack if the load_file fails. The fact that you don't have a CA or
CRL is caught later in the callers and is what you want, mimicing
the non by_dir behaviour instead of possibly some bizzaro file
system error.
Based on a similar change in Boring.
ok tb@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/x509/by_dir.c | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c index 7e6949e21c..bb14e72806 100644 --- a/src/lib/libcrypto/x509/by_dir.c +++ b/src/lib/libcrypto/x509/by_dir.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: by_dir.c,v 1.46 2023/12/29 05:33:32 tb Exp $ */ | 1 | /* $OpenBSD: by_dir.c,v 1.47 2024/03/25 00:05:49 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -56,9 +56,6 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <sys/stat.h> | ||
| 60 | #include <sys/types.h> | ||
| 61 | |||
| 62 | #include <errno.h> | 59 | #include <errno.h> |
| 63 | #include <stdio.h> | 60 | #include <stdio.h> |
| 64 | #include <string.h> | 61 | #include <string.h> |
| @@ -331,23 +328,27 @@ get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, | |||
| 331 | for (;;) { | 328 | for (;;) { |
| 332 | (void) snprintf(b->data, b->max, "%s/%08lx.%s%d", | 329 | (void) snprintf(b->data, b->max, "%s/%08lx.%s%d", |
| 333 | ent->dir, h, postfix, k); | 330 | ent->dir, h, postfix, k); |
| 334 | 331 | /* | |
| 335 | { | 332 | * Found one. Attempt to load it. This could fail for |
| 336 | struct stat st; | 333 | * any number of reasons from the file can't be opened, |
| 337 | if (stat(b->data, &st) < 0) | 334 | * the file contains garbage, etc. Clear the error stack |
| 338 | break; | 335 | * to avoid exposing the lower level error. These all |
| 339 | } | 336 | * boil down to "we could not find CA/CRL". |
| 340 | /* found one. */ | 337 | */ |
| 341 | if (type == X509_LU_X509) { | 338 | if (type == X509_LU_X509) { |
| 342 | if ((X509_load_cert_file(xl, b->data, | 339 | if ((X509_load_cert_file(xl, b->data, |
| 343 | ent->dir_type)) == 0) | 340 | ent->dir_type)) == 0) { |
| 341 | ERR_clear_error(); | ||
| 344 | break; | 342 | break; |
| 343 | } | ||
| 345 | } else if (type == X509_LU_CRL) { | 344 | } else if (type == X509_LU_CRL) { |
| 346 | if ((X509_load_crl_file(xl, b->data, | 345 | if ((X509_load_crl_file(xl, b->data, |
| 347 | ent->dir_type)) == 0) | 346 | ent->dir_type)) == 0) { |
| 347 | ERR_clear_error(); | ||
| 348 | break; | 348 | break; |
| 349 | } | ||
| 349 | } | 350 | } |
| 350 | /* else case will caught higher up */ | 351 | /* The lack of a CA or CRL will be caught higher up. */ |
| 351 | k++; | 352 | k++; |
| 352 | } | 353 | } |
| 353 | 354 | ||