diff options
author | Greg Hudson <ghudson@mit.edu> | 2017-10-17 18:50:15 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2017-10-27 00:40:36 -0400 |
commit | f36ae41714f669e971e9334fe471f8a924386cc6 (patch) | |
tree | 8346dcbc6cb5e89386f67b61d6d5b91e13f825e6 | |
parent | 270b1314875f0836bd0b35ecc5e4004bda75b7cb (diff) | |
download | krb5-f36ae41714f669e971e9334fe471f8a924386cc6.zip krb5-f36ae41714f669e971e9334fe471f8a924386cc6.tar.gz krb5-f36ae41714f669e971e9334fe471f8a924386cc6.tar.bz2 |
Fix PKINIT cert matching data construction
Rewrite X509_NAME_oneline_ex() and its call sites to use dynamic
allocation and to perform proper error checking.
(cherry picked from commit fbb687db1088ddd894d975996e5f6a4252b9a2b4)
ticket: 8617
version_fixed: 1.15.3
-rw-r--r-- | src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 69 |
1 files changed, 27 insertions, 42 deletions
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c index 74fffbf..4b86a6f 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c @@ -5145,33 +5145,29 @@ out: return retval; } -/* - * Return a string format of an X509_NAME in buf where - * size is an in/out parameter. On input it is the size - * of the buffer, and on output it is the actual length - * of the name. - * If buf is NULL, returns the length req'd to hold name - */ -static char * -X509_NAME_oneline_ex(X509_NAME * a, - char *buf, - unsigned int *size, - unsigned long flag) +static krb5_error_code +rfc2253_name(X509_NAME *name, char **str_out) { - BIO *out = NULL; + BIO *b = NULL; + char *str; - out = BIO_new(BIO_s_mem ()); - if (X509_NAME_print_ex(out, a, 0, flag) > 0) { - if (buf != NULL && (*size) > (unsigned int) BIO_number_written(out)) { - memset(buf, 0, *size); - BIO_read(out, buf, (int) BIO_number_written(out)); - } - else { - *size = BIO_number_written(out); - } - } - BIO_free(out); - return (buf); + *str_out = NULL; + b = BIO_new(BIO_s_mem()); + if (b == NULL) + return ENOMEM; + if (X509_NAME_print_ex(b, name, 0, XN_FLAG_SEP_COMMA_PLUS) < 0) + goto error; + str = calloc(BIO_number_written(b) + 1, 1); + if (str == NULL) + goto error; + BIO_read(b, str, BIO_number_written(b)); + BIO_free(b); + *str_out = str; + return 0; + +error: + BIO_free(b); + return ENOMEM; } /* @@ -5187,8 +5183,6 @@ crypto_cert_get_matching_data(krb5_context context, krb5_principal *pkinit_sans =NULL, *upn_sans = NULL; struct _pkinit_cert_data *cd = (struct _pkinit_cert_data *)ch; unsigned int i, j; - char buf[DN_BUF_LEN]; - unsigned int bufsize = sizeof(buf); if (cd == NULL || cd->magic != CERT_MAGIC) return EINVAL; @@ -5201,23 +5195,14 @@ crypto_cert_get_matching_data(krb5_context context, md->ch = ch; - /* get the subject name (in rfc2253 format) */ - X509_NAME_oneline_ex(X509_get_subject_name(cd->cred->cert), - buf, &bufsize, XN_FLAG_SEP_COMMA_PLUS); - md->subject_dn = strdup(buf); - if (md->subject_dn == NULL) { - retval = ENOMEM; + retval = rfc2253_name(X509_get_subject_name(cd->cred->cert), + &md->subject_dn); + if (retval) goto cleanup; - } - - /* get the issuer name (in rfc2253 format) */ - X509_NAME_oneline_ex(X509_get_issuer_name(cd->cred->cert), - buf, &bufsize, XN_FLAG_SEP_COMMA_PLUS); - md->issuer_dn = strdup(buf); - if (md->issuer_dn == NULL) { - retval = ENOMEM; + retval = rfc2253_name(X509_get_issuer_name(cd->cred->cert), + &md->issuer_dn); + if (retval) goto cleanup; - } /* get the san data */ retval = crypto_retrieve_X509_sans(context, cd->plgctx, cd->reqctx, |