aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2013-11-05 09:56:18 +0100
committerDaniel Stenberg <daniel@haxx.se>2013-11-05 09:59:19 +0100
commit5aa290f0f209f12130f7a1375c1b76af707e95f2 (patch)
tree6705d2d1c1c4540216384fddccf114da584662ed
parentf0831f7931355ae7096ab94ea5d2ea01885e9081 (diff)
Curl_ssl_push_certinfo_len: don't %.*s non-zero-terminated string
Our own printf() replacement clearly can't properly handle %.*s with a string that isn't zero terminated. Instead of fixing the printf code or even figuring out what the proper posix behavior is, I reverted this piece of the code back to the previous version where it does malloc + memcpy instead. Regression added in e839446c2a5, released in curl 7.32.0. Reported-by: Felix Yan Bug: http://curl.haxx.se/bug/view.cgi?id=1295
-rw-r--r--lib/sslgen.c17
1 files changed, 15 insertions, 2 deletions
diff --git a/lib/sslgen.c b/lib/sslgen.c
index d2d0e303e..887b95ff4 100644
--- a/lib/sslgen.c
+++ b/lib/sslgen.c
@@ -611,6 +611,9 @@ int Curl_ssl_init_certinfo(struct SessionHandle * data,
return 0;
}
+/*
+ * 'value' is NOT a zero terminated string
+ */
CURLcode Curl_ssl_push_certinfo_len(struct SessionHandle *data,
int certnum,
const char *label,
@@ -621,12 +624,22 @@ CURLcode Curl_ssl_push_certinfo_len(struct SessionHandle *data,
char * output;
struct curl_slist * nl;
CURLcode res = CURLE_OK;
+ size_t labellen = strlen(label);
+ size_t outlen = labellen + 1 + valuelen + 1; /* label:value\0 */
- /* Add an information record for a particular certificate. */
- output = curl_maprintf("%s:%.*s", label, valuelen, value);
+ output = malloc(outlen);
if(!output)
return CURLE_OUT_OF_MEMORY;
+ /* sprintf the label and colon */
+ snprintf(output, outlen, "%s:", label);
+
+ /* memcpy the value (it might not be zero terminated) */
+ memcpy(&output[labellen+1], value, valuelen);
+
+ /* zero terminate the output */
+ output[labellen + 1 + valuelen] = 0;
+
nl = Curl_slist_append_nodup(ci->certinfo[certnum], output);
if(!nl) {
free(output);