aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJay Satiro <raysatiro@yahoo.com>2017-08-27 23:37:02 -0400
committerJay Satiro <raysatiro@yahoo.com>2017-08-31 02:37:35 -0400
commitaa2ea66cdac57868c821190dc30d6bb6d58b4a58 (patch)
treefb46efc61d3c7c4ff1399e1f74d0343bfc5528dc
parent410bf6b7b18eb672d77eb0015e48410992468ed7 (diff)
darwinssl: handle long strings in TLS certs (follow-up)
- Fix handling certificate subjects that are already UTF-8 encoded. Follow-up to b3b75d1 from two days ago. Since then a copy would be skipped if the subject was already UTF-8, possibly resulting in a NULL deref later on. Ref: https://github.com/curl/curl/issues/1823 Ref: https://github.com/curl/curl/pull/1831 Closes https://github.com/curl/curl/pull/1836
-rw-r--r--lib/vtls/darwinssl.c19
1 files changed, 17 insertions, 2 deletions
diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c
index d6503216a..b4747dcf2 100644
--- a/lib/vtls/darwinssl.c
+++ b/lib/vtls/darwinssl.c
@@ -910,11 +910,26 @@ static CURLcode CopyCertSubject(struct Curl_easy *data,
{
CFStringRef c = getsubject(cert);
CURLcode result = CURLE_OK;
+ const char *direct;
char *cbuf = NULL;
*certp = NULL;
- /* If subject is not UTF-8 then check if it can be converted */
- if(!CFStringGetCStringPtr(c, kCFStringEncodingUTF8)) {
+ if(!c) {
+ failf(data, "SSL: invalid CA certificate subject");
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ /* If the subject is already available as UTF-8 encoded (ie 'direct') then
+ use that, else convert it. */
+ direct = CFStringGetCStringPtr(c, kCFStringEncodingUTF8);
+ if(direct) {
+ *certp = strdup(direct);
+ if(!*certp) {
+ failf(data, "SSL: out of memory");
+ result = CURLE_OUT_OF_MEMORY;
+ }
+ }
+ else {
size_t cbuf_size = ((size_t)CFStringGetLength(c) * 4) + 1;
cbuf = calloc(cbuf_size, 1);
if(cbuf) {