diff options
author | Jay Satiro <raysatiro@yahoo.com> | 2017-08-27 23:37:02 -0400 |
---|---|---|
committer | Jay Satiro <raysatiro@yahoo.com> | 2017-08-31 02:37:35 -0400 |
commit | aa2ea66cdac57868c821190dc30d6bb6d58b4a58 (patch) | |
tree | fb46efc61d3c7c4ff1399e1f74d0343bfc5528dc | |
parent | 410bf6b7b18eb672d77eb0015e48410992468ed7 (diff) |
darwinssl: handle long strings in TLS certs (follow-up)
- Fix handling certificate subjects that are already UTF-8 encoded.
Follow-up to b3b75d1 from two days ago. Since then a copy would be
skipped if the subject was already UTF-8, possibly resulting in a NULL
deref later on.
Ref: https://github.com/curl/curl/issues/1823
Ref: https://github.com/curl/curl/pull/1831
Closes https://github.com/curl/curl/pull/1836
-rw-r--r-- | lib/vtls/darwinssl.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c index d6503216a..b4747dcf2 100644 --- a/lib/vtls/darwinssl.c +++ b/lib/vtls/darwinssl.c @@ -910,11 +910,26 @@ static CURLcode CopyCertSubject(struct Curl_easy *data, { CFStringRef c = getsubject(cert); CURLcode result = CURLE_OK; + const char *direct; char *cbuf = NULL; *certp = NULL; - /* If subject is not UTF-8 then check if it can be converted */ - if(!CFStringGetCStringPtr(c, kCFStringEncodingUTF8)) { + if(!c) { + failf(data, "SSL: invalid CA certificate subject"); + return CURLE_OUT_OF_MEMORY; + } + + /* If the subject is already available as UTF-8 encoded (ie 'direct') then + use that, else convert it. */ + direct = CFStringGetCStringPtr(c, kCFStringEncodingUTF8); + if(direct) { + *certp = strdup(direct); + if(!*certp) { + failf(data, "SSL: out of memory"); + result = CURLE_OUT_OF_MEMORY; + } + } + else { size_t cbuf_size = ((size_t)CFStringGetLength(c) * 4) + 1; cbuf = calloc(cbuf_size, 1); if(cbuf) { |