aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/nss.c109
1 files changed, 53 insertions, 56 deletions
diff --git a/lib/nss.c b/lib/nss.c
index b273b667b..3312e8a4f 100644
--- a/lib/nss.c
+++ b/lib/nss.c
@@ -421,6 +421,7 @@ static SECStatus nss_cache_crl(SECItem *crlDER)
if(crl) {
/* CRL already cached */
SEC_DestroyCrl(crl);
+ SECITEM_FreeItem(crlDER, PR_FALSE);
return SECSuccess;
}
@@ -429,6 +430,7 @@ static SECStatus nss_cache_crl(SECItem *crlDER)
if(SECSuccess != CERT_CacheCRL(db, crlDER)) {
/* unable to cache CRL */
PR_Unlock(nss_crllock);
+ SECITEM_FreeItem(crlDER, PR_FALSE);
return SECFailure;
}
@@ -438,67 +440,63 @@ static SECStatus nss_cache_crl(SECItem *crlDER)
return SECSuccess;
}
-static int nss_load_crl(const char* crlfilename, PRBool ascii)
+static SECStatus nss_load_crl(const char* crlfilename)
{
PRFileDesc *infile;
- PRStatus prstat;
PRFileInfo info;
- PRInt32 nb;
- int rv;
- SECItem crlDER;
+ SECItem filedata = { 0, NULL, 0 };
+ SECItem crlDER = { 0, NULL, 0 };
+ char *body;
- infile = PR_Open(crlfilename,PR_RDONLY,0);
- if (!infile) {
- return 0;
- }
- crlDER.data = NULL;
- prstat = PR_GetOpenFileInfo(infile,&info);
- if (prstat!=PR_SUCCESS)
- return 0;
- if (ascii) {
- SECItem filedata;
- char *asc,*body;
- filedata.data = NULL;
- if (!SECITEM_AllocItem(NULL,&filedata,info.size))
- return 0;
- nb = PR_Read(infile,filedata.data,info.size);
- if (nb!=info.size)
- return 0;
- asc = (char*)filedata.data;
- if (!asc)
- return 0;
+ infile = PR_Open(crlfilename, PR_RDONLY, 0);
+ if(!infile)
+ return SECFailure;
- body=strstr(asc,"-----BEGIN");
- if (body != NULL) {
- char *trailer=NULL;
- asc = body;
- body = PORT_Strchr(asc,'\n');
- if (!body)
- body = PORT_Strchr(asc,'\r');
- if (body)
- trailer = strstr(++body,"-----END");
- if (trailer!=NULL)
- *trailer='\0';
- else
- return 0;
- }
- else {
- body = asc;
- }
- rv = ATOB_ConvertAsciiToItem(&crlDER,body);
- PORT_Free(filedata.data);
- if (rv)
- return 0;
- }
- else {
- if (!SECITEM_AllocItem(NULL,&crlDER,info.size))
- return 0;
- nb = PR_Read(infile,crlDER.data,info.size);
- if (nb!=info.size)
- return 0;
+ if(PR_SUCCESS != PR_GetOpenFileInfo(infile, &info))
+ goto fail;
+
+ if(!SECITEM_AllocItem(NULL, &filedata, info.size + /* zero ended */ 1))
+ goto fail;
+
+ if(info.size != PR_Read(infile, filedata.data, info.size))
+ goto fail;
+
+ /* place a trailing zero right after the visible data */
+ body = (char*)filedata.data;
+ body[--filedata.len] = '\0';
+
+ body = strstr(body, "-----BEGIN");
+ if(body) {
+ /* assume ASCII */
+ char *trailer;
+ char *begin = PORT_Strchr(body, '\n');
+ if(!begin)
+ begin = PORT_Strchr(body, '\r');
+ if(!begin)
+ goto fail;
+
+ trailer = strstr(++begin, "-----END");
+ if(!trailer)
+ goto fail;
+
+ /* retrieve DER from ASCII */
+ *trailer = '\0';
+ if(ATOB_ConvertAsciiToItem(&crlDER, begin))
+ goto fail;
+
+ SECITEM_FreeItem(&filedata, PR_FALSE);
}
+ else
+ /* assume DER */
+ crlDER = filedata;
+
+ PR_Close(infile);
+ return nss_cache_crl(&crlDER);
- return (SECSuccess == nss_cache_crl(&crlDER));
+fail:
+ PR_Close(infile);
+ SECITEM_FreeItem(&filedata, PR_FALSE);
+ return SECFailure;
}
static int nss_load_key(struct connectdata *conn, int sockindex,
@@ -1265,8 +1263,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
data->set.ssl.CApath ? data->set.ssl.CApath : "none");
if (data->set.ssl.CRLfile) {
- int rc = nss_load_crl(data->set.ssl.CRLfile, PR_FALSE);
- if (!rc) {
+ if(SECSuccess != nss_load_crl(data->set.ssl.CRLfile)) {
curlerr = CURLE_SSL_CRL_BADFILE;
goto error;
}