[Privoxy-commits] [privoxy] 01/04: ssl_send_certificate_error(): Don't crash if there's no certificate information available
User Git
git at git.privoxy.org
Sat Apr 23 08:44:43 UTC 2022
This is an automated email from the git hooks/post-receive script.
git pushed a commit to branch master
in repository privoxy.
commit 64e6cac25c9599ac450591b26fff603b196b56df
Author: Fabian Keil <fk at fabiankeil.de>
AuthorDate: Fri Dec 17 08:06:09 2021 +0100
ssl_send_certificate_error(): Don't crash if there's no certificate information available
This is only relevant when Privoxy is built with wolfSSL 5.0.0 or later.
Earlier wolfSSL versions or the other TLS backends
don't seem to trigger the crash.
---
ssl_common.c | 72 +++++++++++++++++++++++++++++++++++++-----------------------
1 file changed, 44 insertions(+), 28 deletions(-)
diff --git a/ssl_common.c b/ssl_common.c
index 18817137..4cf72913 100644
--- a/ssl_common.c
+++ b/ssl_common.c
@@ -358,11 +358,22 @@ extern void ssl_send_certificate_error(struct client_state *csp)
cert = &(csp->server_certs_chain);
while (cert->next != NULL)
{
- size_t base64_len = 4 * ((strlen(cert->file_buf) + 2) / 3) + 1;
+ size_t base64_len;
- message_len += strlen(cert->info_buf) + strlen("<pre></pre>\n")
- + base64_len + strlen("<a href=\"data:application"
- "/x-x509-ca-cert;base64,\">Download certificate</a>");
+ if (cert->file_buf != NULL)
+ {
+ base64_len = 4 * ((strlen(cert->file_buf) + 2) / 3) + 1;
+
+ message_len += strlen(cert->info_buf) + strlen("<pre></pre>\n")
+ + base64_len + strlen("<a href=\"data:application"
+ "/x-x509-ca-cert;base64,\">Download certificate</a>");
+ }
+ else
+ {
+ log_error(LOG_LEVEL_ERROR,
+ "Incomplete certificate information for %s.",
+ csp->http->hostport);
+ }
cert = cert->next;
}
@@ -379,31 +390,36 @@ extern void ssl_send_certificate_error(struct client_state *csp)
cert = &(csp->server_certs_chain);
while (cert->next != NULL)
{
- size_t olen = 0;
- size_t base64_len = 4 * ((strlen(cert->file_buf) + 2) / 3) + 1; /* +1 for terminating null*/
- char base64_buf[base64_len];
- memset(base64_buf, 0, base64_len);
-
- /* Encoding certificate into base64 code */
- ret = ssl_base64_encode((unsigned char*)base64_buf,
- base64_len, &olen, (const unsigned char*)cert->file_buf,
- strlen(cert->file_buf));
- if (ret != 0)
- {
- log_error(LOG_LEVEL_ERROR,
- "Encoding to base64 failed, buffer is to small");
- }
-
- strlcat(message, "<pre>", message_len);
- strlcat(message, cert->info_buf, message_len);
- strlcat(message, "</pre>\n", message_len);
-
- if (ret == 0)
+ if (cert->file_buf != NULL)
{
- strlcat(message, "<a href=\"data:application/x-x509-ca-cert;base64,",
- message_len);
- strlcat(message, base64_buf, message_len);
- strlcat(message, "\">Download certificate</a>", message_len);
+ /* +1 for terminating null */
+ size_t base64_len = base64_len = 4 * ((strlen(cert->file_buf) + 2) / 3) + 1;
+ size_t olen = 0;
+ char base64_buf[base64_len];
+
+ memset(base64_buf, 0, base64_len);
+
+ /* Encoding certificate into base64 code */
+ ret = ssl_base64_encode((unsigned char*)base64_buf,
+ base64_len, &olen, (const unsigned char*)cert->file_buf,
+ strlen(cert->file_buf));
+ if (ret != 0)
+ {
+ log_error(LOG_LEVEL_ERROR,
+ "Encoding to base64 failed, buffer is to small");
+ }
+
+ strlcat(message, "<pre>", message_len);
+ strlcat(message, cert->info_buf, message_len);
+ strlcat(message, "</pre>\n", message_len);
+
+ if (ret == 0)
+ {
+ strlcat(message, "<a href=\"data:application/x-x509-ca-cert;base64,",
+ message_len);
+ strlcat(message, base64_buf, message_len);
+ strlcat(message, "\">Download certificate</a>", message_len);
+ }
}
cert = cert->next;
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Privoxy-commits
mailing list