Fossil SCM

Enhancements to OpenSSL user-prompt buffer handling.

mistachkin 2020-06-09 17:44 trunk
Commit 82d177fa1427710178911759e0bf6f226854021a7a61138f5752a6954606d8ce
Parent 68b68ce673ed652…
1 file changed +6 -6
~ src/http_ssl.c
M src/http_ssl.c
+6 -6
--- src/http_ssl.c
+++ src/http_ssl.c
@@ -328,17 +328,17 @@
328328
 ssl_close();
329329
 return 1;
330330
 }
331331
332332
 if( !sslNoCertVerify && SSL_get_verify_result(ssl)!=X509_V_OK ){
333
- int x;
333
+ int x, desclen;
334334
 char *desc, *prompt;
335335
 Blob ans;
336336
 char cReply;
337337
 BIO *mem;
338
- unsigned char md[32];
339
- char zHash[32*2+1];
338
+ unsigned char md[EVP_MAX_MD_SIZE];
339
+ char zHash[EVP_MAX_MD_SIZE*2+1];
340340
 unsigned int mdLength = (int)sizeof(md);
341341
342342
 memset(md, 0, sizeof(md));
343343
 zHash[0] = 0;
344344
 /* MMNNFFPPS */
@@ -365,15 +365,15 @@
365365
 BIO_puts(mem, " subject: ");
366366
 X509_NAME_print_ex(mem, X509_get_subject_name(cert), 0, XN_FLAG_ONELINE);
367367
 BIO_puts(mem, "\n issuer: ");
368368
 X509_NAME_print_ex(mem, X509_get_issuer_name(cert), 0, XN_FLAG_ONELINE);
369369
 BIO_printf(mem, "\n sha256: %s", zHash);
370
- BIO_get_mem_data(mem, &desc);
370
+ desclen = BIO_get_mem_data(mem, &desc);
371371
372
- prompt = mprintf("Unable to verify SSL cert from %s\n%s\n"
372
+ prompt = mprintf("Unable to verify SSL cert from %s\n%.*s\n"
373373
 "accept this cert and continue (y/N)? ",
374
- pUrlData->name, desc);
374
+ pUrlData->name, desclen, desc);
375375
 BIO_free(mem);
376376
377377
 prompt_user(prompt, &ans);
378378
 free(prompt);
379379
 cReply = blob_str(&ans)[0];
380380
--- src/http_ssl.c
+++ src/http_ssl.c
@@ -328,17 +328,17 @@
328 ssl_close();
329 return 1;
330 }
331
332 if( !sslNoCertVerify && SSL_get_verify_result(ssl)!=X509_V_OK ){
333 int x;
334 char *desc, *prompt;
335 Blob ans;
336 char cReply;
337 BIO *mem;
338 unsigned char md[32];
339 char zHash[32*2+1];
340 unsigned int mdLength = (int)sizeof(md);
341
342 memset(md, 0, sizeof(md));
343 zHash[0] = 0;
344 /* MMNNFFPPS */
@@ -365,15 +365,15 @@
365 BIO_puts(mem, " subject: ");
366 X509_NAME_print_ex(mem, X509_get_subject_name(cert), 0, XN_FLAG_ONELINE);
367 BIO_puts(mem, "\n issuer: ");
368 X509_NAME_print_ex(mem, X509_get_issuer_name(cert), 0, XN_FLAG_ONELINE);
369 BIO_printf(mem, "\n sha256: %s", zHash);
370 BIO_get_mem_data(mem, &desc);
371
372 prompt = mprintf("Unable to verify SSL cert from %s\n%s\n"
373 "accept this cert and continue (y/N)? ",
374 pUrlData->name, desc);
375 BIO_free(mem);
376
377 prompt_user(prompt, &ans);
378 free(prompt);
379 cReply = blob_str(&ans)[0];
380
--- src/http_ssl.c
+++ src/http_ssl.c
@@ -328,17 +328,17 @@
328 ssl_close();
329 return 1;
330 }
331
332 if( !sslNoCertVerify && SSL_get_verify_result(ssl)!=X509_V_OK ){
333 int x, desclen;
334 char *desc, *prompt;
335 Blob ans;
336 char cReply;
337 BIO *mem;
338 unsigned char md[EVP_MAX_MD_SIZE];
339 char zHash[EVP_MAX_MD_SIZE*2+1];
340 unsigned int mdLength = (int)sizeof(md);
341
342 memset(md, 0, sizeof(md));
343 zHash[0] = 0;
344 /* MMNNFFPPS */
@@ -365,15 +365,15 @@
365 BIO_puts(mem, " subject: ");
366 X509_NAME_print_ex(mem, X509_get_subject_name(cert), 0, XN_FLAG_ONELINE);
367 BIO_puts(mem, "\n issuer: ");
368 X509_NAME_print_ex(mem, X509_get_issuer_name(cert), 0, XN_FLAG_ONELINE);
369 BIO_printf(mem, "\n sha256: %s", zHash);
370 desclen = BIO_get_mem_data(mem, &desc);
371
372 prompt = mprintf("Unable to verify SSL cert from %s\n%.*s\n"
373 "accept this cert and continue (y/N)? ",
374 pUrlData->name, desclen, desc);
375 BIO_free(mem);
376
377 prompt_user(prompt, &ans);
378 free(prompt);
379 cReply = blob_str(&ans)[0];
380

Keyboard Shortcuts

Open search /
Next entry (timeline) j
Previous entry (timeline) k
Open focused entry Enter
Show this help ?
Toggle theme Top nav button