diff options
| author |   beck <beck@openbsd.org> | 2017-02-25 23:48:08 +0000 |
|---|---|---|
| committer | beck <beck@openbsd.org> | 2017-02-25 23:48:08 +0000 |
| commit | 2a13626311ef7da762f3d7f443512dc1d423a254 (patch) | |
| tree | 6dfed03588385cfa5c8aed9f970b38adbcb666b5 | |
| parent | Implement support for generating movw/movt relocations on arm in gas(1). (diff) | |
| download | wireguard-openbsd-2a13626311ef7da762f3d7f443512dc1d423a254.tar.xz wireguard-openbsd-2a13626311ef7da762f3d7f443512dc1d423a254.zip | |
pledge stdio before parsing the http response
ok tb@
| -rw-r--r-- | usr.sbin/ocspcheck/ocspcheck.c | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/usr.sbin/ocspcheck/ocspcheck.c b/usr.sbin/ocspcheck/ocspcheck.c index 65342fa13c2..5124d588b31 100644 --- a/usr.sbin/ocspcheck/ocspcheck.c +++ b/usr.sbin/ocspcheck/ocspcheck.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocspcheck.c,v 1.16 2017/02/20 23:55:22 beck Exp $ */ +/* $OpenBSD: ocspcheck.c,v 1.17 2017/02/25 23:48:08 beck Exp $ */ /* * Copyright (c) 2017 Bob Beck <beck@openbsd.org> * @@ -589,6 +589,16 @@ main(int argc, char **argv) request->data, request->size); if (hget == NULL) errx(1, "http_get"); + + /* + * Pledge minimally before fiddling with libcrypto init + * routines and parsing untrusted input from someone's OCSP + * server. + */ + + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); + httph = http_head_parse(hget->http, hget->xfer, &httphsz); dspew("Server at %s returns:\n", host); for (i = 0; i < httphsz; i++) @@ -598,14 +608,6 @@ main(int argc, char **argv) errx(1, "No body in reply from %s", host); /* - * Pledge minimally before fiddling with libcrypto init routines - * and untrusted input from someone's OCSP server. - */ - - if (pledge("stdio", NULL) == -1) - err(1, "pledge"); - - /* * Validate the OCSP response we got back */ OPENSSL_add_all_algorithms_noconf(); |