diff options
| author |   florian <florian@openbsd.org> | 2020-09-14 15:58:50 +0000 |
|---|---|---|
| committer | florian <florian@openbsd.org> | 2020-09-14 15:58:50 +0000 |
| commit | d2368eff448f6e0092aa0e6d44f3ed71e85bf1b9 (patch) | |
| tree | 681c3e50ddb2698150b7c825b49df54986cac26c | |
| parent | Use more specific regex for ktrace to avoid false positives. (diff) | |
| download | wireguard-openbsd-d2368eff448f6e0092aa0e6d44f3ed71e85bf1b9.tar.xz wireguard-openbsd-d2368eff448f6e0092aa0e6d44f3ed71e85bf1b9.zip | |
Relax parsing of pem files a bit. Apparently there are CAs that use
\r\n line endings.
From Bartosz Kuzma (bartosz.kuzma AT release11.com) as part of a
larger diff.
OK beck
| -rw-r--r-- | usr.sbin/acme-client/certproc.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/usr.sbin/acme-client/certproc.c b/usr.sbin/acme-client/certproc.c index 7fde96e970e..f443d573675 100644 --- a/usr.sbin/acme-client/certproc.c +++ b/usr.sbin/acme-client/certproc.c @@ -1,4 +1,4 @@ -/* $Id: certproc.c,v 1.12 2019/06/07 08:07:52 florian Exp $ */ +/* $Id: certproc.c,v 1.13 2020/09/14 15:58:50 florian Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -28,7 +28,8 @@ #include "extern.h" -#define MARKER "-----END CERTIFICATE-----\n" +#define BEGIN_MARKER "-----BEGIN CERTIFICATE-----" +#define END_MARKER "-----END CERTIFICATE-----" int certproc(int netsock, int filesock) @@ -81,19 +82,25 @@ certproc(int netsock, int filesock) if ((csr = readbuf(netsock, COMM_CSR, &csrsz)) == NULL) goto out; - if (csrsz < strlen(MARKER)) { + if (csrsz < strlen(END_MARKER)) { warnx("invalid cert"); goto out; } - chaincp = strstr(csr, MARKER); + chaincp = strstr(csr, END_MARKER); if (chaincp == NULL) { warnx("invalid cert"); goto out; } - chaincp += strlen(MARKER); + chaincp += strlen(END_MARKER); + + if ((chaincp = strstr(chaincp, BEGIN_MARKER)) == NULL) { + warnx("invalid certificate chain"); + goto out; + } + if ((chain = strdup(chaincp)) == NULL) { warn("strdup"); goto out; |