In the TS_check_status_info() there is bug where instead of appending the ',' character to the failure info texts this character overwrites the previous failure info text with strcpy() call.
Also the TS_STATUS_BUF_SIZE is named incorrectly as it does not relate to status text but to the failure info text. The attached patch fixes these minor bugs. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.)
diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c index 3c7f816..ec0d37e 100644 --- a/crypto/ts/ts_rsp_verify.c +++ b/crypto/ts/ts_rsp_verify.c @@ -87,8 +87,6 @@ static int TS_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name); /* * Local mapping between response codes and descriptions. - * Don't forget to change TS_STATUS_BUF_SIZE when modifying - * the elements of this array. */ static const char *TS_status_text[] = { "granted", @@ -101,11 +99,15 @@ static const char *TS_status_text[] = #define TS_STATUS_TEXT_SIZE (sizeof(TS_status_text)/sizeof(*TS_status_text)) /* - * This must be greater or equal to the sum of the strings in TS_status_text + * This must be greater or equal to the sum of the strings in TS_failure_info * plus the number of its elements. */ -#define TS_STATUS_BUF_SIZE 256 +#define TS_FAILURE_INFO_BUF_SIZE 256 +/* + * Don't forget to change TS_FAILURE_INFO_BUF_SIZE when modifying + * the elements of this array. + */ static struct { int code; @@ -482,7 +484,7 @@ static int TS_check_status_info(TS_RESP *response) long status = ASN1_INTEGER_get(info->status); const char *status_text = NULL; char *embedded_status_text = NULL; - char failure_text[TS_STATUS_BUF_SIZE] = ""; + char failure_text[TS_FAILURE_INFO_BUF_SIZE] = ""; /* Check if everything went fine. */ if (status == 0 || status == 1) return 1; @@ -509,7 +511,7 @@ static int TS_check_status_info(TS_RESP *response) TS_failure_info[i].code)) { if (!first) - strcpy(failure_text, ","); + strcat(failure_text, ","); else first = 0; strcat(failure_text, TS_failure_info[i].text);