ok
Florian Obser(flor...@openbsd.org) on 2020.09.14 17:12:01 +0200:
> Relax parsing of pem files a bit. Apparently there are CAs that use
> \r\n line endings.
> From Bartosz Kuzma as part of a larger diff.
>
> OK?
>
> diff --git certproc.c certproc.c
> index 7fde96e970e..975e12afaaa 100644
> --- certproc.c
> +++ certproc.c
> @@ -28,7 +28,8 @@
>
> #include "extern.h"
>
> -#define MARKER "-----END CERTIFICATE-----\n"
> +#define BEGIN_MARKER "-----BEGIN CERTIFICATE-----"
> +#define END_MARKER "-----END CERTIFICATE-----"
>
> int
> certproc(int netsock, int filesock)
> @@ -81,19 +82,25 @@ certproc(int netsock, int filesock)
> if ((csr = readbuf(netsock, COMM_CSR, &csrsz)) == NULL)
> goto out;
>
> - if (csrsz < strlen(MARKER)) {
> + if (csrsz < strlen(END_MARKER)) {
> warnx("invalid cert");
> goto out;
> }
>
> - chaincp = strstr(csr, MARKER);
> + chaincp = strstr(csr, END_MARKER);
>
> if (chaincp == NULL) {
> warnx("invalid cert");
> goto out;
> }
>
> - chaincp += strlen(MARKER);
> + chaincp += strlen(END_MARKER);
> +
> + if ((chaincp = strstr(chaincp, BEGIN_MARKER)) == NULL) {
> + warnx("invalid certificate chain");
> + goto out;
> + }
> +
> if ((chain = strdup(chaincp)) == NULL) {
> warn("strdup");
> goto out;
>
>
> --
> I'm not entirely sure you are real.
>
