diff options
| author | Florian Obser <florian@cvs.openbsd.org> | 2020-09-14 15:58:51 +0000 |
|---|---|---|
| committer | Florian Obser <florian@cvs.openbsd.org> | 2020-09-14 15:58:51 +0000 |
| commit | 4d894f7a4047e0aa82059f8199be53fd0ecbbf98 (patch) | |
| tree | 16fe6af8c27be161e31c8f52f53224e0033cd35f | |
| parent | d872a4403431155166bbb9bc0fa8f179abeafccc (diff) | |
Relax parsing of pem files a bit. Apparently there are CAs that use
\r\n line endings.
From Bartosz Kuzma (bartosz.kuzma AT release11.com) as part of a
larger diff.
OK beck
| -rw-r--r-- | usr.sbin/acme-client/certproc.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/usr.sbin/acme-client/certproc.c b/usr.sbin/acme-client/certproc.c index 7fde96e970e..f443d573675 100644 --- a/usr.sbin/acme-client/certproc.c +++ b/usr.sbin/acme-client/certproc.c @@ -1,4 +1,4 @@ -/* $Id: certproc.c,v 1.12 2019/06/07 08:07:52 florian Exp $ */ +/* $Id: certproc.c,v 1.13 2020/09/14 15:58:50 florian Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -28,7 +28,8 @@ #include "extern.h" -#define MARKER "-----END CERTIFICATE-----\n" +#define BEGIN_MARKER "-----BEGIN CERTIFICATE-----" +#define END_MARKER "-----END CERTIFICATE-----" int certproc(int netsock, int filesock) @@ -81,19 +82,25 @@ certproc(int netsock, int filesock) if ((csr = readbuf(netsock, COMM_CSR, &csrsz)) == NULL) goto out; - if (csrsz < strlen(MARKER)) { + if (csrsz < strlen(END_MARKER)) { warnx("invalid cert"); goto out; } - chaincp = strstr(csr, MARKER); + chaincp = strstr(csr, END_MARKER); if (chaincp == NULL) { warnx("invalid cert"); goto out; } - chaincp += strlen(MARKER); + chaincp += strlen(END_MARKER); + + if ((chaincp = strstr(chaincp, BEGIN_MARKER)) == NULL) { + warnx("invalid certificate chain"); + goto out; + } + if ((chain = strdup(chaincp)) == NULL) { warn("strdup"); goto out; |