summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sbin/isakmpd/x509.c42
1 files changed, 38 insertions, 4 deletions
diff --git a/sbin/isakmpd/x509.c b/sbin/isakmpd/x509.c
index 35ce00421c5..73d3aa1fc56 100644
--- a/sbin/isakmpd/x509.c
+++ b/sbin/isakmpd/x509.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: x509.c,v 1.8 1999/04/19 19:57:29 niklas Exp $ */
-/* $EOM: x509.c,v 1.13 1999/04/18 15:17:26 niklas Exp $ */
+/* $OpenBSD: x509.c,v 1.9 1999/06/05 18:01:42 niklas Exp $ */
+/* $EOM: x509.c,v 1.14 1999/06/05 18:01:37 niklas Exp $ */
/*
* Copyright (c) 1998 Niels Provos. All rights reserved.
@@ -311,7 +311,10 @@ x509_cert_get_subject (u_int8_t *asn, u_int32_t asnlen,
return 0;
}
-/* Initalizes the struct x509_attribval from a AtributeValueAssertion. */
+/*
+ * Initalizes the struct x509_attribval from a AtributeValueAssertion.
+ * XXX Error checking.
+ */
void
x509_get_attribval (struct norm_type *obj, struct x509_attribval *a)
{
@@ -326,7 +329,7 @@ x509_get_attribval (struct norm_type *obj, struct x509_attribval *a)
a->val = strdup ((char *)tmp->data);
}
-/* Set OBJ with values from A. */
+/* Set OBJ with values from A. XXX Error checking. */
void
x509_set_attribval (struct norm_type *obj, struct x509_attribval *a)
{
@@ -391,19 +394,32 @@ x509_decode_certificate (u_int8_t *asn, u_int32_t asnlen,
goto fail;
tmp = asn_decompose ("cert.subjectPublicKeyInfo.subjectPublicKey", &cert);
+ if (!tmp)
+ goto fail;
if (!pkcs_public_key_from_asn (&rcert->key, tmp->data + 1, tmp->len - 1))
goto fail;
tmp = asn_decompose ("cert.version", &cert);
+ if (!tmp)
+ goto fail;
rcert->version = mpz_get_ui (tmp->data);
+
tmp = asn_decompose ("cert.serialNumber", &cert);
+ if (!tmp)
+ goto fail;
rcert->serialnumber = mpz_get_ui (tmp->data);
+
tmp = asn_decompose ("cert.signature.algorithm", &cert);
+ if (!tmp)
+ goto fail;
rcert->signaturetype = strdup ((char *)tmp->data);
tmp = asn_decompose ("cert.issuer.RelativeDistinguishedName."
"AttributeValueAssertion", &cert);
+ if (!tmp)
+ goto fail;
x509_get_attribval (tmp, &rcert->issuer1);
+
tmp = asn_decompose ("cert.issuer.RelativeDistinguishedName[1]."
"AttributeValueAssertion", &cert);
if (tmp)
@@ -413,7 +429,10 @@ x509_decode_certificate (u_int8_t *asn, u_int32_t asnlen,
tmp = asn_decompose ("cert.subject.RelativeDistinguishedName."
"AttributeValueAssertion", &cert);
+ if (!tmp)
+ goto fail;
x509_get_attribval (tmp, &rcert->subject1);
+
tmp = asn_decompose ("cert.subject.RelativeDistinguishedName[1]."
"AttributeValueAssertion", &cert);
if (tmp)
@@ -422,9 +441,24 @@ x509_decode_certificate (u_int8_t *asn, u_int32_t asnlen,
rcert->subject2.type = 0;
tmp = asn_decompose ("cert.validity.notBefore", &cert);
+ if (!tmp)
+ goto fail;
rcert->start = strdup ((char *)tmp->data);
+ if (!rcert->start)
+ {
+ log_error ("x509_decode_certificate: strdup(\"%s\") failed", tmp->data);
+ goto fail;
+ }
+
tmp = asn_decompose ("cert.validity.notAfter", &cert);
+ if (!tmp)
+ goto fail;
rcert->end = strdup ((char *)tmp->data);
+ if (!rcert->end)
+ {
+ log_error ("x509_decode_certificate: strdup(\"%s\") failed", tmp->data);
+ goto fail;
+ }
/* For x509v3 there might be an extension, try to decode it. */
tmp = asn_decompose ("cert.extension", &cert);