From 4d894f7a4047e0aa82059f8199be53fd0ecbbf98 Mon Sep 17 00:00:00 2001 From: Florian Obser Date: Mon, 14 Sep 2020 15:58:51 +0000 Subject: Relax parsing of pem files a bit. Apparently there are CAs that use \r\n line endings. From Bartosz Kuzma (bartosz.kuzma AT release11.com) as part of a larger diff. OK beck --- usr.sbin/acme-client/certproc.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) (limited to 'usr.sbin/acme-client') diff --git a/usr.sbin/acme-client/certproc.c b/usr.sbin/acme-client/certproc.c index 7fde96e970e..f443d573675 100644 --- a/usr.sbin/acme-client/certproc.c +++ b/usr.sbin/acme-client/certproc.c @@ -1,4 +1,4 @@ -/* $Id: certproc.c,v 1.12 2019/06/07 08:07:52 florian Exp $ */ +/* $Id: certproc.c,v 1.13 2020/09/14 15:58:50 florian Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons * @@ -28,7 +28,8 @@ #include "extern.h" -#define MARKER "-----END CERTIFICATE-----\n" +#define BEGIN_MARKER "-----BEGIN CERTIFICATE-----" +#define END_MARKER "-----END CERTIFICATE-----" int certproc(int netsock, int filesock) @@ -81,19 +82,25 @@ certproc(int netsock, int filesock) if ((csr = readbuf(netsock, COMM_CSR, &csrsz)) == NULL) goto out; - if (csrsz < strlen(MARKER)) { + if (csrsz < strlen(END_MARKER)) { warnx("invalid cert"); goto out; } - chaincp = strstr(csr, MARKER); + chaincp = strstr(csr, END_MARKER); if (chaincp == NULL) { warnx("invalid cert"); goto out; } - chaincp += strlen(MARKER); + chaincp += strlen(END_MARKER); + + if ((chaincp = strstr(chaincp, BEGIN_MARKER)) == NULL) { + warnx("invalid certificate chain"); + goto out; + } + if ((chain = strdup(chaincp)) == NULL) { warn("strdup"); goto out; -- cgit v1.2.3