diff options
author | Vincent Sanders <vince@kyllikki.org> | 2014-09-03 14:27:25 +0100 |
---|---|---|
committer | Vincent Sanders <vince@kyllikki.org> | 2014-09-03 14:27:25 +0100 |
commit | c695d3d0074687e767b68ca9d1412a5bc5303178 (patch) | |
tree | 2cbab1d49215842c49b5a6defd67443295b73010 | |
parent | 5492e9679359a731a56b4f304614b48be1a07cd1 (diff) | |
download | netsurf-c695d3d0074687e767b68ca9d1412a5bc5303178.tar.gz netsurf-c695d3d0074687e767b68ca9d1412a5bc5303178.tar.bz2 |
memcpy and terminate from openssl buffers
The memcpy is used instead of snprintf as the source data may not be null terminated and was
causing OpenBSD to segfault.
-rw-r--r-- | content/fetchers/curl.c | 41 |
1 files changed, 23 insertions, 18 deletions
diff --git a/content/fetchers/curl.c b/content/fetchers/curl.c index 826305e78..51b0f9974 100644 --- a/content/fetchers/curl.c +++ b/content/fetchers/curl.c @@ -921,10 +921,12 @@ void fetch_curl_done(CURL *curl_handle, CURLcode result) BIO_get_mem_ptr(mem, &buf); (void) BIO_set_close(mem, BIO_NOCLOSE); BIO_free(mem); - snprintf(ssl_certs[i].not_before, - min(sizeof ssl_certs[i].not_before, - (unsigned) buf->length + 1), - "%s", buf->data); + memcpy(ssl_certs[i].not_before, + buf->data, + min(sizeof(ssl_certs[i].not_before) - 1, + (unsigned)buf->length)); + ssl_certs[i].not_before[min(sizeof(ssl_certs[i].not_before) - 1, + (unsigned)buf->length)] = 0; BUF_MEM_free(buf); mem = BIO_new(BIO_s_mem()); @@ -933,10 +935,13 @@ void fetch_curl_done(CURL *curl_handle, CURLcode result) BIO_get_mem_ptr(mem, &buf); (void) BIO_set_close(mem, BIO_NOCLOSE); BIO_free(mem); - snprintf(ssl_certs[i].not_after, - min(sizeof ssl_certs[i].not_after, - (unsigned) buf->length + 1), - "%s", buf->data); + memcpy(ssl_certs[i].not_after, + buf->data, + min(sizeof(ssl_certs[i].not_after) - 1, + (unsigned)buf->length)); + ssl_certs[i].not_after[min(sizeof(ssl_certs[i].not_after) - 1, + (unsigned)buf->length)] = 0; + BUF_MEM_free(buf); ssl_certs[i].sig_type = @@ -952,11 +957,11 @@ void fetch_curl_done(CURL *curl_handle, CURLcode result) BIO_get_mem_ptr(mem, &buf); (void) BIO_set_close(mem, BIO_NOCLOSE); BIO_free(mem); - snprintf(ssl_certs[i].issuer, - min(sizeof ssl_certs[i].issuer - 1, - (unsigned) buf->length + 1), - "%s", buf->data); - ssl_certs[i].issuer[min(sizeof ssl_certs[i].issuer, + memcpy(ssl_certs[i].issuer, + buf->data, + min(sizeof(ssl_certs[i].issuer) - 1, + (unsigned) buf->length)); + ssl_certs[i].issuer[min(sizeof(ssl_certs[i].issuer) - 1, (unsigned) buf->length)] = 0; BUF_MEM_free(buf); @@ -970,11 +975,11 @@ void fetch_curl_done(CURL *curl_handle, CURLcode result) BIO_get_mem_ptr(mem, &buf); (void) BIO_set_close(mem, BIO_NOCLOSE); BIO_free(mem); - snprintf(ssl_certs[i].subject, - min(sizeof(ssl_certs[i].subject) - 1, - (unsigned) buf->length + 1), - "%s", buf->data); - ssl_certs[i].subject[min(sizeof(ssl_certs[i].subject), + memcpy(ssl_certs[i].subject, + buf->data, + min(sizeof(ssl_certs[i].subject) - 1, + (unsigned)buf->length)); + ssl_certs[i].subject[min(sizeof(ssl_certs[i].subject) - 1, (unsigned) buf->length)] = 0; BUF_MEM_free(buf); |