diff options
author | Vincent Sanders <vince@kyllikki.org> | 2014-09-03 14:27:25 +0100 |
---|---|---|
committer | Vincent Sanders <vince@kyllikki.org> | 2014-09-03 14:27:25 +0100 |
commit | c695d3d0074687e767b68ca9d1412a5bc5303178 (patch) | |
tree | 2cbab1d49215842c49b5a6defd67443295b73010 /content/fetchers/curl.c | |
parent | 5492e9679359a731a56b4f304614b48be1a07cd1 (diff) | |
download | netsurf-c695d3d0074687e767b68ca9d1412a5bc5303178.tar.gz netsurf-c695d3d0074687e767b68ca9d1412a5bc5303178.tar.bz2 |
memcpy and terminate from openssl buffers
The memcpy is used instead of snprintf as the source data may not be null terminated and was
causing OpenBSD to segfault.
Diffstat (limited to 'content/fetchers/curl.c')
-rw-r--r-- | content/fetchers/curl.c | 41 |
1 files changed, 23 insertions, 18 deletions
diff --git a/content/fetchers/curl.c b/content/fetchers/curl.c index 826305e78..51b0f9974 100644 --- a/content/fetchers/curl.c +++ b/content/fetchers/curl.c @@ -921,10 +921,12 @@ void fetch_curl_done(CURL *curl_handle, CURLcode result) BIO_get_mem_ptr(mem, &buf); (void) BIO_set_close(mem, BIO_NOCLOSE); BIO_free(mem); - snprintf(ssl_certs[i].not_before, - min(sizeof ssl_certs[i].not_before, - (unsigned) buf->length + 1), - "%s", buf->data); + memcpy(ssl_certs[i].not_before, + buf->data, + min(sizeof(ssl_certs[i].not_before) - 1, + (unsigned)buf->length)); + ssl_certs[i].not_before[min(sizeof(ssl_certs[i].not_before) - 1, + (unsigned)buf->length)] = 0; BUF_MEM_free(buf); mem = BIO_new(BIO_s_mem()); @@ -933,10 +935,13 @@ void fetch_curl_done(CURL *curl_handle, CURLcode result) BIO_get_mem_ptr(mem, &buf); (void) BIO_set_close(mem, BIO_NOCLOSE); BIO_free(mem); - snprintf(ssl_certs[i].not_after, - min(sizeof ssl_certs[i].not_after, - (unsigned) buf->length + 1), - "%s", buf->data); + memcpy(ssl_certs[i].not_after, + buf->data, + min(sizeof(ssl_certs[i].not_after) - 1, + (unsigned)buf->length)); + ssl_certs[i].not_after[min(sizeof(ssl_certs[i].not_after) - 1, + (unsigned)buf->length)] = 0; + BUF_MEM_free(buf); ssl_certs[i].sig_type = @@ -952,11 +957,11 @@ void fetch_curl_done(CURL *curl_handle, CURLcode result) BIO_get_mem_ptr(mem, &buf); (void) BIO_set_close(mem, BIO_NOCLOSE); BIO_free(mem); - snprintf(ssl_certs[i].issuer, - min(sizeof ssl_certs[i].issuer - 1, - (unsigned) buf->length + 1), - "%s", buf->data); - ssl_certs[i].issuer[min(sizeof ssl_certs[i].issuer, + memcpy(ssl_certs[i].issuer, + buf->data, + min(sizeof(ssl_certs[i].issuer) - 1, + (unsigned) buf->length)); + ssl_certs[i].issuer[min(sizeof(ssl_certs[i].issuer) - 1, (unsigned) buf->length)] = 0; BUF_MEM_free(buf); @@ -970,11 +975,11 @@ void fetch_curl_done(CURL *curl_handle, CURLcode result) BIO_get_mem_ptr(mem, &buf); (void) BIO_set_close(mem, BIO_NOCLOSE); BIO_free(mem); - snprintf(ssl_certs[i].subject, - min(sizeof(ssl_certs[i].subject) - 1, - (unsigned) buf->length + 1), - "%s", buf->data); - ssl_certs[i].subject[min(sizeof(ssl_certs[i].subject), + memcpy(ssl_certs[i].subject, + buf->data, + min(sizeof(ssl_certs[i].subject) - 1, + (unsigned)buf->length)); + ssl_certs[i].subject[min(sizeof(ssl_certs[i].subject) - 1, (unsigned) buf->length)] = 0; BUF_MEM_free(buf); |