Gitweb:
http://git.exim.org/exim.git/commitdiff/bfbad1dddf8b26ef0e14e48a36edc4a8bf1425e4
Commit: bfbad1dddf8b26ef0e14e48a36edc4a8bf1425e4
Parent: 3c71915d2f4f00f7e159808c70ae2513f03b7be4
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Thu Dec 25 13:30:12 2014 +0000
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Thu Dec 25 20:12:12 2014 +0000
Fix null-indirection in certextract expansion
Found-by: Roman Rybalko
---
src/src/tls.c | 10 ++++++----
test/confs/5750 | 2 ++
test/confs/5760 | 2 ++
test/log/5750 | 4 ++++
test/log/5760 | 4 ++++
5 files changed, 18 insertions(+), 4 deletions(-)
diff --git a/src/src/tls.c b/src/src/tls.c
index 305eaa4..b3d088d 100644
--- a/src/src/tls.c
+++ b/src/src/tls.c
@@ -246,7 +246,7 @@ NOTE: We modify the supplied dn string during operation.
Arguments:
dn Distinguished Name string
- mod string containing optional list-sep and
+ mod list containing optional output list-sep and
field selector match, comma-separated
Return:
allocated string with list of matching fields,
@@ -267,13 +267,15 @@ while ((ele = string_nextinlist(&mod, &insep, NULL, 0)))
if (ele[0] != '>')
match = ele; /* field tag to match */
else if (ele[1])
- outsep = ele[1]; /* nondefault separator */
+ outsep = ele[1]; /* nondefault output separator */
dn_to_list(dn);
insep = ',';
-len = Ustrlen(match);
+len = match ? Ustrlen(match) : -1;
while ((ele = string_nextinlist(&dn, &insep, NULL, 0)))
- if (Ustrncmp(ele, match, len) == 0 && ele[len] == '=')
+ if ( !match
+ || Ustrncmp(ele, match, len) == 0 && ele[len] == '='
+ )
list = string_append_listele(list, outsep, ele+len+1);
return list;
}
diff --git a/test/confs/5750 b/test/confs/5750
index a0bce02..364f73a 100644
--- a/test/confs/5750
+++ b/test/confs/5750
@@ -58,6 +58,8 @@ ev_msg:
accept logwrite = Peer cert:
logwrite = ver <${certextract {version} {$tls_out_peercert}}>
logwrite = SN <${certextract {subject} {$tls_out_peercert}}>
+ logwrite = SN; <${certextract {subject,>;} {$tls_out_peercert}}>
+ logwrite = SNCN<${certextract {subject,CN} {$tls_out_peercert}}>
logwrite = IN <${certextract {issuer} {$tls_out_peercert}}>
logwrite = NB <${certextract {notbefore} {$tls_out_peercert}}>
logwrite = NA <${certextract {notafter} {$tls_out_peercert}}>
diff --git a/test/confs/5760 b/test/confs/5760
index 3417a2d..60f386b 100644
--- a/test/confs/5760
+++ b/test/confs/5760
@@ -58,6 +58,8 @@ ev_msg:
accept logwrite = Peer cert:
logwrite = ver <${certextract {version} {$tls_out_peercert}}>
logwrite = SN <${certextract {subject} {$tls_out_peercert}}>
+ logwrite = SN; <${certextract {subject,>;} {$tls_out_peercert}}>
+ logwrite = SNO <${certextract {subject,O} {$tls_out_peercert}}>
logwrite = IN <${certextract {issuer} {$tls_out_peercert}}>
logwrite = NB <${certextract {notbefore} {$tls_out_peercert}}>
logwrite = NA <${certextract {notafter} {$tls_out_peercert}}>
diff --git a/test/log/5750 b/test/log/5750
index d085892..774668f 100644
--- a/test/log/5750
+++ b/test/log/5750
@@ -8,6 +8,8 @@
1999-03-02 09:44:33 10HmaX-0005vi-00 Peer cert:
1999-03-02 09:44:33 10HmaX-0005vi-00 ver <3>
1999-03-02 09:44:33 10HmaX-0005vi-00 SN <CN=server1.example.com>
+1999-03-02 09:44:33 10HmaX-0005vi-00 SN; <CN=server1.example.com>
+1999-03-02 09:44:33 10HmaX-0005vi-00 SNCN<server1.example.com>
1999-03-02 09:44:33 10HmaX-0005vi-00 IN <O=example.com,CN=clica Signing Cert>
1999-03-02 09:44:33 10HmaX-0005vi-00 NB <Nov 1 12:34:05 2012 GMT>
1999-03-02 09:44:33 10HmaX-0005vi-00 NA <Jan 1 12:34:05 2038 GMT>
@@ -28,6 +30,8 @@
1999-03-02 09:44:33 10HmaY-0005vi-00 Peer cert:
1999-03-02 09:44:33 10HmaY-0005vi-00 ver <3>
1999-03-02 09:44:33 10HmaY-0005vi-00 SN <CN=server1.example.com>
+1999-03-02 09:44:33 10HmaY-0005vi-00 SN; <CN=server1.example.com>
+1999-03-02 09:44:33 10HmaY-0005vi-00 SNCN<server1.example.com>
1999-03-02 09:44:33 10HmaY-0005vi-00 IN <O=example.com,CN=clica Signing Cert>
1999-03-02 09:44:33 10HmaY-0005vi-00 NB <Nov 1 12:34:05 2012 GMT>
1999-03-02 09:44:33 10HmaY-0005vi-00 NA <Jan 1 12:34:05 2038 GMT>
diff --git a/test/log/5760 b/test/log/5760
index 3775779..b3dba45 100644
--- a/test/log/5760
+++ b/test/log/5760
@@ -8,6 +8,8 @@
1999-03-02 09:44:33 10HmaX-0005vi-00 Peer cert:
1999-03-02 09:44:33 10HmaX-0005vi-00 ver <2>
1999-03-02 09:44:33 10HmaX-0005vi-00 SN <CN=clica CA,O=example.com>
+1999-03-02 09:44:33 10HmaX-0005vi-00 SN; <CN=clica CA;O=example.com>
+1999-03-02 09:44:33 10HmaX-0005vi-00 SNO <example.com>
1999-03-02 09:44:33 10HmaX-0005vi-00 IN <CN=clica CA,O=example.com>
1999-03-02 09:44:33 10HmaX-0005vi-00 NB <Nov 1 12:34:04 2012 +0000>
1999-03-02 09:44:33 10HmaX-0005vi-00 NA <Jan 1 12:34:04 2038 +0000>
@@ -31,6 +33,8 @@
1999-03-02 09:44:33 10HmaY-0005vi-00 Peer cert:
1999-03-02 09:44:33 10HmaY-0005vi-00 ver <2>
1999-03-02 09:44:33 10HmaY-0005vi-00 SN <CN=server1.example.com>
+1999-03-02 09:44:33 10HmaY-0005vi-00 SN; <CN=server1.example.com>
+1999-03-02 09:44:33 10HmaY-0005vi-00 SNO <>
1999-03-02 09:44:33 10HmaY-0005vi-00 IN <CN=clica Signing Cert,O=example.com>
1999-03-02 09:44:33 10HmaY-0005vi-00 NB <Nov 1 12:34:05 2012 +0000>
1999-03-02 09:44:33 10HmaY-0005vi-00 NA <Jan 1 12:34:05 2038 +0000>