[exim-cvs] Fix null-indirection in certextract expansion

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] Fix null-indirection in certextract expansion
Gitweb: http://git.exim.org/exim.git/commitdiff/bfbad1dddf8b26ef0e14e48a36edc4a8bf1425e4
Commit:     bfbad1dddf8b26ef0e14e48a36edc4a8bf1425e4
Parent:     3c71915d2f4f00f7e159808c70ae2513f03b7be4
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Thu Dec 25 13:30:12 2014 +0000
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Thu Dec 25 20:12:12 2014 +0000


    Fix null-indirection in certextract expansion


    Found-by: Roman Rybalko
---
 src/src/tls.c   |   10 ++++++----
 test/confs/5750 |    2 ++
 test/confs/5760 |    2 ++
 test/log/5750   |    4 ++++
 test/log/5760   |    4 ++++
 5 files changed, 18 insertions(+), 4 deletions(-)


diff --git a/src/src/tls.c b/src/src/tls.c
index 305eaa4..b3d088d 100644
--- a/src/src/tls.c
+++ b/src/src/tls.c
@@ -246,7 +246,7 @@ NOTE: We modify the supplied dn string during operation.

 Arguments:
     dn    Distinguished Name string
-    mod    string containing optional list-sep and
+    mod    list containing optional output list-sep and
         field selector match, comma-separated
 Return:
     allocated string with list of matching fields,
@@ -267,13 +267,15 @@ while ((ele = string_nextinlist(&mod, &insep, NULL, 0)))
   if (ele[0] != '>')
     match = ele;    /* field tag to match */
   else if (ele[1])
-    outsep = ele[1];    /* nondefault separator */
+    outsep = ele[1];    /* nondefault output separator */


 dn_to_list(dn);
 insep = ',';
-len = Ustrlen(match);
+len = match ? Ustrlen(match) : -1;
 while ((ele = string_nextinlist(&dn, &insep, NULL, 0)))
-  if (Ustrncmp(ele, match, len) == 0 && ele[len] == '=')
+  if (  !match
+     || Ustrncmp(ele, match, len) == 0 && ele[len] == '='
+     )
     list = string_append_listele(list, outsep, ele+len+1);
 return list;
 }
diff --git a/test/confs/5750 b/test/confs/5750
index a0bce02..364f73a 100644
--- a/test/confs/5750
+++ b/test/confs/5750
@@ -58,6 +58,8 @@ ev_msg:
   accept logwrite = Peer cert:
      logwrite =  ver <${certextract {version}    {$tls_out_peercert}}>
      logwrite =  SN  <${certextract {subject}    {$tls_out_peercert}}>
+     logwrite =  SN; <${certextract {subject,>;}    {$tls_out_peercert}}>
+     logwrite =  SNCN<${certextract {subject,CN}    {$tls_out_peercert}}>
          logwrite =  IN  <${certextract {issuer}    {$tls_out_peercert}}>
          logwrite =  NB  <${certextract {notbefore}    {$tls_out_peercert}}>
          logwrite =  NA  <${certextract {notafter}    {$tls_out_peercert}}>
diff --git a/test/confs/5760 b/test/confs/5760
index 3417a2d..60f386b 100644
--- a/test/confs/5760
+++ b/test/confs/5760
@@ -58,6 +58,8 @@ ev_msg:
   accept logwrite = Peer cert:
      logwrite =  ver <${certextract {version}       {$tls_out_peercert}}>
      logwrite =  SN  <${certextract {subject}       {$tls_out_peercert}}>
+     logwrite =  SN; <${certextract {subject,>;}    {$tls_out_peercert}}>
+     logwrite =  SNO <${certextract {subject,O}     {$tls_out_peercert}}>
          logwrite =  IN  <${certextract {issuer}    {$tls_out_peercert}}>
          logwrite =  NB  <${certextract {notbefore}    {$tls_out_peercert}}>
          logwrite =  NA  <${certextract {notafter}    {$tls_out_peercert}}>
diff --git a/test/log/5750 b/test/log/5750
index d085892..774668f 100644
--- a/test/log/5750
+++ b/test/log/5750
@@ -8,6 +8,8 @@
 1999-03-02 09:44:33 10HmaX-0005vi-00 Peer cert:
 1999-03-02 09:44:33 10HmaX-0005vi-00 ver <3>
 1999-03-02 09:44:33 10HmaX-0005vi-00 SN  <CN=server1.example.com>
+1999-03-02 09:44:33 10HmaX-0005vi-00 SN; <CN=server1.example.com>
+1999-03-02 09:44:33 10HmaX-0005vi-00 SNCN<server1.example.com>
 1999-03-02 09:44:33 10HmaX-0005vi-00 IN  <O=example.com,CN=clica Signing Cert>
 1999-03-02 09:44:33 10HmaX-0005vi-00 NB  <Nov  1 12:34:05 2012 GMT>
 1999-03-02 09:44:33 10HmaX-0005vi-00 NA  <Jan  1 12:34:05 2038 GMT>
@@ -28,6 +30,8 @@
 1999-03-02 09:44:33 10HmaY-0005vi-00 Peer cert:
 1999-03-02 09:44:33 10HmaY-0005vi-00 ver <3>
 1999-03-02 09:44:33 10HmaY-0005vi-00 SN  <CN=server1.example.com>
+1999-03-02 09:44:33 10HmaY-0005vi-00 SN; <CN=server1.example.com>
+1999-03-02 09:44:33 10HmaY-0005vi-00 SNCN<server1.example.com>
 1999-03-02 09:44:33 10HmaY-0005vi-00 IN  <O=example.com,CN=clica Signing Cert>
 1999-03-02 09:44:33 10HmaY-0005vi-00 NB  <Nov  1 12:34:05 2012 GMT>
 1999-03-02 09:44:33 10HmaY-0005vi-00 NA  <Jan  1 12:34:05 2038 GMT>
diff --git a/test/log/5760 b/test/log/5760
index 3775779..b3dba45 100644
--- a/test/log/5760
+++ b/test/log/5760
@@ -8,6 +8,8 @@
 1999-03-02 09:44:33 10HmaX-0005vi-00 Peer cert:
 1999-03-02 09:44:33 10HmaX-0005vi-00 ver <2>
 1999-03-02 09:44:33 10HmaX-0005vi-00 SN  <CN=clica CA,O=example.com>
+1999-03-02 09:44:33 10HmaX-0005vi-00 SN; <CN=clica CA;O=example.com>
+1999-03-02 09:44:33 10HmaX-0005vi-00 SNO <example.com>
 1999-03-02 09:44:33 10HmaX-0005vi-00 IN  <CN=clica CA,O=example.com>
 1999-03-02 09:44:33 10HmaX-0005vi-00 NB  <Nov  1 12:34:04 2012 +0000>
 1999-03-02 09:44:33 10HmaX-0005vi-00 NA  <Jan  1 12:34:04 2038 +0000>
@@ -31,6 +33,8 @@
 1999-03-02 09:44:33 10HmaY-0005vi-00 Peer cert:
 1999-03-02 09:44:33 10HmaY-0005vi-00 ver <2>
 1999-03-02 09:44:33 10HmaY-0005vi-00 SN  <CN=server1.example.com>
+1999-03-02 09:44:33 10HmaY-0005vi-00 SN; <CN=server1.example.com>
+1999-03-02 09:44:33 10HmaY-0005vi-00 SNO <>
 1999-03-02 09:44:33 10HmaY-0005vi-00 IN  <CN=clica Signing Cert,O=example.com>
 1999-03-02 09:44:33 10HmaY-0005vi-00 NB  <Nov  1 12:34:05 2012 +0000>
 1999-03-02 09:44:33 10HmaY-0005vi-00 NA  <Jan  1 12:34:05 2038 +0000>