From: William Lallemand <wlallemand@haproxy.org>
Date: Thu, 22 Dec 2022 09:09:11 +0000 (+0100)
Subject: BUG/MINOR: ssl/ocsp: check chunk_strcpy() in ssl_ocsp_get_uri_from_cert()
X-Git-Tag: v2.8-dev1~79
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8bc00f8bdc67067e082ae7779e05360a0527748d;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl/ocsp: check chunk_strcpy() in ssl_ocsp_get_uri_from_cert()

Check the return value of chunk_strcpy() in
ssl_ocsp_get_uri_from_cert().

Should fix issue #1975.
---

diff --git a/src/ssl_ocsp.c b/src/ssl_ocsp.c
index 901b3966b8..0f59325faf 100644
--- a/src/ssl_ocsp.c
+++ b/src/ssl_ocsp.c
@@ -590,7 +590,10 @@ int ssl_ocsp_get_uri_from_cert(X509 *cert, struct buffer *out, char **err)
 		goto end;
 	}
 
-	chunk_strcpy(out, sk_OPENSSL_STRING_value(ocsp_uri_stk, 0));
+	if (!chunk_strcpy(out, sk_OPENSSL_STRING_value(ocsp_uri_stk, 0))) {
+		memprintf(err, "%sOCSP URI too long!\n", *err ? *err : "");
+		goto end;
+	}
 	if (b_data(out) == 0) {
 		memprintf(err, "%sNo OCSP URL!\n", *err ? *err : "");
 		goto end;