From 92a10e4645af25b390b7c7e05fe9650d4e83a070 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Wed, 3 May 2017 18:10:17 +0200 Subject: [PATCH] x509: Manually print CRL/OCSP URIs when fuzzing This avoids a warning about the custom %Y printf specifier. --- configure.ac | 3 ++ src/libstrongswan/plugins/x509/x509_cert.c | 33 ++++++++++++++++------ 2 files changed, 28 insertions(+), 8 deletions(-) diff --git a/configure.ac b/configure.ac index 07df3a6725..827c6913e3 100644 --- a/configure.ac +++ b/configure.ac @@ -1732,6 +1732,9 @@ fi if test x$ikev2 = xtrue; then AC_DEFINE([USE_IKEV2], [], [support for IKEv2 protocol]) fi +if test x$fuzzing = xtrue; then + AC_DEFINE([USE_FUZZING], [], [build code for fuzzing]) +fi # ==================================================== # options for enabled modules (see conf/Makefile.am) diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index 3027e4387a..19ba1f8639 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -217,6 +217,29 @@ struct private_x509_cert_t { refcount_t ref; }; +/** + * Convert a generalName to a string + */ +static bool gn_to_string(identification_t *id, char **uri) +{ + int len; + +#ifdef USE_FUZZING + chunk_t proper; + chunk_printable(id->get_encoding(id), &proper, '?'); + len = asprintf(uri, "%.*s", (int)proper.len, proper.ptr); + chunk_free(&proper); +#else + len = asprintf(uri, "%Y", id); +#endif + if (!len) + { + free(*uri); + return FALSE; + } + return len > 0; +} + /** * Destroy a CertificateDistributionPoint */ @@ -649,7 +672,7 @@ static bool parse_authorityInfoAccess(chunk_t blob, int level0, } DBG2(DBG_ASN, " '%Y'", id); if (accessMethod == OID_OCSP && - asprintf(&uri, "%Y", id) > 0) + gn_to_string(id, &uri)) { this->ocsp_uris->insert_last(this->ocsp_uris, uri); } @@ -818,12 +841,10 @@ static void add_cdps(linked_list_t *list, linked_list_t *uris, enumerator_t *enumerator; x509_cdp_t *cdp; char *uri; - int len; while (uris->remove_last(uris, (void**)&id) == SUCCESS) { - len = asprintf(&uri, "%Y", id); - if (len > 0) + if (gn_to_string(id, &uri)) { if (issuers->get_count(issuers)) { @@ -847,10 +868,6 @@ static void add_cdps(linked_list_t *list, linked_list_t *uris, list->insert_last(list, cdp); } } - else if (!len) - { - free(uri); - } id->destroy(id); } while (issuers->remove_last(issuers, (void**)&id) == SUCCESS) -- 2.39.2