pki: Filter whitespace in base64 encoded EST responses

As clarified in RFC 8951, section 3.1 [1].

[1] https://www.rfc-editor.org/rfc/rfc8951#name-white-space-processing

Co-authored-by: Tobias Brunner <tobias@strongswan.org>
Closes strongswan/strongswan#1616

diff --git a/src/pki/est/est_tls.c b/src/pki/est/est_tls.c
index ca450d5a56fa00f07f028d394ebc10c83c60880e..37e881912897218245309b134c1dc2f3abf6f83c 100644 (file)
--- a/src/pki/est/est_tls.c
+++ b/src/pki/est/est_tls.c
@@ -18,6 +18,7 @@
 #include <stdio.h>
 #include <unistd.h>
 #include <errno.h>
+#include <ctype.h>
 
 #include "est_tls.h"
 
@@ -198,7 +199,6 @@ static bool parse_http_header(chunk_t *in,  u_int *http_code, u_int *content_len
        return (*http_code < 300);
 }
 
-
 METHOD(est_tls_t, request, bool,
        private_est_tls_t *this, est_op_t op, chunk_t in, chunk_t *out,
        u_int *http_code, u_int *retry_after)
@@ -206,7 +206,7 @@ METHOD(est_tls_t, request, bool,
        chunk_t http = chunk_empty, data = chunk_empty, response;
        u_int content_len;
        char buf[1024];
-       int len;
+       int i, len;
 
        /* initialize output variables */
        *out = chunk_empty;
@@ -277,6 +277,15 @@ METHOD(est_tls_t, request, bool,
                        }
                }
 
+               for (i = 0, len = 0; i < data.len; i++)
+               {
+                       if (!isspace(data.ptr[i]))
+                       {
+                               data.ptr[len++] = data.ptr[i];
+                       }
+               }
+               data.len = len;
+
                *out = chunk_from_base64(data, NULL);
                chunk_free(&data);
        }