BUG/MINOR: acme: possible integer underflow in acme_txt_record()

a2base64url() can return a negative value is olen is too short to
accept ilen. This is not supposed to happen since the sha256 should
always fit in a buffer. But this is confusing since a2base64()
returns a signed integer which is pt in output->data which is unsigned.

Fix the issue by setting ret to 0 instead of -1 upon error. And returns
a unsigned integer instead of a signed one.
This patch also checks the return value from the caller in order
to emit an error instead of setting trash.data which is already done
from the function.

diff --git a/src/acme.c b/src/acme.c
index 3be71dfcd33d533f37f63c664b412d526431d464..5cd9b8a15d4f0de605d5f523de99f3612ab0c487 100644 (file)
--- a/src/acme.c
+++ b/src/acme.c
@@ -898,7 +898,7 @@ error:
  *  https://datatracker.ietf.org/doc/html/rfc8555/#section-8.4
  *
  */
-int acme_txt_record(const struct ist thumbprint, const struct ist token, struct buffer *output)
+unsigned int acme_txt_record(const struct ist thumbprint, const struct ist token, struct buffer *output)
 {
        unsigned char md[EVP_MAX_MD_SIZE];
        struct buffer *tmp = NULL;
@@ -917,7 +917,8 @@ int acme_txt_record(const struct ist thumbprint, const struct ist token, struct
                goto out;
 
        ret = a2base64url((const char *)md, size, output->area, output->size);
-
+       if (ret < 0)
+               ret = 0;
        output->data = ret;
 
 out:
@@ -1583,8 +1584,11 @@ int acme_res_auth(struct task *task, struct acme_ctx *ctx, struct acme_auth *aut
                        struct sink *dpapi;
                        struct ist line[7];
 
+                       if (acme_txt_record(ist(ctx->cfg->account.thumbprint), auth->token, &trash) == 0) {
+                               memprintf(errmsg, "couldn't compute the DNS-01 challenge");
+                               goto error;
+                       }
 
-                       trash.data = acme_txt_record(ist(ctx->cfg->account.thumbprint), auth->token, &trash);
                        send_log(NULL, LOG_NOTICE,"acme: %s: DNS-01 requires to set the \"_acme-challenge.%.*s\" TXT record to \"%.*s\" and use the \"acme challenge_ready\" command over the CLI\n",
                                                                     ctx->store->path, (int)auth->dns.len, auth->dns.ptr, (int)trash.data, trash.area);