From: Harald Gutmann <harald@hargut.com>
Date: Fri, 31 Mar 2023 11:38:48 +0000 (+0200)
Subject: pki: Filter whitespace in base64 encoded EST responses
X-Git-Tag: 5.9.11dr2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5284cecddc4dbbbb0772313190af3aa690278123;p=thirdparty%2Fstrongswan.git

pki: Filter whitespace in base64 encoded EST responses

As clarified in RFC 8951, section 3.1 [1].

[1] https://www.rfc-editor.org/rfc/rfc8951#name-white-space-processing

Co-authored-by: Tobias Brunner <tobias@strongswan.org>
Closes strongswan/strongswan#1616
---

diff --git a/src/pki/est/est_tls.c b/src/pki/est/est_tls.c
index ca450d5a56..37e8819128 100644
--- a/src/pki/est/est_tls.c
+++ b/src/pki/est/est_tls.c
@@ -18,6 +18,7 @@
 #include <stdio.h>
 #include <unistd.h>
 #include <errno.h>
+#include <ctype.h>
 
 #include "est_tls.h"
 
@@ -198,7 +199,6 @@ static bool parse_http_header(chunk_t *in,  u_int *http_code, u_int *content_len
 	return (*http_code < 300);
 }
 
-
 METHOD(est_tls_t, request, bool,
 	private_est_tls_t *this, est_op_t op, chunk_t in, chunk_t *out,
 	u_int *http_code, u_int *retry_after)
@@ -206,7 +206,7 @@ METHOD(est_tls_t, request, bool,
 	chunk_t http = chunk_empty, data = chunk_empty, response;
 	u_int content_len;
 	char buf[1024];
-	int len;
+	int i, len;
 
 	/* initialize output variables */
 	*out = chunk_empty;
@@ -277,6 +277,15 @@ METHOD(est_tls_t, request, bool,
 			}
 		}
 
+		for (i = 0, len = 0; i < data.len; i++)
+		{
+			if (!isspace(data.ptr[i]))
+			{
+				data.ptr[len++] = data.ptr[i];
+			}
+		}
+		data.len = len;
+
 		*out = chunk_from_base64(data, NULL);
 		chunk_free(&data);
 	}