From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Thu, 22 Dec 2022 18:57:30 +0000 (+0200)
Subject: lib-ssl-iostream: Return NULL from ssl_iostream_get_peer_name when name not available
X-Git-Tag: 2.4.0~3254
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a7e8e5b925929fd666de7728e846eb1ea9127ce9;p=thirdparty%2Fdovecot%2Fcore.git

lib-ssl-iostream: Return NULL from ssl_iostream_get_peer_name when name not available

Broken in 59d268145378a7368f373b711cb53b3e48512659
---

diff --git a/src/lib-ssl-iostream/iostream-openssl.c b/src/lib-ssl-iostream/iostream-openssl.c
index c0f52e6a9c..60b78241f6 100644
--- a/src/lib-ssl-iostream/iostream-openssl.c
+++ b/src/lib-ssl-iostream/iostream-openssl.c
@@ -813,22 +813,22 @@ openssl_iostream_get_peer_name(struct ssl_iostream *ssl_io)
 	len = X509_NAME_get_text_by_NID(X509_get_subject_name(x509),
 					ssl_io->username_nid, NULL, 0);
 	if (len < 0)
-		name = "";
+		name = NULL;
 	else {
 		name = t_malloc0(len + 1);
 		if (X509_NAME_get_text_by_NID(X509_get_subject_name(x509),
 					      ssl_io->username_nid,
 					      name, len + 1) < 0)
-			name = "";
+			name = NULL;
 		else if (strlen(name) != (size_t)len) {
 			/* NUL characters in name. Someone's trying to fake
 			   being another user? Don't allow it. */
-			name = "";
+			name = NULL;
 		}
 	}
 	X509_free(x509);
 
-	return *name == '\0' ? NULL : name;
+	return name;
 }
 
 static const char *openssl_iostream_get_server_name(struct ssl_iostream *ssl_io)
diff --git a/src/lib-ssl-iostream/iostream-ssl.h b/src/lib-ssl-iostream/iostream-ssl.h
index 6eac7e8412..3b4864ae92 100644
--- a/src/lib-ssl-iostream/iostream-ssl.h
+++ b/src/lib-ssl-iostream/iostream-ssl.h
@@ -122,6 +122,8 @@ int ssl_iostream_check_cert_validity(struct ssl_iostream *ssl_io,
    will always return FALSE before even checking the hostname. */
 bool ssl_iostream_cert_match_name(struct ssl_iostream *ssl_io, const char *name,
 				  const char **reason_r);
+/* Returns name of the peer if available, NULL if not. Usually used to retrieve
+   username from certificate. */
 const char *ssl_iostream_get_peer_name(struct ssl_iostream *ssl_io);
 const char *ssl_iostream_get_compression(struct ssl_iostream *ssl_io);
 const char *ssl_iostream_get_server_name(struct ssl_iostream *ssl_io);