]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c0a7890)
apps.c: fix next_item() to correctly handle space(s) before comma separators
authorDr. David von Oheimb <dev@ddvo.net>
Mon, 8 Sep 2025 06:23:58 +0000 (08:23 +0200)
committerDr. David von Oheimb <dev@ddvo.net>
Tue, 6 Jan 2026 20:02:20 +0000 (21:02 +0100)
* Modified the parsing logic to handle space-followed-by-comma patterns
* Updated the separator skipping logic to process at most one comma while allowing multiple spaces
* Added a test case with a mixed DNS and IP SAN entry that includes the problematic spacing pattern

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28471)

apps/lib/apps.c patch | blob | blame | history
test/recipes/80-test_cmp_http_data/test_enrollment.csv patch | blob | blame | history

diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index ae9ecfff39dc9ab7acd224463c128846b1b3b075..e7a1791731c2c74ba00b23860ae96f4164529bc6 100644 (file)
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -648,16 +648,19 @@ void *app_malloc_array(size_t n, size_t sz, const char *what)
     return vp;
 }
 
-char *next_item(char *opt) /* in list separated by comma and/or space */
+char *next_item(char *opt) /* in list separated by comma and/or spaces */
 {
     /* advance to separator (comma or whitespace), if any */
-    while (*opt != ',' && !isspace(_UC(*opt)) && *opt != '\0')
+    while (*opt != '\0' && *opt != ',' && !isspace(_UC(*opt)))
         opt++;
     if (*opt != '\0') {
+        int found_comma = *opt == ',';
+
         /* terminate current item */
         *opt++ = '\0';
-        /* skip over any whitespace after separator */
-        while (isspace(_UC(*opt)))
+        /* skip over any further separators, but only one comma */
+        while ((!found_comma && (found_comma = (*opt == ',')))
+            || isspace(_UC(*opt)))
             opt++;
     }
     return *opt == '\0' ? NULL : opt; /* NULL indicates end of input */
diff --git a/test/recipes/80-test_cmp_http_data/test_enrollment.csv b/test/recipes/80-test_cmp_http_data/test_enrollment.csv
index a66afdc837e1900242fbb695a26e7184acb5523e..ab348af3a0fdb37bb7adf9d58193868bcabe2bd0 100644 (file)
--- a/test/recipes/80-test_cmp_http_data/test_enrollment.csv
+++ b/test/recipes/80-test_cmp_http_data/test_enrollment.csv
@@ -47,6 +47,10 @@ expected,description, -section,val, -cmd,val, -newkey,val,val, -newkeypass,val,
 1,sans critical, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,critical,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_critical.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
 1,sans 2 dns, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,localhost test,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_two_dns.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
 1,sans 1 dns 1 ip, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,localhost 127.0.0.1,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_dns_ip.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+1,sans dns       comma       ip, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,'DNS:localhost,IP:127.0.0.1'  ,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_dns_ip1.pem
+1,sans dns space comma       ip, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,'DNS:localhost ,IP:127.0.0.1' ,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_dns_ip2.pem
+1,sans dns       comma space ip, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,'DNS:localhost, IP:127.0.0.1' ,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_dns_ip3.pem
+1,sans dns space comma space ip, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,'DNS:localhost , IP:127.0.0.1',BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_dns_ip4.pem
 1,sans 2 ip, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,127.0.0.1 1.2.3.4,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_two_ip.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
 1,sans 1 uri, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,https://www.sample.com,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_uri.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
 1,san_nodefault, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,127.0.0.1 1.2.3.4, -san_nodefault,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_nodefault.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
Mirror of https://github.com/openssl/openssl.git