Beispiel #1
0
static void
x509_verify_param_zero(X509_VERIFY_PARAM *param)
{
	X509_VERIFY_PARAM_ID *paramid;
	if (!param)
		return;
	param->name = NULL;
	param->purpose = 0;
	param->trust = 0;
	/*param->inh_flags = X509_VP_FLAG_DEFAULT;*/
	param->inh_flags = 0;
	param->flags = 0;
	param->depth = -1;
	if (param->policies) {
		sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
		param->policies = NULL;
	}
	paramid = param->id;
	if (paramid->hosts) {
		string_stack_free(paramid->hosts);
		paramid->hosts = NULL;
	}
	free(paramid->peername);
	paramid->peername = NULL;
	free(paramid->email);
	paramid->email = NULL;
	paramid->emaillen = 0;
	free(paramid->ip);
	paramid->ip = NULL;
	paramid->iplen = 0;
	paramid->poisoned = 0;
}
Beispiel #2
0
static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
                                    const char *name, size_t namelen)
{
    char *copy;

    /*
     * Refuse names with embedded NUL bytes, except perhaps as final byte.
     * XXX: Do we need to push an error onto the error stack?
     */
    if (namelen == 0)
        namelen = name ? strlen(name) : 0;
    else if (name && memchr(name, '\0', namelen > 1 ? namelen - 1 : namelen))
        return 0;
    if (name && name[namelen - 1] == '\0')
        --namelen;

    if (mode == SET_HOST && id->hosts) {
        string_stack_free(id->hosts);
        id->hosts = NULL;
    }
    if (name == NULL || namelen == 0)
        return 1;

    copy = BUF_strndup(name, namelen);
    if (copy == NULL)
        return 0;

    if (id->hosts == NULL &&
        (id->hosts = sk_OPENSSL_STRING_new_null()) == NULL) {
        OPENSSL_free(copy);
        return 0;
    }

    if (!sk_OPENSSL_STRING_push(id->hosts, copy)) {
        OPENSSL_free(copy);
        if (sk_OPENSSL_STRING_num(id->hosts) == 0) {
            sk_OPENSSL_STRING_free(id->hosts);
            id->hosts = NULL;
        }
        return 0;
    }

    return 1;
}
Beispiel #3
0
static int
x509_param_set_hosts_internal(X509_VERIFY_PARAM_ID *id, int mode,
    const char *name, size_t namelen)
{
	char *copy;

	if (name != NULL && namelen == 0)
		namelen = strlen(name);
	/*
	 * Refuse names with embedded NUL bytes.
	 */
	if (name && memchr(name, '\0', namelen))
		return 0;

	if (mode == SET_HOST && id->hosts) {
		string_stack_free(id->hosts);
		id->hosts = NULL;
	}
	if (name == NULL || namelen == 0)
		return 1;
	copy = strndup(name, namelen);
	if (copy == NULL)
		return 0;

	if (id->hosts == NULL &&
	    (id->hosts = sk_OPENSSL_STRING_new_null()) == NULL) {
		free(copy);
		return 0;
	}

	if (!sk_OPENSSL_STRING_push(id->hosts, copy)) {
		free(copy);
		if (sk_OPENSSL_STRING_num(id->hosts) == 0) {
			sk_OPENSSL_STRING_free(id->hosts);
			id->hosts = NULL;
		}
		return 0;
	}

	return 1;
}
Beispiel #4
0
int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
                              const X509_VERIFY_PARAM *src)
{
    unsigned long inh_flags;
    int to_default, to_overwrite;
    X509_VERIFY_PARAM_ID *id;
    if (!src)
        return 1;
    id = src->id;
    inh_flags = dest->inh_flags | src->inh_flags;

    if (inh_flags & X509_VP_FLAG_ONCE)
        dest->inh_flags = 0;

    if (inh_flags & X509_VP_FLAG_LOCKED)
        return 1;

    if (inh_flags & X509_VP_FLAG_DEFAULT)
        to_default = 1;
    else
        to_default = 0;

    if (inh_flags & X509_VP_FLAG_OVERWRITE)
        to_overwrite = 1;
    else
        to_overwrite = 0;

    x509_verify_param_copy(purpose, 0);
    x509_verify_param_copy(trust, 0);
    x509_verify_param_copy(depth, -1);

    /* If overwrite or check time not set, copy across */

    if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) {
        dest->check_time = src->check_time;
        dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME;
        /* Don't need to copy flag: that is done below */
    }

    if (inh_flags & X509_VP_FLAG_RESET_FLAGS)
        dest->flags = 0;

    dest->flags |= src->flags;

    if (test_x509_verify_param_copy(policies, NULL)) {
        if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies))
            return 0;
    }

    /* Copy the host flags if and only if we're copying the host list */
    if (test_x509_verify_param_copy_id(hosts, NULL)) {
        if (dest->id->hosts) {
            string_stack_free(dest->id->hosts);
            dest->id->hosts = NULL;
        }
        if (id->hosts) {
            dest->id->hosts =
                sk_OPENSSL_STRING_deep_copy(id->hosts, str_copy, str_free);
            if (dest->id->hosts == NULL)
                return 0;
            dest->id->hostflags = id->hostflags;
        }
    }

    if (test_x509_verify_param_copy_id(email, NULL)) {
        if (!X509_VERIFY_PARAM_set1_email(dest, id->email, id->emaillen))
            return 0;
    }

    if (test_x509_verify_param_copy_id(ip, NULL)) {
        if (!X509_VERIFY_PARAM_set1_ip(dest, id->ip, id->iplen))
            return 0;
    }

    return 1;
}