static void x509_verify_param_zero(X509_VERIFY_PARAM *param) { X509_VERIFY_PARAM_ID *paramid; if (!param) return; param->name = NULL; param->purpose = 0; param->trust = 0; /*param->inh_flags = X509_VP_FLAG_DEFAULT;*/ param->inh_flags = 0; param->flags = 0; param->depth = -1; if (param->policies) { sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); param->policies = NULL; } paramid = param->id; if (paramid->hosts) { string_stack_free(paramid->hosts); paramid->hosts = NULL; } free(paramid->peername); paramid->peername = NULL; free(paramid->email); paramid->email = NULL; paramid->emaillen = 0; free(paramid->ip); paramid->ip = NULL; paramid->iplen = 0; paramid->poisoned = 0; }
static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode, const char *name, size_t namelen) { char *copy; /* * Refuse names with embedded NUL bytes, except perhaps as final byte. * XXX: Do we need to push an error onto the error stack? */ if (namelen == 0) namelen = name ? strlen(name) : 0; else if (name && memchr(name, '\0', namelen > 1 ? namelen - 1 : namelen)) return 0; if (name && name[namelen - 1] == '\0') --namelen; if (mode == SET_HOST && id->hosts) { string_stack_free(id->hosts); id->hosts = NULL; } if (name == NULL || namelen == 0) return 1; copy = BUF_strndup(name, namelen); if (copy == NULL) return 0; if (id->hosts == NULL && (id->hosts = sk_OPENSSL_STRING_new_null()) == NULL) { OPENSSL_free(copy); return 0; } if (!sk_OPENSSL_STRING_push(id->hosts, copy)) { OPENSSL_free(copy); if (sk_OPENSSL_STRING_num(id->hosts) == 0) { sk_OPENSSL_STRING_free(id->hosts); id->hosts = NULL; } return 0; } return 1; }
static int x509_param_set_hosts_internal(X509_VERIFY_PARAM_ID *id, int mode, const char *name, size_t namelen) { char *copy; if (name != NULL && namelen == 0) namelen = strlen(name); /* * Refuse names with embedded NUL bytes. */ if (name && memchr(name, '\0', namelen)) return 0; if (mode == SET_HOST && id->hosts) { string_stack_free(id->hosts); id->hosts = NULL; } if (name == NULL || namelen == 0) return 1; copy = strndup(name, namelen); if (copy == NULL) return 0; if (id->hosts == NULL && (id->hosts = sk_OPENSSL_STRING_new_null()) == NULL) { free(copy); return 0; } if (!sk_OPENSSL_STRING_push(id->hosts, copy)) { free(copy); if (sk_OPENSSL_STRING_num(id->hosts) == 0) { sk_OPENSSL_STRING_free(id->hosts); id->hosts = NULL; } return 0; } return 1; }
int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, const X509_VERIFY_PARAM *src) { unsigned long inh_flags; int to_default, to_overwrite; X509_VERIFY_PARAM_ID *id; if (!src) return 1; id = src->id; inh_flags = dest->inh_flags | src->inh_flags; if (inh_flags & X509_VP_FLAG_ONCE) dest->inh_flags = 0; if (inh_flags & X509_VP_FLAG_LOCKED) return 1; if (inh_flags & X509_VP_FLAG_DEFAULT) to_default = 1; else to_default = 0; if (inh_flags & X509_VP_FLAG_OVERWRITE) to_overwrite = 1; else to_overwrite = 0; x509_verify_param_copy(purpose, 0); x509_verify_param_copy(trust, 0); x509_verify_param_copy(depth, -1); /* If overwrite or check time not set, copy across */ if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) { dest->check_time = src->check_time; dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME; /* Don't need to copy flag: that is done below */ } if (inh_flags & X509_VP_FLAG_RESET_FLAGS) dest->flags = 0; dest->flags |= src->flags; if (test_x509_verify_param_copy(policies, NULL)) { if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies)) return 0; } /* Copy the host flags if and only if we're copying the host list */ if (test_x509_verify_param_copy_id(hosts, NULL)) { if (dest->id->hosts) { string_stack_free(dest->id->hosts); dest->id->hosts = NULL; } if (id->hosts) { dest->id->hosts = sk_OPENSSL_STRING_deep_copy(id->hosts, str_copy, str_free); if (dest->id->hosts == NULL) return 0; dest->id->hostflags = id->hostflags; } } if (test_x509_verify_param_copy_id(email, NULL)) { if (!X509_VERIFY_PARAM_set1_email(dest, id->email, id->emaillen)) return 0; } if (test_x509_verify_param_copy_id(ip, NULL)) { if (!X509_VERIFY_PARAM_set1_ip(dest, id->ip, id->iplen)) return 0; } return 1; }