From 4e59c719dfcf740134959722a601422ad8c834b0 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 31 Mar 2015 17:48:44 +0200 Subject: [PATCH] Perform all validation before allocating structures Check that all arguments are certificates before allocating OpenSSL structures that require cleanup afterwards. API of issued() changes (again) to root:issued(cert, [chain]*) --- src/x509.c | 34 +++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/src/x509.c b/src/x509.c index e141252..c030927 100644 --- a/src/x509.c +++ b/src/x509.c @@ -403,16 +403,25 @@ static int meth_issued(lua_State* L) X509_STORE_CTX* ctx = NULL; X509_STORE* root = NULL; - STACK_OF(X509)* chain = sk_X509_new_null(); + STACK_OF(X509)* chain = NULL; X509* issuer = lsec_checkx509(L, 1); - X509* subject; - - ctx = X509_STORE_CTX_new(); - root = X509_STORE_new(); + X509* subject = lsec_checkx509(L, 2); + X509* cert = NULL; len = lua_gettop(L); - /* fprintf(stderr, "len = %d\n", len); */ + + /* Check that all arguments are certificates */ + + for (i = 3; i <= len; i++) { + lsec_checkx509(L, i); + } + + /* Before allocating things that require freeing afterwards */ + + chain = sk_X509_new_null(); + ctx = X509_STORE_CTX_new(); + root = X509_STORE_new(); if (ctx == NULL || root == NULL) { lua_pushnil(L); @@ -430,16 +439,11 @@ static int meth_issued(lua_State* L) goto cleanup; } - for (i = 2; i < len && lua_isuserdata(L, i); i++) { - /* fprintf(stderr, "i = %d\n", i); */ - /* FIXME Don't leak stuff if it's wrong */ - subject = lsec_checkx509(L, i); - sk_X509_push(chain, subject); - issuer = subject; + for (i = 3; i <= len && lua_isuserdata(L, i); i++) { + cert = lsec_checkx509(L, i); + sk_X509_push(chain, cert); } - subject = lsec_checkx509(L, len); - ret = X509_STORE_CTX_init(ctx, root, subject, chain); if(!ret) { @@ -470,7 +474,7 @@ cleanup: X509_STORE_free(root); } - sk_X509_free(chain); + sk_X509_free(chain); return ret; }