diff options
author | Michael Brown | 2016-01-21 18:50:34 +0100 |
---|---|---|
committer | Michael Brown | 2016-01-21 18:50:34 +0100 |
commit | 42c2a6aab7727e7359600515471f463c65315ff0 (patch) | |
tree | b7f0775c7e32a6f596c0d6534a5b380ce20b29df | |
parent | [uri] Avoid potentially large stack allocation (diff) | |
download | ipxe-42c2a6aab7727e7359600515471f463c65315ff0.tar.gz ipxe-42c2a6aab7727e7359600515471f463c65315ff0.tar.xz ipxe-42c2a6aab7727e7359600515471f463c65315ff0.zip |
[ocsp] Avoid including a double path separator in request URI
The OCSP responder URI included within an X.509 certificate may or may
not include a trailing slash. We currently rely on the fact that
format_uri() incorrectly inserts an initial slash, which we include
unconditionally within the OCSP request URI.
Switch to using uri_encode() directly, and insert a slash only if the
X.509 certificate's OCSP responder URI does not already include a
trailing slash.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
-rw-r--r-- | src/crypto/ocsp.c | 54 |
1 files changed, 26 insertions, 28 deletions
diff --git a/src/crypto/ocsp.c b/src/crypto/ocsp.c index 5df55bc9..e7adcdba 100644 --- a/src/crypto/ocsp.c +++ b/src/crypto/ocsp.c @@ -209,10 +209,10 @@ static int ocsp_request ( struct ocsp_check *ocsp ) { static int ocsp_uri_string ( struct ocsp_check *ocsp ) { struct x509_ocsp_responder *responder = &ocsp->cert->extensions.auth_info.ocsp; - struct uri path_uri; - char *path_base64_string; - char *path_uri_string; - size_t path_len; + char *base64; + char *sep; + size_t base64_len; + size_t uri_len; size_t len; int rc; @@ -224,46 +224,44 @@ static int ocsp_uri_string ( struct ocsp_check *ocsp ) { goto err_no_uri; } - /* Base64-encode the request as the URI path */ - path_len = ( base64_encoded_len ( ocsp->request.builder.len ) - + 1 /* NUL */ ); - path_base64_string = malloc ( path_len ); - if ( ! path_base64_string ) { + /* Calculate base64-encoded request length */ + base64_len = ( base64_encoded_len ( ocsp->request.builder.len ) + + 1 /* NUL */ ); + + /* Allocate and construct the base64-encoded request */ + base64 = malloc ( base64_len ); + if ( ! base64 ) { rc = -ENOMEM; - goto err_path_base64; + goto err_alloc_base64; } base64_encode ( ocsp->request.builder.data, ocsp->request.builder.len, - path_base64_string, path_len ); + base64, base64_len ); - /* URI-encode the Base64-encoded request */ - memset ( &path_uri, 0, sizeof ( path_uri ) ); - path_uri.path = path_base64_string; - path_uri_string = format_uri_alloc ( &path_uri ); - if ( ! path_uri_string ) { - rc = -ENOMEM; - goto err_path_uri; - } + /* Calculate URI-encoded base64-encoded request length */ + uri_len = ( uri_encode ( URI_PATH, base64, ( base64_len - 1 /* NUL */ ), + NULL, 0 ) + 1 /* NUL */ ); - /* Construct URI string */ - len = ( responder->uri.len + strlen ( path_uri_string ) + 1 /* NUL */ ); + /* Allocate and construct the URI string */ + len = ( responder->uri.len + 1 /* possible "/" */ + uri_len ); ocsp->uri_string = zalloc ( len ); if ( ! ocsp->uri_string ) { rc = -ENOMEM; - goto err_ocsp_uri; + goto err_alloc_uri; } memcpy ( ocsp->uri_string, responder->uri.data, responder->uri.len ); - strcpy ( &ocsp->uri_string[responder->uri.len], path_uri_string ); + sep = &ocsp->uri_string[ responder->uri.len - 1 ]; + if ( *sep != '/' ) + *(++sep) = '/'; + uri_encode ( URI_PATH, base64, base64_len, ( sep + 1 ), uri_len ); DBGC2 ( ocsp, "OCSP %p \"%s\" URI is %s\n", ocsp, x509_name ( ocsp->cert ), ocsp->uri_string ); /* Success */ rc = 0; - err_ocsp_uri: - free ( path_uri_string ); - err_path_uri: - free ( path_base64_string ); - err_path_base64: + err_alloc_uri: + free ( base64 ); + err_alloc_base64: err_no_uri: return rc; } |