Commit 1311e80f48a1912bc0d3c7fcedb77140dd103725
1 parent
7b9887ab
Exists in
master
and in
3 other branches
Parsing LDAP data from curl response.
Showing
1 changed file
with
41 additions
and
1 deletions
Show diff stats
src/lib3270/ssl/linux/getcrl.c
| ... | ... | @@ -125,6 +125,13 @@ static inline void lib3270_autoptr_cleanup_CURLDATA(CURLDATA **ptr) |
| 125 | 125 | *ptr = NULL; |
| 126 | 126 | } |
| 127 | 127 | |
| 128 | +static inline void lib3270_autoptr_cleanup_BIO(BIO **ptr) | |
| 129 | +{ | |
| 130 | + debug("%s(%p)",__FUNCTION__,*ptr); | |
| 131 | + if(*ptr) | |
| 132 | + BIO_free_all(*ptr); | |
| 133 | + *ptr = NULL; | |
| 134 | +} | |
| 128 | 135 | |
| 129 | 136 | static size_t internal_curl_write_callback(void *contents, size_t size, size_t nmemb, void *userp) |
| 130 | 137 | { |
| ... | ... | @@ -412,6 +419,8 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message) |
| 412 | 419 | return NULL; |
| 413 | 420 | } |
| 414 | 421 | |
| 422 | + debug("content-type: %s",ct); | |
| 423 | + | |
| 415 | 424 | if(ct) |
| 416 | 425 | { |
| 417 | 426 | const unsigned char * data = crl_data->contents; |
| ... | ... | @@ -425,6 +434,7 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message) |
| 425 | 434 | message->title = N_( "Security error" ); |
| 426 | 435 | message->text = N_( "Got an invalid CRL from server" ); |
| 427 | 436 | lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text); |
| 437 | + return NULL; | |
| 428 | 438 | } |
| 429 | 439 | } |
| 430 | 440 | else |
| ... | ... | @@ -433,12 +443,42 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message) |
| 433 | 443 | message->title = N_( "Security error" ); |
| 434 | 444 | message->text = N_( "Got an invalid CRL from server" ); |
| 435 | 445 | lib3270_write_log(hSession,"ssl","%s: content-type unexpected: \"%s\"",consturl, ct); |
| 446 | + return NULL; | |
| 436 | 447 | } |
| 437 | 448 | } |
| 449 | + else if(strncasecmp(consturl,"ldap://",7) == 0) | |
| 450 | + { | |
| 451 | + // It's an LDAP query, assumes a base64 data. | |
| 452 | + char * data = strstr((char *) crl_data->contents,":: "); | |
| 453 | + if(!data) | |
| 454 | + { | |
| 455 | + message->error = hSession->ssl.error = ERR_get_error(); | |
| 456 | + message->title = N_( "Security error" ); | |
| 457 | + message->text = N_( "Got an invalid CRL from LDAP server" ); | |
| 458 | + lib3270_write_log(hSession,"ssl","%s: invalid format:\n%s\n",consturl, crl_data->contents); | |
| 459 | + return NULL; | |
| 460 | + } | |
| 461 | + data += 3; | |
| 438 | 462 | |
| 439 | - debug("content-type: %s",ct); | |
| 463 | + debug("\n%s\nlength=%u",data,(unsigned int) strlen(data)); | |
| 464 | + | |
| 465 | + lib3270_autoptr(BIO) bio = BIO_new_mem_buf(data,-1); | |
| 440 | 466 | |
| 467 | + BIO * b64 = BIO_new(BIO_f_base64()); | |
| 468 | + bio = BIO_push(b64, bio); | |
| 441 | 469 | |
| 470 | + BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL); | |
| 471 | + | |
| 472 | + if(!d2i_X509_CRL_bio(bio, &crl)) | |
| 473 | + { | |
| 474 | + message->error = hSession->ssl.error = ERR_get_error(); | |
| 475 | + message->title = N_( "Security error" ); | |
| 476 | + message->text = N_( "Got an invalid CRL from server" ); | |
| 477 | + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text); | |
| 478 | + return NULL; | |
| 479 | + } | |
| 480 | + | |
| 481 | + } | |
| 442 | 482 | |
| 443 | 483 | } |
| 444 | 484 | ... | ... |