From 1311e80f48a1912bc0d3c7fcedb77140dd103725 Mon Sep 17 00:00:00 2001 From: Perry Werneck Date: Tue, 22 Jan 2019 16:43:51 -0200 Subject: [PATCH] Parsing LDAP data from curl response. --- src/lib3270/ssl/linux/getcrl.c | 42 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/src/lib3270/ssl/linux/getcrl.c b/src/lib3270/ssl/linux/getcrl.c index 08f182a..36bbabd 100644 --- a/src/lib3270/ssl/linux/getcrl.c +++ b/src/lib3270/ssl/linux/getcrl.c @@ -125,6 +125,13 @@ static inline void lib3270_autoptr_cleanup_CURLDATA(CURLDATA **ptr) *ptr = NULL; } +static inline void lib3270_autoptr_cleanup_BIO(BIO **ptr) +{ + debug("%s(%p)",__FUNCTION__,*ptr); + if(*ptr) + BIO_free_all(*ptr); + *ptr = NULL; +} static size_t internal_curl_write_callback(void *contents, size_t size, size_t nmemb, void *userp) { @@ -412,6 +419,8 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message) return NULL; } + debug("content-type: %s",ct); + if(ct) { const unsigned char * data = crl_data->contents; @@ -425,6 +434,7 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message) message->title = N_( "Security error" ); message->text = N_( "Got an invalid CRL from server" ); lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text); + return NULL; } } else @@ -433,12 +443,42 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message) message->title = N_( "Security error" ); message->text = N_( "Got an invalid CRL from server" ); lib3270_write_log(hSession,"ssl","%s: content-type unexpected: \"%s\"",consturl, ct); + return NULL; } } + else if(strncasecmp(consturl,"ldap://",7) == 0) + { + // It's an LDAP query, assumes a base64 data. + char * data = strstr((char *) crl_data->contents,":: "); + if(!data) + { + message->error = hSession->ssl.error = ERR_get_error(); + message->title = N_( "Security error" ); + message->text = N_( "Got an invalid CRL from LDAP server" ); + lib3270_write_log(hSession,"ssl","%s: invalid format:\n%s\n",consturl, crl_data->contents); + return NULL; + } + data += 3; - debug("content-type: %s",ct); + debug("\n%s\nlength=%u",data,(unsigned int) strlen(data)); + + lib3270_autoptr(BIO) bio = BIO_new_mem_buf(data,-1); + BIO * b64 = BIO_new(BIO_f_base64()); + bio = BIO_push(b64, bio); + BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL); + + if(!d2i_X509_CRL_bio(bio, &crl)) + { + message->error = hSession->ssl.error = ERR_get_error(); + message->title = N_( "Security error" ); + message->text = N_( "Got an invalid CRL from server" ); + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text); + return NULL; + } + + } } -- libgit2 0.21.2