Download as
Browse Code »

Commit 1311e80f48a1912bc0d3c7fcedb77140dd103725

Authored by Perry Werneck
1 parent 7b9887ab
Exists in master and in 3 other branches develop, macos, network_module

Parsing LDAP data from curl response.

Showing 1 changed file with 41 additions and 1 deletions   Show diff stats
src/lib3270/ssl/linux/getcrl.c
  Diff comments   View file @1311e80
@@ -125,6 +125,13 @@ static inline void lib3270_autoptr_cleanup_CURLDATA(CURLDATA **ptr) @@ -125,6 +125,13 @@ static inline void lib3270_autoptr_cleanup_CURLDATA(CURLDATA **ptr)
125 *ptr = NULL; 125 *ptr = NULL;
126 } 126 }
127 127
  128 +static inline void lib3270_autoptr_cleanup_BIO(BIO **ptr)
  129 +{
  130 + debug("%s(%p)",__FUNCTION__,*ptr);
  131 + if(*ptr)
  132 + BIO_free_all(*ptr);
  133 + *ptr = NULL;
  134 +}
128 135
129 static size_t internal_curl_write_callback(void *contents, size_t size, size_t nmemb, void *userp) 136 static size_t internal_curl_write_callback(void *contents, size_t size, size_t nmemb, void *userp)
130 { 137 {
@@ -412,6 +419,8 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message) @@ -412,6 +419,8 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message)
412 return NULL; 419 return NULL;
413 } 420 }
414 421
  422 + debug("content-type: %s",ct);
  423 +
415 if(ct) 424 if(ct)
416 { 425 {
417 const unsigned char * data = crl_data->contents; 426 const unsigned char * data = crl_data->contents;
@@ -425,6 +434,7 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message) @@ -425,6 +434,7 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message)
425 message->title = N_( "Security error" ); 434 message->title = N_( "Security error" );
426 message->text = N_( "Got an invalid CRL from server" ); 435 message->text = N_( "Got an invalid CRL from server" );
427 lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text); 436 lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
  437 + return NULL;
428 } 438 }
429 } 439 }
430 else 440 else
@@ -433,12 +443,42 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message) @@ -433,12 +443,42 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message)
433 message->title = N_( "Security error" ); 443 message->title = N_( "Security error" );
434 message->text = N_( "Got an invalid CRL from server" ); 444 message->text = N_( "Got an invalid CRL from server" );
435 lib3270_write_log(hSession,"ssl","%s: content-type unexpected: \"%s\"",consturl, ct); 445 lib3270_write_log(hSession,"ssl","%s: content-type unexpected: \"%s\"",consturl, ct);
  446 + return NULL;
436 } 447 }
437 } 448 }
  449 + else if(strncasecmp(consturl,"ldap://",7) == 0)
  450 + {
  451 + // It's an LDAP query, assumes a base64 data.
  452 + char * data = strstr((char *) crl_data->contents,":: ");
  453 + if(!data)
  454 + {
  455 + message->error = hSession->ssl.error = ERR_get_error();
  456 + message->title = N_( "Security error" );
  457 + message->text = N_( "Got an invalid CRL from LDAP server" );
  458 + lib3270_write_log(hSession,"ssl","%s: invalid format:\n%s\n",consturl, crl_data->contents);
  459 + return NULL;
  460 + }
  461 + data += 3;
438 462
439 - debug("content-type: %s",ct); 463 + debug("\n%s\nlength=%u",data,(unsigned int) strlen(data));
  464 +
  465 + lib3270_autoptr(BIO) bio = BIO_new_mem_buf(data,-1);
440 466
  467 + BIO * b64 = BIO_new(BIO_f_base64());
  468 + bio = BIO_push(b64, bio);
441 469
  470 + BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);
  471 +
  472 + if(!d2i_X509_CRL_bio(bio, &crl))
  473 + {
  474 + message->error = hSession->ssl.error = ERR_get_error();
  475 + message->title = N_( "Security error" );
  476 + message->text = N_( "Got an invalid CRL from server" );
  477 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
  478 + return NULL;
  479 + }
  480 +
  481 + }
442 482
443 } 483 }
444 484