diff -Naur -x '*~' -x '*.rej' -x '*.orig' krb5-1.15.1/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c krb5-1.15.1-CVE-2017-15088/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
--- krb5-1.15.1/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c 2017-11-11 15:00:44.033784336 +0100
+++ krb5-1.15.1-CVE-2017-15088/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c 2017-11-11 14:59:57.422992812 +0100
@@ -5152,33 +5152,29 @@
return retval;
}
-/*
- * Return a string format of an X509_NAME in buf where
- * size is an in/out parameter. On input it is the size
- * of the buffer, and on output it is the actual length
- * of the name.
- * If buf is NULL, returns the length req'd to hold name
- */
-static char *
-X509_NAME_oneline_ex(X509_NAME * a,
- char *buf,
- unsigned int *size,
- unsigned long flag)
+static krb5_error_code
+rfc2253_name(X509_NAME *name, char **str_out)
{
- BIO *out = NULL;
+ BIO *b = NULL;
+ char *str;
- out = BIO_new(BIO_s_mem ());
- if (X509_NAME_print_ex(out, a, 0, flag) > 0) {
- if (buf != NULL && (*size) > (unsigned int) BIO_number_written(out)) {
- memset(buf, 0, *size);
- BIO_read(out, buf, (int) BIO_number_written(out));
- }
- else {
- *size = BIO_number_written(out);
- }
- }
- BIO_free(out);
- return (buf);
+ *str_out = NULL;
+ b = BIO_new(BIO_s_mem());
+ if (b == NULL)
+ return ENOMEM;
+ if (X509_NAME_print_ex(b, name, 0, XN_FLAG_SEP_COMMA_PLUS) < 0)
+ goto error;
+ str = calloc(BIO_number_written(b) + 1, 1);
+ if (str == NULL)
+ goto error;
+ BIO_read(b, str, BIO_number_written(b));
+ BIO_free(b);
+ *str_out = str;
+ return 0;
+
+error:
+ BIO_free(b);
+ return ENOMEM;
}
/*
@@ -5194,8 +5190,6 @@
krb5_principal *pkinit_sans =NULL, *upn_sans = NULL;
struct _pkinit_cert_data *cd = (struct _pkinit_cert_data *)ch;
unsigned int i, j;
- char buf[DN_BUF_LEN];
- unsigned int bufsize = sizeof(buf);
if (cd == NULL || cd->magic != CERT_MAGIC)
return EINVAL;
@@ -5208,23 +5202,13 @@
md->ch = ch;
- /* get the subject name (in rfc2253 format) */
- X509_NAME_oneline_ex(X509_get_subject_name(cd->cred->cert),
- buf, &bufsize, XN_FLAG_SEP_COMMA_PLUS);
- md->subject_dn = strdup(buf);
- if (md->subject_dn == NULL) {
- retval = ENOMEM;
+ retval = rfc2253_name(X509_get_subject_name(cd->cred->cert), &md->subject_dn);
+ if (retval)
goto cleanup;
- }
- /* get the issuer name (in rfc2253 format) */
- X509_NAME_oneline_ex(X509_get_issuer_name(cd->cred->cert),
- buf, &bufsize, XN_FLAG_SEP_COMMA_PLUS);
- md->issuer_dn = strdup(buf);
- if (md->issuer_dn == NULL) {
- retval = ENOMEM;
+ retval = rfc2253_name(X509_get_subject_name(cd->cred->cert), &md->issuer_dn);
+ if (retval)
goto cleanup;
- }
/* get the san data */
retval = crypto_retrieve_X509_sans(context, cd->plgctx, cd->reqctx,
distrib
>
Mageia
>
5
>
x86_64
>
media
>
core-updates-src
>
by-pkgid
>
289b2adfff4f9545351b01879c69ce0e
>
files
>
22
