mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-30 14:01:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix file_name_check() in storemgmt/file_store.c and e_loader_attic.c

Browse Source 
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15892)
This commit is contained in:
Dr. David von Oheimb 2021-06-24 11:08:10 +02:00 committed by Dr. David von Oheimb
parent d5567d5f6e
commit 5fc0992fc7
2 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
engines/e_loader_attic.c
View File

@ -9,6 +9,8 @@
/* THIS ENGINE IS FOR TESTING PURPOSES ONLY. */
/* This file has quite some overlap with providers/implementations/storemgmt/file_store.c */
/* We need to use some engine deprecated APIs */
#define OPENSSL_SUPPRESS_DEPRECATED
@ -1449,6 +1451,7 @@ static int file_name_to_uri(OSSL_STORE_LOADER_CTX *ctx, const char *name,
static int file_name_check(OSSL_STORE_LOADER_CTX *ctx, const char *name)
{
const char *p = NULL;
size_t len = strlen(ctx->_.dir.search_name);
/* If there are no search criteria, all names are accepted */
if (ctx->_.dir.search_name[0] == '\0')
@ -1463,11 +1466,9 @@ static int file_name_check(OSSL_STORE_LOADER_CTX *ctx, const char *name)
/*
* First, check the basename
*/
if (strncasecmp(name, ctx->_.dir.search_name,
sizeof(ctx->_.dir.search_name) - 1) != 0
|| name[sizeof(ctx->_.dir.search_name) - 1] != '.')
if (strncasecmp(name, ctx->_.dir.search_name, len) != 0 || name[len] != '.')
return 0;
p = &name[sizeof(ctx->_.dir.search_name)];
p = &name[len + 1];
/*
* Then, if the expected type is a CRL, check that the extension starts

9
providers/implementations/storemgmt/file_store.c
View File

@ -7,6 +7,8 @@
* https://www.openssl.org/source/license.html
*/
/* This file has quite some overlap with engines/e_loader_attic.c */
#include "e_os.h" /* To get strncasecmp() on Windows */
#include <string.h>
@ -577,6 +579,7 @@ static char *file_name_to_uri(struct file_ctx_st *ctx, const char *name)
static int file_name_check(struct file_ctx_st *ctx, const char *name)
{
const char *p = NULL;
size_t len = strlen(ctx->_.dir.search_name);
/* If there are no search criteria, all names are accepted */
if (ctx->_.dir.search_name[0] == '\0')
@ -591,11 +594,9 @@ static int file_name_check(struct file_ctx_st *ctx, const char *name)
/*
* First, check the basename
*/
if (strncasecmp(name, ctx->_.dir.search_name,
sizeof(ctx->_.dir.search_name) - 1) != 0
|| name[sizeof(ctx->_.dir.search_name) - 1] != '.')
if (strncasecmp(name, ctx->_.dir.search_name, len) != 0 || name[len] != '.')
return 0;
p = &name[sizeof(ctx->_.dir.search_name)];
p = &name[len + 1];
/*
* Then, if the expected type is a CRL, check that the extension starts