[Fedora-directory-commits] adminserver/admserv/cgi-src40 security.c, 1.12, 1.13
Nathan Kinder (nkinder)
fedora-directory-commits at redhat.com
Wed Nov 14 23:42:45 UTC 2007
Author: nkinder
Update of /cvs/dirsec/adminserver/admserv/cgi-src40
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1999
Modified Files:
security.c
Log Message:
Resolves: 370071
Summary: Fixed issues with loading CRL files.
Index: security.c
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/security.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- security.c 31 Oct 2007 05:30:53 -0000 1.12
+++ security.c 14 Nov 2007 23:42:43 -0000 1.13
@@ -93,8 +93,10 @@
#define FOOTER "-----END CERTIFICATE-----"
#define HEADERREQUEST "-----BEGIN %s CERTIFICATE REQUEST-----\n"
#define FOOTERREQUEST "\n-----END %s CERTIFICATE REQUEST-----\n"
-#define CRLHEADER "-----BEGIN X509 CRL-----"
-#define CRLFOOTER "-----END X509 CRL-----"
+#define X509CRLHEADER "-----BEGIN X509 CRL-----"
+#define X509CRLFOOTER "-----END X509 CRL-----"
+#define CRLHEADER "-----BEGIN CERTIFICATE REVOCATION LIST-----\n"
+#define CRLFOOTER "-----END CERTIFICATE REVOCATION LIST-----\n"
/*#else
#define HEADER "-----BEGIN CERTIFICATE----\n"
#define FOOTER "\n-----END CERTIFICATE-----\n"
@@ -1494,6 +1496,7 @@
SECItem derCrl;
char msg[BIG_LINE];
char *secdir = util_get_security_dir();
+ char full_path[PATH_MAX];
int list_type = (type && !PORT_Strcmp(type, "CKL"))? SEC_KRL_TYPE : SEC_CRL_TYPE;
if (!filename || !*filename ||
@@ -1506,9 +1509,12 @@
{/*try open the file*/
FILE *f;
+
+ PR_snprintf(full_path, sizeof(full_path), "%s%c%s", secdir, FILE_PATHSEP, filename);
+ form_unescape(full_path);
- if( !(f = fopen(filename, "rb")) ) {
- PR_snprintf(msg, sizeof(msg), getResourceString(DBT_NO_FILE_EXISTS), filename);
+ if( !(f = fopen(full_path, "rb")) ) {
+ PR_snprintf(msg, sizeof(msg), getResourceString(DBT_NO_FILE_EXISTS), full_path);
errorRpt(FILE_ERROR, msg);
} else {
int size;
@@ -1543,23 +1549,36 @@
ascii text file.
*/
{
+ int headerlen = 0;
char *DERCert = NULL;
char* begin = (char*) PORT_Strstr((const char*)ascii, CRLHEADER);
char* end = (char*) PORT_Strstr((const char*)ascii, CRLFOOTER);
+ /* Check for the alternate CRL header and footer format */
+ if (begin == NULL) {
+ begin = (char*) PORT_Strstr((const char*)ascii, X509CRLHEADER);
+ headerlen = strlen(X509CRLHEADER);
+ } else {
+ headerlen = strlen(CRLHEADER);
+ }
+
+ if (end == NULL) {
+ end = (char*) PORT_Strstr((const char*)ascii, X509CRLFOOTER);
+ }
+
if ((begin != NULL) && (end != NULL)) {
- end += PORT_Strlen(FOOTER);
+ /* chop the footer off */
*end = '\0';
- DERCert = (char*)PORT_ZAlloc(PORT_Strlen(begin));
-
- strcpy(DERCert, begin+strlen(CRLHEADER));
+ /* don't copy the header */
+ DERCert = (char*)PORT_ZAlloc(PORT_Strlen(begin - headerlen + 1));
+ strcpy(DERCert, (begin + headerlen));
if ( SECFailure == ATOB_ConvertAsciiToItem(&derCrl, DERCert) ) {
errorRpt(SYSTEM_ERROR, getResourceString(DBT_DECODE_CRL_ERROR));
}
} else {
- PR_snprintf(msg, sizeof(msg), getResourceString(DBT_INVALID_CRL), filename);
+ PR_snprintf(msg, sizeof(msg), getResourceString(DBT_INVALID_CRL), full_path);
errorRpt(FILE_ERROR, msg);
}
}
More information about the Fedora-directory-commits
mailing list