From 0c0b9faddda8345a37e0d720acb9acbc887f24c2 Mon Sep 17 00:00:00 2001 From: Daniel Silverstone Date: Sat, 30 Nov 2019 13:40:13 +0000 Subject: [PATCH] llcache: Persist SSL certificate data Signed-off-by: Daniel Silverstone --- content/llcache.c | 117 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 117 insertions(+) diff --git a/content/llcache.c b/content/llcache.c index e870ee2a7..5c539990e 100644 --- a/content/llcache.c +++ b/content/llcache.c @@ -1251,6 +1251,8 @@ llcache_serialise_metadata(llcache_object *object, allocsize += 10 + 1; /* space for number of header entries */ + allocsize += 10 + 1; /* space for number of SSL certificates */ + allocsize += nsurl_length(object->url) + 1; for (hloop = 0 ; hloop < object->num_headers ; hloop++) { @@ -1258,6 +1260,15 @@ llcache_serialise_metadata(llcache_object *object, allocsize += strlen(object->headers[hloop].value) + 1; } + for (hloop = 0; hloop < object->ssl_cert_count; hloop++) { + allocsize += (10 + 1) * 4; /* version, sig_type, cert_type, err */ + allocsize += strlen(object->ssl_certs[hloop].not_before) + 1; + allocsize += strlen(object->ssl_certs[hloop].not_after) + 1; + allocsize += strlen(object->ssl_certs[hloop].serialnum) + 1; + allocsize += strlen(object->ssl_certs[hloop].issuer) + 1; + allocsize += strlen(object->ssl_certs[hloop].subject) + 1; + } + data = malloc(allocsize); if (data == NULL) { return NSERROR_NOMEM; @@ -1340,6 +1351,112 @@ llcache_serialise_metadata(llcache_object *object, datasize -= use; } + /* number of ssl certificates */ + use = snprintf(op, datasize, "%" PRIsizet, object->ssl_cert_count); + if (use < 0) { + goto operror; + } + use++; /* does not count the null */ + if (use > datasize) + goto overflow; + op += use; + datasize -= use; + + /* SSL certificates */ + for (hloop = 0; hloop < object->ssl_cert_count; hloop++) { + struct ssl_cert_info *cert = &(object->ssl_certs[hloop]); + /* Certificate version */ + use = snprintf(op, datasize, "%ld", cert->version); + if (use < 0) { + goto operror; + } + use++; /* does not count the null */ + if (use > datasize) + goto overflow; + op += use; + datasize -= use; + /* not_before */ + use = snprintf(op, datasize, "%s", cert->not_before); + if (use < 0) { + goto operror; + } + use++; /* does not count the null */ + if (use > datasize) + goto overflow; + op += use; + datasize -= use; + /* not_after */ + use = snprintf(op, datasize, "%s", cert->not_after); + if (use < 0) { + goto operror; + } + use++; /* does not count the null */ + if (use > datasize) + goto overflow; + op += use; + datasize -= use; + /* Signature type */ + use = snprintf(op, datasize, "%d", cert->sig_type); + if (use < 0) { + goto operror; + } + use++; /* does not count the null */ + if (use > datasize) + goto overflow; + op += use; + datasize -= use; + /* serialnum */ + use = snprintf(op, datasize, "%s", cert->serialnum); + if (use < 0) { + goto operror; + } + use++; /* does not count the null */ + if (use > datasize) + goto overflow; + op += use; + datasize -= use; + /* issuer */ + use = snprintf(op, datasize, "%s", cert->issuer); + if (use < 0) { + goto operror; + } + use++; /* does not count the null */ + if (use > datasize) + goto overflow; + op += use; + datasize -= use; + /* subject */ + use = snprintf(op, datasize, "%s", cert->subject); + if (use < 0) { + goto operror; + } + use++; /* does not count the null */ + if (use > datasize) + goto overflow; + op += use; + datasize -= use; + /* Certificate type */ + use = snprintf(op, datasize, "%d", cert->cert_type); + if (use < 0) { + goto operror; + } + use++; /* does not count the null */ + if (use > datasize) + goto overflow; + op += use; + datasize -= use; + /* Certificate error code */ + use = snprintf(op, datasize, "%d", (int)(cert->err)); + if (use < 0) { + goto operror; + } + use++; /* does not count the null */ + if (use > datasize) + goto overflow; + op += use; + datasize -= use; + } + NSLOG(llcache, DEBUG, "Filled buffer with %d spare", datasize); *data_out = data;