when processing multiple cert files don't error out if some junk at eof
This commit is contained in:
Todd A Ouska
parent
78ea389021
commit
1084ad3026
@ -338,6 +338,7 @@ enum Misc {
|
||||
|
||||
MAX_CHAIN_DEPTH = 4, /* max cert chain peer depth */
|
||||
MAX_X509_SIZE = 2048, /* max static x509 buffer size */
|
||||
CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */
|
||||
FILE_BUFFER_SIZE = 1024, /* default static file buffer size for input,
|
||||
will use dynamic buffer if not big enough */
|
||||
|
||||
|
||||
14
src/ssl.c
14
src/ssl.c
@ -620,6 +620,7 @@ int AddCA(SSL_CTX* ctx, buffer der)
|
||||
|
||||
CYASSL_MSG("Processing Cert Chain");
|
||||
while (consumed < sz) {
|
||||
long left;
|
||||
buffer part;
|
||||
info.consumed = 0;
|
||||
part.buffer = 0;
|
||||
@ -648,6 +649,12 @@ int AddCA(SSL_CTX* ctx, buffer der)
|
||||
return ret;
|
||||
}
|
||||
CYASSL_MSG(" Consumed another Cert in Chain");
|
||||
|
||||
left = sz - consumed;
|
||||
if (left > 0 && left < CERT_MIN_SIZE) {
|
||||
CYASSL_MSG(" Non Cert at end of file");
|
||||
break;
|
||||
}
|
||||
}
|
||||
CYASSL_MSG("Finished Processing Cert Chain");
|
||||
ctx->certChain.buffer = (byte*)XMALLOC(idx, ctx->heap,
|
||||
@ -825,6 +832,7 @@ static int ProcessChainBuffer(SSL_CTX* ctx, const unsigned char* buff,
|
||||
CYASSL_MSG("Processing CA PEM file");
|
||||
while (used < sz) {
|
||||
long consumed = 0;
|
||||
long left;
|
||||
|
||||
ret = ProcessBuffer(ctx, buff + used, sz - used, format, type, ssl,
|
||||
&consumed);
|
||||
@ -833,6 +841,12 @@ static int ProcessChainBuffer(SSL_CTX* ctx, const unsigned char* buff,
|
||||
|
||||
CYASSL_MSG(" Processed a CA");
|
||||
used += consumed;
|
||||
|
||||
left = sz - used;
|
||||
if (left > 0 && left < CERT_MIN_SIZE) { /* non cert stuff at eof */
|
||||
CYASSL_MSG(" Non CA cert at eof");
|
||||
break;
|
||||
}
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user