From 0ffb8167c12a498b91f5fede904192b069cd55ee Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Mon, 22 Mar 2021 10:33:45 -0400 Subject: [PATCH] [TLS] use stack for SSL_CLIENT_S_DN_* tag (reduce use of r->tmp_buf in TLS modules) --- src/mod_gnutls.c | 11 ++++++----- src/mod_mbedtls.c | 13 ++++++------- src/mod_nss.c | 10 +++++----- src/mod_openssl.c | 12 ++++++------ src/mod_wolfssl.c | 12 ++++++------ 5 files changed, 29 insertions(+), 29 deletions(-) diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c index 16ad2766..21465168 100644 --- a/src/mod_gnutls.c +++ b/src/mod_gnutls.c @@ -2667,13 +2667,13 @@ https_add_ssl_client_cert (request_st * const r, const gnutls_x509_crt_t peer) static void https_add_ssl_client_subject (request_st * const r, gnutls_x509_dn_t dn) { - buffer * const tb = r->tmp_buf; int irdn = 0, i, rc; gnutls_x509_ava_st ava; + const size_t prelen = sizeof("SSL_CLIENT_S_DN_")-1; + char key[64] = "SSL_CLIENT_S_DN_"; char buf[512]; /*(expecting element value len <= 256)*/ /* add components of client Subject DN */ - buffer_copy_string_len(tb, CONST_STR_LEN("SSL_CLIENT_S_DN_")); /* man gnutls_x509_dn_get_rdn_ava() * The X.509 distinguished name is a sequence of sequences of strings and @@ -2688,8 +2688,9 @@ https_add_ssl_client_subject (request_st * const r, gnutls_x509_dn_t dn) const char *name = gnutls_x509_dn_oid_name((char *)ava.oid.data, GNUTLS_X509_DN_OID_RETURN_OID); - buffer_string_set_length(tb, sizeof("SSL_CLIENT_S_DN_")-1); - buffer_append_string_len(tb, name, strlen(name)); + const size_t len = strlen(name); + if (prelen+len >= sizeof(key)) continue; + memcpy(key+prelen, name, len); /*(not '\0'-terminated)*/ unsigned int v, n = 0; for (v = 0; v < ava.value.size && n < sizeof(buf)-1; ++n) { @@ -2697,7 +2698,7 @@ https_add_ssl_client_subject (request_st * const r, gnutls_x509_dn_t dn) buf[n] = (c < 32 || c == 127 || (c > 128 && c < 160)) ? '?' : c; } - http_header_env_set(r, CONST_BUF_LEN(tb), buf, n); + http_header_env_set(r, key, prelen+len, buf, n); } ++irdn; } while (rc == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND && i > 0); diff --git a/src/mod_mbedtls.c b/src/mod_mbedtls.c index 577e5038..3ed634cf 100644 --- a/src/mod_mbedtls.c +++ b/src/mod_mbedtls.c @@ -2324,10 +2324,10 @@ https_add_ssl_client_subject (request_st * const r, const mbedtls_x509_name *nam { /* add components of client Subject DN */ /* code block is similar to mbedtls_x509_dn_gets() */ - buffer * const tb = r->tmp_buf; + const size_t prelen = sizeof("SSL_CLIENT_S_DN_")-1; + char key[64] = "SSL_CLIENT_S_DN_"; char buf[MBEDTLS_X509_MAX_DN_NAME_SIZE]; /*(256)*/ - buffer_copy_string_len(tb, CONST_STR_LEN("SSL_CLIENT_S_DN_")); while (name != NULL) { if (!name->oid.p) { name = name->next; @@ -2337,8 +2337,9 @@ https_add_ssl_client_subject (request_st * const r, const mbedtls_x509_name *nam const char *short_name = NULL; if (0 != mbedtls_oid_get_attr_short_name(&name->oid, &short_name)) continue; - buffer_string_set_length(tb, sizeof("SSL_CLIENT_S_DN_")-1); - buffer_append_string(tb, short_name); + const size_t len = strlen(short_name); + if (prelen+len >= sizeof(key)) continue; + memcpy(key+prelen, short_name, len); /*(not '\0'-terminated)*/ const mbedtls_x509_name *nm = name; int n = 0; @@ -2355,9 +2356,7 @@ https_add_ssl_client_subject (request_st * const r, const mbedtls_x509_name *nam while (nm->next_merged && nm->next) nm = nm->next; name = nm->next; - http_header_env_set(r, - CONST_BUF_LEN(tb), - buf, n); + http_header_env_set(r, key, prelen+len, buf, n); } } diff --git a/src/mod_nss.c b/src/mod_nss.c index c0c66f7f..db520da4 100644 --- a/src/mod_nss.c +++ b/src/mod_nss.c @@ -2452,8 +2452,8 @@ https_add_ssl_client_subject (request_st * const r, CERTName * const subj) { CONST_STR_LEN("emailAddress"), CERT_GetCertEmailAddress }, { CONST_STR_LEN("DC"), CERT_GetDomainComponentName }, }; - buffer * const tb = r->tmp_buf; - buffer_copy_string_len(tb, CONST_STR_LEN("SSL_CLIENT_S_DN_")); + const size_t prelen = sizeof("SSL_CLIENT_S_DN_")-1; + char key[64] = "SSL_CLIENT_S_DN_"; for (uint32_t i = 0; i < sizeof(comp)/sizeof(*comp); ++i) { char *s = comp[i].fn(subj); if (NULL == s) continue; @@ -2464,9 +2464,9 @@ https_add_ssl_client_subject (request_st * const r, CERTName * const subj) if (c < 32 || c == 127 || (c > 128 && c < 160)) s[n] = '?'; } - buffer_string_set_length(tb, sizeof("SSL_CLIENT_S_DN_")-1); - buffer_append_string_len(tb, comp[i].tag, comp[i].tlen); - http_header_env_set(r, CONST_BUF_LEN(tb), s, n); + /*if (prelen+comp[i].tlen >= sizeof(key)) continue;*//*(not possible)*/ + memcpy(key+prelen, comp[i].tag, comp[i].tlen); /*(not '\0'-terminated)*/ + http_header_env_set(r, key, prelen+comp[i].tlen, s, n); PR_Free(s); } diff --git a/src/mod_openssl.c b/src/mod_openssl.c index bce10270..f7fe9d9c 100644 --- a/src/mod_openssl.c +++ b/src/mod_openssl.c @@ -3350,8 +3350,8 @@ CONNECTION_FUNC(mod_openssl_handle_con_close) static void https_add_ssl_client_subject (request_st * const r, X509_NAME *xn) { - buffer * const tb = r->tmp_buf; - buffer_copy_string_len(tb, CONST_STR_LEN("SSL_CLIENT_S_DN_")); + const size_t prelen = sizeof("SSL_CLIENT_S_DN_")-1; + char key[64] = "SSL_CLIENT_S_DN_"; for (int i = 0, nentries = X509_NAME_entry_count(xn); i < nentries; ++i) { int xobjnid; const char * xobjsn; @@ -3363,10 +3363,10 @@ https_add_ssl_client_subject (request_st * const r, X509_NAME *xn) xobjnid = OBJ_obj2nid((ASN1_OBJECT*)X509_NAME_ENTRY_get_object(xe)); xobjsn = OBJ_nid2sn(xobjnid); if (xobjsn) { - buffer_string_set_length(tb, sizeof("SSL_CLIENT_S_DN_")-1); - buffer_append_string(tb, xobjsn); - http_header_env_set(r, - CONST_BUF_LEN(tb), + const size_t len = strlen(xobjsn); + if (prelen+len >= sizeof(key)) continue; + memcpy(key+prelen, xobjsn, len); /*(not '\0'-terminated)*/ + http_header_env_set(r, key, prelen+len, (const char*)X509_NAME_ENTRY_get_data(xe)->data, X509_NAME_ENTRY_get_data(xe)->length); } diff --git a/src/mod_wolfssl.c b/src/mod_wolfssl.c index 9aed7047..da6f769b 100644 --- a/src/mod_wolfssl.c +++ b/src/mod_wolfssl.c @@ -3133,8 +3133,8 @@ CONNECTION_FUNC(mod_openssl_handle_con_close) static void https_add_ssl_client_subject (request_st * const r, X509_NAME *xn) { - buffer * const tb = r->tmp_buf; - buffer_copy_string_len(tb, CONST_STR_LEN("SSL_CLIENT_S_DN_")); + const size_t prelen = sizeof("SSL_CLIENT_S_DN_")-1; + char key[64] = "SSL_CLIENT_S_DN_"; for (int i = 0, nentries = X509_NAME_entry_count(xn); i < nentries; ++i) { int xobjnid; const char * xobjsn; @@ -3146,10 +3146,10 @@ https_add_ssl_client_subject (request_st * const r, X509_NAME *xn) xobjnid = OBJ_obj2nid((ASN1_OBJECT*)X509_NAME_ENTRY_get_object(xe)); xobjsn = OBJ_nid2sn(xobjnid); if (xobjsn) { - buffer_string_set_length(tb, sizeof("SSL_CLIENT_S_DN_")-1); - buffer_append_string(tb, xobjsn); - http_header_env_set(r, - CONST_BUF_LEN(tb), + const size_t len = strlen(xobjsn); + if (prelen+len >= sizeof(key)) continue; + memcpy(key+prelen, xobjsn, len); /*(not '\0'-terminated)*/ + http_header_env_set(r, key, prelen+len, (const char*)X509_NAME_ENTRY_get_data(xe)->data, X509_NAME_ENTRY_get_data(xe)->length); }