summaryrefslogtreecommitdiff
path: root/content/fetchers
diff options
context:
space:
mode:
authorVincent Sanders <vince@kyllikki.org>2014-09-03 14:27:25 +0100
committerVincent Sanders <vince@kyllikki.org>2014-09-03 14:27:25 +0100
commitc695d3d0074687e767b68ca9d1412a5bc5303178 (patch)
tree2cbab1d49215842c49b5a6defd67443295b73010 /content/fetchers
parent5492e9679359a731a56b4f304614b48be1a07cd1 (diff)
downloadnetsurf-c695d3d0074687e767b68ca9d1412a5bc5303178.tar.gz
netsurf-c695d3d0074687e767b68ca9d1412a5bc5303178.tar.bz2
memcpy and terminate from openssl buffers
The memcpy is used instead of snprintf as the source data may not be null terminated and was causing OpenBSD to segfault.
Diffstat (limited to 'content/fetchers')
-rw-r--r--content/fetchers/curl.c41
1 files changed, 23 insertions, 18 deletions
diff --git a/content/fetchers/curl.c b/content/fetchers/curl.c
index 826305e78..51b0f9974 100644
--- a/content/fetchers/curl.c
+++ b/content/fetchers/curl.c
@@ -921,10 +921,12 @@ void fetch_curl_done(CURL *curl_handle, CURLcode result)
BIO_get_mem_ptr(mem, &buf);
(void) BIO_set_close(mem, BIO_NOCLOSE);
BIO_free(mem);
- snprintf(ssl_certs[i].not_before,
- min(sizeof ssl_certs[i].not_before,
- (unsigned) buf->length + 1),
- "%s", buf->data);
+ memcpy(ssl_certs[i].not_before,
+ buf->data,
+ min(sizeof(ssl_certs[i].not_before) - 1,
+ (unsigned)buf->length));
+ ssl_certs[i].not_before[min(sizeof(ssl_certs[i].not_before) - 1,
+ (unsigned)buf->length)] = 0;
BUF_MEM_free(buf);
mem = BIO_new(BIO_s_mem());
@@ -933,10 +935,13 @@ void fetch_curl_done(CURL *curl_handle, CURLcode result)
BIO_get_mem_ptr(mem, &buf);
(void) BIO_set_close(mem, BIO_NOCLOSE);
BIO_free(mem);
- snprintf(ssl_certs[i].not_after,
- min(sizeof ssl_certs[i].not_after,
- (unsigned) buf->length + 1),
- "%s", buf->data);
+ memcpy(ssl_certs[i].not_after,
+ buf->data,
+ min(sizeof(ssl_certs[i].not_after) - 1,
+ (unsigned)buf->length));
+ ssl_certs[i].not_after[min(sizeof(ssl_certs[i].not_after) - 1,
+ (unsigned)buf->length)] = 0;
+
BUF_MEM_free(buf);
ssl_certs[i].sig_type =
@@ -952,11 +957,11 @@ void fetch_curl_done(CURL *curl_handle, CURLcode result)
BIO_get_mem_ptr(mem, &buf);
(void) BIO_set_close(mem, BIO_NOCLOSE);
BIO_free(mem);
- snprintf(ssl_certs[i].issuer,
- min(sizeof ssl_certs[i].issuer - 1,
- (unsigned) buf->length + 1),
- "%s", buf->data);
- ssl_certs[i].issuer[min(sizeof ssl_certs[i].issuer,
+ memcpy(ssl_certs[i].issuer,
+ buf->data,
+ min(sizeof(ssl_certs[i].issuer) - 1,
+ (unsigned) buf->length));
+ ssl_certs[i].issuer[min(sizeof(ssl_certs[i].issuer) - 1,
(unsigned) buf->length)] = 0;
BUF_MEM_free(buf);
@@ -970,11 +975,11 @@ void fetch_curl_done(CURL *curl_handle, CURLcode result)
BIO_get_mem_ptr(mem, &buf);
(void) BIO_set_close(mem, BIO_NOCLOSE);
BIO_free(mem);
- snprintf(ssl_certs[i].subject,
- min(sizeof(ssl_certs[i].subject) - 1,
- (unsigned) buf->length + 1),
- "%s", buf->data);
- ssl_certs[i].subject[min(sizeof(ssl_certs[i].subject),
+ memcpy(ssl_certs[i].subject,
+ buf->data,
+ min(sizeof(ssl_certs[i].subject) - 1,
+ (unsigned)buf->length));
+ ssl_certs[i].subject[min(sizeof(ssl_certs[i].subject) - 1,
(unsigned) buf->length)] = 0;
BUF_MEM_free(buf);