Commit aa2ea66c authored by Jay Satiro's avatar Jay Satiro
Browse files

darwinssl: handle long strings in TLS certs (follow-up) 

- Fix handling certificate subjects that are already UTF-8 encoded.

Follow-up to b3b75d17 from two days ago. Since then a copy would be
skipped if the subject was already UTF-8, possibly resulting in a NULL
deref later on.

Ref: https://github.com/curl/curl/issues/1823
Ref: https://github.com/curl/curl/pull/1831

Closes https://github.com/curl/curl/pull/1836
parent 410bf6b7

lib/vtls/darwinssl.c

+17 −2
Original line number Diff line number Diff line
@@ -910,11 +910,26 @@ static CURLcode CopyCertSubject(struct Curl_easy *data, 
{

  CFStringRef c = getsubject(cert);

  CURLcode result = CURLE_OK;

  const char *direct;

  char *cbuf = NULL;

  *certp = NULL;



  /* If subject is not UTF-8 then check if it can be converted */

  if(!CFStringGetCStringPtr(c, kCFStringEncodingUTF8)) {

  if(!c) {

    failf(data, "SSL: invalid CA certificate subject");

    return CURLE_OUT_OF_MEMORY;

  }



  /* If the subject is already available as UTF-8 encoded (ie 'direct') then

     use that, else convert it. */

  direct = CFStringGetCStringPtr(c, kCFStringEncodingUTF8);

  if(direct) {

    *certp = strdup(direct);

    if(!*certp) {

      failf(data, "SSL: out of memory");

      result = CURLE_OUT_OF_MEMORY;

    }

  }

  else {

    size_t cbuf_size = ((size_t)CFStringGetLength(c) * 4) + 1;

    cbuf = calloc(cbuf_size, 1);

    if(cbuf) {