darwinssl: handle long strings in TLS certs (follow-up)

- Fix handling certificate subjects that are already UTF-8 encoded.

Follow-up to b3b75d1 from two days ago. Since then a copy would be
skipped if the subject was already UTF-8, possibly resulting in a NULL
deref later on.

Ref: https://github.com/curl/curl/issues/1823
Ref: https://github.com/curl/curl/pull/1831

Closes https://github.com/curl/curl/pull/1836
This commit is contained in:
Jay Satiro 2017-08-27 23:37:02 -04:00
Родитель 410bf6b7b1
Коммит aa2ea66cda
1 изменённых файлов: 17 добавлений и 2 удалений

Просмотреть файл

@ -910,11 +910,26 @@ static CURLcode CopyCertSubject(struct Curl_easy *data,
{
CFStringRef c = getsubject(cert);
CURLcode result = CURLE_OK;
const char *direct;
char *cbuf = NULL;
*certp = NULL;
/* If subject is not UTF-8 then check if it can be converted */
if(!CFStringGetCStringPtr(c, kCFStringEncodingUTF8)) {
if(!c) {
failf(data, "SSL: invalid CA certificate subject");
return CURLE_OUT_OF_MEMORY;
}
/* If the subject is already available as UTF-8 encoded (ie 'direct') then
use that, else convert it. */
direct = CFStringGetCStringPtr(c, kCFStringEncodingUTF8);
if(direct) {
*certp = strdup(direct);
if(!*certp) {
failf(data, "SSL: out of memory");
result = CURLE_OUT_OF_MEMORY;
}
}
else {
size_t cbuf_size = ((size_t)CFStringGetLength(c) * 4) + 1;
cbuf = calloc(cbuf_size, 1);
if(cbuf) {