0034-acme-client-Fix-signed-ness-of-base64buf_url-input.patch (5351B)
- From 67ffb8812ee7ac5fe23a5149ff643d1f392fb1f5 Mon Sep 17 00:00:00 2001
- From: Michael Forney <mforney@mforney.org>
- Date: Fri, 23 Apr 2021 20:10:05 -0700
- Subject: [PATCH] acme-client: Fix signed-ness of base64buf_url input
- This make most of the pointer casts unnecessary.
- ---
- usr.sbin/acme-client/acctproc.c | 17 +++++++++--------
- usr.sbin/acme-client/base64.c | 2 +-
- usr.sbin/acme-client/extern.h | 2 +-
- usr.sbin/acme-client/keyproc.c | 5 +++--
- usr.sbin/acme-client/revokeproc.c | 6 ++++--
- 5 files changed, 18 insertions(+), 14 deletions(-)
- diff --git a/usr.sbin/acme-client/acctproc.c b/usr.sbin/acme-client/acctproc.c
- index da3d49107ae..9e97a8bb760 100644
- --- a/usr.sbin/acme-client/acctproc.c
- +++ b/usr.sbin/acme-client/acctproc.c
- @@ -42,8 +42,9 @@
- static char *
- bn2string(const BIGNUM *bn)
- {
- - int len;
- - char *buf, *bbuf;
- + int len;
- + unsigned char *buf;
- + char *bbuf;
- /* Extract big-endian representation of BIGNUM. */
- @@ -51,7 +52,7 @@ bn2string(const BIGNUM *bn)
- if ((buf = malloc(len)) == NULL) {
- warn("malloc");
- return NULL;
- - } else if (len != BN_bn2bin(bn, (unsigned char *)buf)) {
- + } else if (len != BN_bn2bin(bn, buf)) {
- warnx("BN_bn2bin");
- free(buf);
- return NULL;
- @@ -167,7 +168,7 @@ op_thumbprint(int fd, EVP_PKEY *pkey)
- warnx("EVP_Digest");
- goto out;
- }
- - if ((dig64 = base64buf_url((char *)dig, digsz)) == NULL) {
- + if ((dig64 = base64buf_url(dig, digsz)) == NULL) {
- warnx("base64buf_url");
- goto out;
- }
- @@ -281,7 +282,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acctop op)
- /* Base64-encode the payload. */
- - if ((pay64 = base64buf_url(pay, strlen(pay))) == NULL) {
- + if ((pay64 = base64buf_url((unsigned char *)pay, strlen(pay))) == NULL) {
- warnx("base64buf_url");
- goto out;
- }
- @@ -324,7 +325,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acctop op)
- /* The header combined with the nonce, base64. */
- - if ((prot64 = base64buf_url(prot, strlen(prot))) == NULL) {
- + if ((prot64 = base64buf_url((unsigned char *)prot, strlen(prot))) == NULL) {
- warnx("base64buf_url");
- goto out;
- }
- @@ -363,7 +364,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acctop op)
- switch (EVP_PKEY_base_id(pkey)) {
- case EVP_PKEY_RSA:
- - if ((dig64 = base64buf_url((char *)dig, digsz)) == NULL) {
- + if ((dig64 = base64buf_url(dig, digsz)) == NULL) {
- warnx("base64buf_url");
- goto out;
- }
- @@ -402,7 +403,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acctop op)
- goto out;
- }
- - if ((dig64 = base64buf_url((char *)buf, 2 * bn_len)) == NULL) {
- + if ((dig64 = base64buf_url(buf, 2 * bn_len)) == NULL) {
- warnx("base64buf_url");
- goto out;
- }
- diff --git a/usr.sbin/acme-client/base64.c b/usr.sbin/acme-client/base64.c
- index 2b6377f0d81..0d84ad4b458 100644
- --- a/usr.sbin/acme-client/base64.c
- +++ b/usr.sbin/acme-client/base64.c
- @@ -39,7 +39,7 @@ base64len(size_t len)
- * Returns NULL on allocation failure (not logged).
- */
- char *
- -base64buf_url(const char *data, size_t len)
- +base64buf_url(const unsigned char *data, size_t len)
- {
- size_t i, sz;
- char *buf;
- diff --git a/usr.sbin/acme-client/extern.h b/usr.sbin/acme-client/extern.h
- index 915f80e3992..5b0950b0693 100644
- --- a/usr.sbin/acme-client/extern.h
- +++ b/usr.sbin/acme-client/extern.h
- @@ -244,7 +244,7 @@ int checkexit_ext(int *, pid_t, enum comp);
- * Returns a buffer or NULL on allocation error.
- */
- size_t base64len(size_t);
- -char *base64buf_url(const char *, size_t);
- +char *base64buf_url(const unsigned char *, size_t);
- /*
- * JSON parsing routines.
- diff --git a/usr.sbin/acme-client/keyproc.c b/usr.sbin/acme-client/keyproc.c
- index a3b6666c279..f0df9f292d4 100644
- --- a/usr.sbin/acme-client/keyproc.c
- +++ b/usr.sbin/acme-client/keyproc.c
- @@ -77,7 +77,8 @@ int
- keyproc(int netsock, const char *keyfile, const char **alts, size_t altsz,
- enum keytype keytype)
- {
- - char *der64 = NULL, *der = NULL, *dercp;
- + char *der64 = NULL;
- + unsigned char *der = NULL, *dercp;
- char *sans = NULL, *san = NULL;
- FILE *f;
- size_t i, sansz;
- @@ -238,7 +239,7 @@ keyproc(int netsock, const char *keyfile, const char **alts, size_t altsz,
- } else if ((der = dercp = malloc(len)) == NULL) {
- warn("malloc");
- goto out;
- - } else if (len != i2d_X509_REQ(x, (u_char **)&dercp)) {
- + } else if (len != i2d_X509_REQ(x, &dercp)) {
- warnx("i2d_X509_REQ");
- goto out;
- } else if ((der64 = base64buf_url(der, len)) == NULL) {
- diff --git a/usr.sbin/acme-client/revokeproc.c b/usr.sbin/acme-client/revokeproc.c
- index 0f1bf32678b..58e81233f1a 100644
- --- a/usr.sbin/acme-client/revokeproc.c
- +++ b/usr.sbin/acme-client/revokeproc.c
- @@ -63,7 +63,9 @@ revokeproc(int fd, const char *certfile, int force,
- int revocate, const char *const *alts, size_t altsz)
- {
- GENERAL_NAMES *sans = NULL;
- - char *der = NULL, *dercp, *der64 = NULL;
- + unsigned char *der = NULL, *dercp;
- + char *der64 = NULL;
- + char *san = NULL, *str, *tok;
- int rc = 0, cc, i, len;
- size_t *found = NULL;
- FILE *f = NULL;
- @@ -240,7 +242,7 @@ revokeproc(int fd, const char *certfile, int force,
- } else if ((der = dercp = malloc(len)) == NULL) {
- warn("malloc");
- goto out;
- - } else if (len != i2d_X509(x, (u_char **)&dercp)) {
- + } else if (len != i2d_X509(x, &dercp)) {
- warnx("i2d_X509");
- goto out;
- } else if ((der64 = base64buf_url(der, len)) == NULL) {
- --
- 2.49.0