logo

oasis

Own branch of Oasis Linux (upstream: <https://git.sr.ht/~mcf/oasis/>) git clone https://anongit.hacktivis.me/git/oasis.git

0034-acme-client-Fix-signed-ness-of-base64buf_url-input.patch (5351B)


  1. From 67ffb8812ee7ac5fe23a5149ff643d1f392fb1f5 Mon Sep 17 00:00:00 2001
  2. From: Michael Forney <mforney@mforney.org>
  3. Date: Fri, 23 Apr 2021 20:10:05 -0700
  4. Subject: [PATCH] acme-client: Fix signed-ness of base64buf_url input
  5. This make most of the pointer casts unnecessary.
  6. ---
  7. usr.sbin/acme-client/acctproc.c | 17 +++++++++--------
  8. usr.sbin/acme-client/base64.c | 2 +-
  9. usr.sbin/acme-client/extern.h | 2 +-
  10. usr.sbin/acme-client/keyproc.c | 5 +++--
  11. usr.sbin/acme-client/revokeproc.c | 6 ++++--
  12. 5 files changed, 18 insertions(+), 14 deletions(-)
  13. diff --git a/usr.sbin/acme-client/acctproc.c b/usr.sbin/acme-client/acctproc.c
  14. index da3d49107ae..9e97a8bb760 100644
  15. --- a/usr.sbin/acme-client/acctproc.c
  16. +++ b/usr.sbin/acme-client/acctproc.c
  17. @@ -42,8 +42,9 @@
  18. static char *
  19. bn2string(const BIGNUM *bn)
  20. {
  21. - int len;
  22. - char *buf, *bbuf;
  23. + int len;
  24. + unsigned char *buf;
  25. + char *bbuf;
  26. /* Extract big-endian representation of BIGNUM. */
  27. @@ -51,7 +52,7 @@ bn2string(const BIGNUM *bn)
  28. if ((buf = malloc(len)) == NULL) {
  29. warn("malloc");
  30. return NULL;
  31. - } else if (len != BN_bn2bin(bn, (unsigned char *)buf)) {
  32. + } else if (len != BN_bn2bin(bn, buf)) {
  33. warnx("BN_bn2bin");
  34. free(buf);
  35. return NULL;
  36. @@ -167,7 +168,7 @@ op_thumbprint(int fd, EVP_PKEY *pkey)
  37. warnx("EVP_Digest");
  38. goto out;
  39. }
  40. - if ((dig64 = base64buf_url((char *)dig, digsz)) == NULL) {
  41. + if ((dig64 = base64buf_url(dig, digsz)) == NULL) {
  42. warnx("base64buf_url");
  43. goto out;
  44. }
  45. @@ -281,7 +282,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acctop op)
  46. /* Base64-encode the payload. */
  47. - if ((pay64 = base64buf_url(pay, strlen(pay))) == NULL) {
  48. + if ((pay64 = base64buf_url((unsigned char *)pay, strlen(pay))) == NULL) {
  49. warnx("base64buf_url");
  50. goto out;
  51. }
  52. @@ -324,7 +325,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acctop op)
  53. /* The header combined with the nonce, base64. */
  54. - if ((prot64 = base64buf_url(prot, strlen(prot))) == NULL) {
  55. + if ((prot64 = base64buf_url((unsigned char *)prot, strlen(prot))) == NULL) {
  56. warnx("base64buf_url");
  57. goto out;
  58. }
  59. @@ -363,7 +364,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acctop op)
  60. switch (EVP_PKEY_base_id(pkey)) {
  61. case EVP_PKEY_RSA:
  62. - if ((dig64 = base64buf_url((char *)dig, digsz)) == NULL) {
  63. + if ((dig64 = base64buf_url(dig, digsz)) == NULL) {
  64. warnx("base64buf_url");
  65. goto out;
  66. }
  67. @@ -402,7 +403,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acctop op)
  68. goto out;
  69. }
  70. - if ((dig64 = base64buf_url((char *)buf, 2 * bn_len)) == NULL) {
  71. + if ((dig64 = base64buf_url(buf, 2 * bn_len)) == NULL) {
  72. warnx("base64buf_url");
  73. goto out;
  74. }
  75. diff --git a/usr.sbin/acme-client/base64.c b/usr.sbin/acme-client/base64.c
  76. index 2b6377f0d81..0d84ad4b458 100644
  77. --- a/usr.sbin/acme-client/base64.c
  78. +++ b/usr.sbin/acme-client/base64.c
  79. @@ -39,7 +39,7 @@ base64len(size_t len)
  80. * Returns NULL on allocation failure (not logged).
  81. */
  82. char *
  83. -base64buf_url(const char *data, size_t len)
  84. +base64buf_url(const unsigned char *data, size_t len)
  85. {
  86. size_t i, sz;
  87. char *buf;
  88. diff --git a/usr.sbin/acme-client/extern.h b/usr.sbin/acme-client/extern.h
  89. index 915f80e3992..5b0950b0693 100644
  90. --- a/usr.sbin/acme-client/extern.h
  91. +++ b/usr.sbin/acme-client/extern.h
  92. @@ -244,7 +244,7 @@ int checkexit_ext(int *, pid_t, enum comp);
  93. * Returns a buffer or NULL on allocation error.
  94. */
  95. size_t base64len(size_t);
  96. -char *base64buf_url(const char *, size_t);
  97. +char *base64buf_url(const unsigned char *, size_t);
  98. /*
  99. * JSON parsing routines.
  100. diff --git a/usr.sbin/acme-client/keyproc.c b/usr.sbin/acme-client/keyproc.c
  101. index a3b6666c279..f0df9f292d4 100644
  102. --- a/usr.sbin/acme-client/keyproc.c
  103. +++ b/usr.sbin/acme-client/keyproc.c
  104. @@ -77,7 +77,8 @@ int
  105. keyproc(int netsock, const char *keyfile, const char **alts, size_t altsz,
  106. enum keytype keytype)
  107. {
  108. - char *der64 = NULL, *der = NULL, *dercp;
  109. + char *der64 = NULL;
  110. + unsigned char *der = NULL, *dercp;
  111. char *sans = NULL, *san = NULL;
  112. FILE *f;
  113. size_t i, sansz;
  114. @@ -238,7 +239,7 @@ keyproc(int netsock, const char *keyfile, const char **alts, size_t altsz,
  115. } else if ((der = dercp = malloc(len)) == NULL) {
  116. warn("malloc");
  117. goto out;
  118. - } else if (len != i2d_X509_REQ(x, (u_char **)&dercp)) {
  119. + } else if (len != i2d_X509_REQ(x, &dercp)) {
  120. warnx("i2d_X509_REQ");
  121. goto out;
  122. } else if ((der64 = base64buf_url(der, len)) == NULL) {
  123. diff --git a/usr.sbin/acme-client/revokeproc.c b/usr.sbin/acme-client/revokeproc.c
  124. index 0f1bf32678b..58e81233f1a 100644
  125. --- a/usr.sbin/acme-client/revokeproc.c
  126. +++ b/usr.sbin/acme-client/revokeproc.c
  127. @@ -63,7 +63,9 @@ revokeproc(int fd, const char *certfile, int force,
  128. int revocate, const char *const *alts, size_t altsz)
  129. {
  130. GENERAL_NAMES *sans = NULL;
  131. - char *der = NULL, *dercp, *der64 = NULL;
  132. + unsigned char *der = NULL, *dercp;
  133. + char *der64 = NULL;
  134. + char *san = NULL, *str, *tok;
  135. int rc = 0, cc, i, len;
  136. size_t *found = NULL;
  137. FILE *f = NULL;
  138. @@ -240,7 +242,7 @@ revokeproc(int fd, const char *certfile, int force,
  139. } else if ((der = dercp = malloc(len)) == NULL) {
  140. warn("malloc");
  141. goto out;
  142. - } else if (len != i2d_X509(x, (u_char **)&dercp)) {
  143. + } else if (len != i2d_X509(x, &dercp)) {
  144. warnx("i2d_X509");
  145. goto out;
  146. } else if ((der64 = base64buf_url(der, len)) == NULL) {
  147. --
  148. 2.49.0