[openssl] master update
Viktor Dukhovni
viktor at openssl.org
Fri Oct 25 18:46:07 UTC 2019
The branch master has been updated
via 7c43eb5dcf5cb098b9e2c2c58b000353af51efa2 (commit)
from 1b0d1bf7f177f1a0c979af8e4abbd6ed45d464d7 (commit)
- Log -----------------------------------------------------------------
commit 7c43eb5dcf5cb098b9e2c2c58b000353af51efa2
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date: Sun Oct 6 22:25:10 2019 +0300
Strip BOM on loading PEM files
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Viktor Dukhovni <openssl-users at dukhovni.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/pem/pem_lib.c | 19 ++++++++++++++++---
test/recipes/04-test_pem.t | 1 +
.../{cert-blankline.pem => cert-bom.pem} | 3 +--
3 files changed, 18 insertions(+), 5 deletions(-)
copy test/recipes/04-test_pem_data/{cert-blankline.pem => cert-bom.pem} (98%)
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index eb07c884e7..020a030334 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -680,9 +680,20 @@ int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
#endif
/* Some helpers for PEM_read_bio_ex(). */
-static int sanitize_line(char *linebuf, int len, unsigned int flags)
+static int sanitize_line(char *linebuf, int len, unsigned int flags, int first_call)
{
int i;
+ if (first_call) {
+ /* Other BOMs imply unsupported multibyte encoding,
+ * so don't strip them and let the error raise */
+ const unsigned char utf8_bom[3] = {0xEF, 0xBB, 0xBF};
+
+ if (len > 3 && memcmp(linebuf, utf8_bom, 3) == 0) {
+ memmove(linebuf, linebuf + 3, len - 3);
+ linebuf[len - 3] = 0;
+ len -= 3;
+ }
+ }
if (flags & PEM_FLAG_EAY_COMPATIBLE) {
/* Strip trailing whitespace */
@@ -727,6 +738,7 @@ static int get_name(BIO *bp, char **name, unsigned int flags)
char *linebuf;
int ret = 0;
int len;
+ int first_call = 1;
/*
* Need to hold trailing NUL (accounted for by BIO_gets() and the newline
@@ -747,7 +759,8 @@ static int get_name(BIO *bp, char **name, unsigned int flags)
}
/* Strip trailing garbage and standardize ending. */
- len = sanitize_line(linebuf, len, flags & ~PEM_FLAG_ONLY_B64);
+ len = sanitize_line(linebuf, len, flags & ~PEM_FLAG_ONLY_B64, first_call);
+ first_call = 0;
/* Allow leading empty or non-matching lines. */
} while (strncmp(linebuf, beginstr, BEGINLEN) != 0
@@ -819,7 +832,7 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name,
}
if (!strncmp(linebuf, endstr, ENDLEN) || got_header == IN_HEADER)
flags_mask &= ~PEM_FLAG_ONLY_B64;
- len = sanitize_line(linebuf, len, flags & flags_mask);
+ len = sanitize_line(linebuf, len, flags & flags_mask, 0);
/* Check for end of header. */
if (linebuf[0] == '\n') {
diff --git a/test/recipes/04-test_pem.t b/test/recipes/04-test_pem.t
index b8f4d722a0..0e6e419519 100644
--- a/test/recipes/04-test_pem.t
+++ b/test/recipes/04-test_pem.t
@@ -32,6 +32,7 @@ my %cert_expected = (
"cert-256line.pem" => 1,
"cert-257line.pem" => 1,
"cert-blankline.pem" => 0,
+ "cert-bom.pem" => 1,
"cert-comment.pem" => 0,
"cert-earlypad.pem" => 0,
"cert-extrapad.pem" => 0,
diff --git a/test/recipes/04-test_pem_data/cert-blankline.pem b/test/recipes/04-test_pem_data/cert-bom.pem
similarity index 98%
copy from test/recipes/04-test_pem_data/cert-blankline.pem
copy to test/recipes/04-test_pem_data/cert-bom.pem
index 3f252886f6..91fbaf4024 100644
--- a/test/recipes/04-test_pem_data/cert-blankline.pem
+++ b/test/recipes/04-test_pem_data/cert-bom.pem
@@ -1,4 +1,4 @@
------BEGIN CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM
WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs
ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G
@@ -10,7 +10,6 @@ MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH
cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l
cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW
VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg
-
U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz
MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy
eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG
More information about the openssl-commits
mailing list