1 files changed, 22 insertions, 12 deletions

diff --git a/libs/libcurl/src/vtls/x509asn1.c b/libs/libcurl/src/vtls/x509asn1.c
index 0887b34049..f8b0dd38e5 100644
--- a/libs/libcurl/src/vtls/x509asn1.c
+++ b/libs/libcurl/src/vtls/x509asn1.c
@@ -25,13 +25,15 @@
 #include "curl_setup.h"

 

 #if defined(USE_GNUTLS) || defined(USE_WOLFSSL) ||      \

-  defined(USE_SCHANNEL) || defined(USE_SECTRANSP)

+  defined(USE_SCHANNEL) || defined(USE_SECTRANSP) ||    \

+  defined(USE_MBEDTLS)

 

 #if defined(USE_WOLFSSL) || defined(USE_SCHANNEL)

 #define WANT_PARSEX509 /* uses Curl_parseX509() */

 #endif

 

-#if defined(USE_GNUTLS) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP)

+#if defined(USE_GNUTLS) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) || \

+  defined(USE_MBEDTLS)

 #define WANT_EXTRACT_CERTINFO /* uses Curl_extract_certinfo() */

 #define WANT_PARSEX509 /* ... uses Curl_parseX509() */

 #endif

@@ -110,15 +112,16 @@ struct Curl_OID {
 };

 

 /* ASN.1 OIDs. */

-static const char       cnOID[] = "2.5.4.3";    /* Common name. */

-static const char       sanOID[] = "2.5.29.17"; /* Subject alternative name. */

-

 static const struct Curl_OID OIDtable[] = {

   { "1.2.840.10040.4.1",        "dsa" },

   { "1.2.840.10040.4.3",        "dsa-with-sha1" },

   { "1.2.840.10045.2.1",        "ecPublicKey" },

   { "1.2.840.10045.3.0.1",      "c2pnb163v1" },

   { "1.2.840.10045.4.1",        "ecdsa-with-SHA1" },

+  { "1.2.840.10045.4.3.1",      "ecdsa-with-SHA224" },

+  { "1.2.840.10045.4.3.2",      "ecdsa-with-SHA256" },

+  { "1.2.840.10045.4.3.3",      "ecdsa-with-SHA384" },

+  { "1.2.840.10045.4.3.4",      "ecdsa-with-SHA512" },

   { "1.2.840.10046.2.1",        "dhpublicnumber" },

   { "1.2.840.113549.1.1.1",     "rsaEncryption" },

   { "1.2.840.113549.1.1.2",     "md2WithRSAEncryption" },

@@ -132,7 +135,7 @@ static const struct Curl_OID OIDtable[] = {
   { "1.2.840.113549.2.2",       "md2" },

   { "1.2.840.113549.2.5",       "md5" },

   { "1.3.14.3.2.26",            "sha1" },

-  { cnOID,                      "CN" },

+  { "2.5.4.3",                  "CN" },

   { "2.5.4.4",                  "SN" },

   { "2.5.4.5",                  "serialNumber" },

   { "2.5.4.6",                  "C" },

@@ -153,7 +156,7 @@ static const struct Curl_OID OIDtable[] = {
   { "2.5.4.65",                 "pseudonym" },

   { "1.2.840.113549.1.9.1",     "emailAddress" },

   { "2.5.4.72",                 "role" },

-  { sanOID,                     "subjectAltName" },

+  { "2.5.29.17",                "subjectAltName" },

   { "2.5.29.18",                "issuerAltName" },

   { "2.5.29.19",                "basicConstraints" },

   { "2.16.840.1.101.3.4.2.4",   "sha224" },

@@ -372,7 +375,7 @@ utf8asn1str(struct dynbuf *to, int type, const char *from, const char *end)
   else {

     while(!result && (from < end)) {

       char buf[4]; /* decode buffer */

-      int charsize = 1;

+      size_t charsize = 1;

       unsigned int wc = 0;

 

       switch(size) {

@@ -390,7 +393,6 @@ utf8asn1str(struct dynbuf *to, int type, const char *from, const char *end)
         if(wc >= 0x00000800) {

           if(wc >= 0x00010000) {

             if(wc >= 0x00200000) {

-              free(buf);

               /* Invalid char. size for target encoding. */

               return CURLE_WEIRD_SERVER_REPLY;

             }

@@ -469,7 +471,7 @@ static CURLcode OID2str(struct dynbuf *store,
         if(op)

           result = Curl_dyn_add(store, op->textoid);

         else

-          result = CURLE_BAD_FUNCTION_ARGUMENT;

+          result = Curl_dyn_add(store, Curl_dyn_ptr(&buf));

         Curl_dyn_free(&buf);

       }

     }

@@ -598,7 +600,7 @@ static CURLcode ASN1tostr(struct dynbuf *store,
 {

   CURLcode result = CURLE_BAD_FUNCTION_ARGUMENT;

   if(elem->constructed)

-    return CURLE_OK; /* No conversion of structured elements. */

+    return result; /* No conversion of structured elements. */

 

   if(!type)

     type = elem->tag;   /* Type not forced: use element tag as type. */

@@ -692,6 +694,11 @@ static CURLcode encodeDN(struct dynbuf *store, struct Curl_asn1Element *dn)
 

       str = Curl_dyn_ptr(&temp);

 

+      if(!str) {

+        result = CURLE_BAD_FUNCTION_ARGUMENT;

+        goto error;

+      }

+

       /* Encode delimiter.

          If attribute has a short uppercase name, delimiter is ", ". */

       for(p3 = str; ISUPPER(*p3); p3++)

@@ -959,7 +966,8 @@ static int do_pubkey(struct Curl_easy *data, int certnum,
       if(ssl_push_certinfo(data, certnum, "ECC Public Key", q))

         return 1;

     }

-    return do_pubkey_field(data, certnum, "ecPublicKey", pubkey);

+    return do_pubkey_field(data, certnum, "ecPublicKey", pubkey) == CURLE_OK

+      ? 0 : 1;

   }

 

   /* Get the public key (single element). */

@@ -1223,6 +1231,8 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data,
       result = ssl_push_certinfo_dyn(data, certnum, "Cert", &out);

 

 done:

+  if(result)

+    failf(data, "Failed extracting certificate chain");

   Curl_dyn_free(&out);

   return result;

 }