Relax parsing of pem files a bit. Apparently there are CAs that use
\r\n line endings.
>From Bartosz Kuzma as part of a larger diff.
OK?
diff --git certproc.c certproc.c
index 7fde96e970e..975e12afaaa 100644
--- certproc.c
+++ certproc.c
@@ -28,7 +28,8 @@
#include "extern.h"
-#define MARKER "-----END CERTIFICATE-----\n"
+#define BEGIN_MARKER "-----BEGIN CERTIFICATE-----"
+#define END_MARKER "-----END CERTIFICATE-----"
int
certproc(int netsock, int filesock)
@@ -81,19 +82,25 @@ certproc(int netsock, int filesock)
if ((csr = readbuf(netsock, COMM_CSR, &csrsz)) == NULL)
goto out;
- if (csrsz < strlen(MARKER)) {
+ if (csrsz < strlen(END_MARKER)) {
warnx("invalid cert");
goto out;
}
- chaincp = strstr(csr, MARKER);
+ chaincp = strstr(csr, END_MARKER);
if (chaincp == NULL) {
warnx("invalid cert");
goto out;
}
- chaincp += strlen(MARKER);
+ chaincp += strlen(END_MARKER);
+
+ if ((chaincp = strstr(chaincp, BEGIN_MARKER)) == NULL) {
+ warnx("invalid certificate chain");
+ goto out;
+ }
+
if ((chain = strdup(chaincp)) == NULL) {
warn("strdup");
goto out;
--
I'm not entirely sure you are real.
