diff options
author | Daniel Stenberg <daniel@haxx.se> | 2021-12-14 10:00:34 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2021-12-14 10:00:34 +0100 |
commit | 0e87c373e13aebe4ce1f5970bb0166b34ed5c61e (patch) | |
tree | 3c91bae93f6f523ee957805f8f6df9dc7a0ac481 | |
parent | f03cc1b7a693b03eddfed2b4c7f8b5fcba9a22e5 (diff) | |
download | curl-bagder/mbedtls-ssl_cert_blob.tar.gz |
mbedtls: fix CURLOPT_SSLCERT_BLOBbagder/mbedtls-ssl_cert_blob
The memory passed to mbedTLS for this needs to be null terminated.
Reported-by: Florian Van Heghe
-rw-r--r-- | lib/vtls/mbedtls.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c index 7f1ff198c..e4d9b802a 100644 --- a/lib/vtls/mbedtls.c +++ b/lib/vtls/mbedtls.c @@ -381,10 +381,17 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, } if(ssl_cert_blob) { - const unsigned char *blob_data = - (const unsigned char *)ssl_cert_blob->data; - ret = mbedtls_x509_crt_parse(&backend->clicert, blob_data, + /* Unfortunately, mbedtls_x509_crt_parse() requires the data to be null + terminated even when provided the exact length, forcing us to waste + extra memory here. */ + unsigned char *newblob = malloc(ssl_cert_blob->len + 1); + if(!newblob) + return CURLE_OUT_OF_MEMORY; + memcpy(newblob, ssl_cert_blob->data, ssl_cert_blob->len); + newblob[ssl_cert_blob->len] = 0; /* null terminate */ + ret = mbedtls_x509_crt_parse(&backend->clicert, newblob, ssl_cert_blob->len); + free(newblob); if(ret) { mbedtls_strerror(ret, errorbuf, sizeof(errorbuf)); |