From f7050588bc76901e0a147c158e64ac3140dc8bfd Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Fri, 30 Apr 2021 12:18:00 -0400 Subject: Add .includedir pragma Also add a negative test, and fix typo's. Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15090) --- crypto/conf/conf_api.c | 1 + crypto/conf/conf_def.c | 31 ++++++++++++++++++++++--------- 2 files changed, 23 insertions(+), 9 deletions(-) (limited to 'crypto/conf') diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c index c2c461d832..41a09c42bc 100644 --- a/crypto/conf/conf_api.c +++ b/crypto/conf/conf_api.c @@ -146,6 +146,7 @@ void _CONF_free_data(CONF *conf) * with */ + OPENSSL_free(conf->includedir); lh_CONF_VALUE_doall(conf->data, value_free_stack_doall); lh_CONF_VALUE_free(conf->data); } diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 9561e2338a..ea6b5bf244 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -192,11 +192,11 @@ static int def_load(CONF *conf, const char *name, long *line) /* Parse a boolean value and fill in *flag. Return 0 on error. */ static int parsebool(const char *pval, int *flag) { - if (strcmp(pval, "on") == 0 - || strcmp(pval, "true") == 0) { + if (strcasecmp(pval, "on") == 0 + || strcasecmp(pval, "true") == 0) { *flag = 1; - } else if (strcmp(pval, "off") == 0 - || strcmp(pval, "false") == 0) { + } else if (strcasecmp(pval, "off") == 0 + || strcasecmp(pval, "false") == 0) { *flag = 0; } else { ERR_raise(ERR_LIB_CONF, CONF_R_INVALID_PRAGMA); @@ -414,6 +414,8 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) * Known pragmas: * * dollarid takes "on", "true or "off", "false" + * abspath takes "on", "true or "off", "false" + * includedir directory prefix */ if (strcmp(p, "dollarid") == 0) { if (!parsebool(pval, &conf->flag_dollarid)) @@ -421,7 +423,13 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) } else if (strcmp(p, "abspath") == 0) { if (!parsebool(pval, &conf->flag_abspath)) goto err; + } else if (strcmp(p, "includedir") == 0) { + if ((conf->includedir = OPENSSL_strdup(pval)) == NULL) { + ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); + goto err; + } } + /* * We *ignore* any unknown pragma. */ @@ -433,6 +441,9 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) const char *include_dir = ossl_safe_getenv("OPENSSL_CONF_INCLUDE"); char *include_path = NULL; + if (include_dir == NULL) + include_dir = conf->includedir; + if (*p == '=') { p++; p = eat_ws(conf, p); @@ -441,11 +452,6 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) if (!str_copy(conf, psection, &include, p)) goto err; - if (conf->flag_abspath && !ossl_is_absolute_path(include)) { - ERR_raise(ERR_LIB_CONF, CONF_R_RELATIVE_PATH); - goto err; - } - if (include_dir != NULL && !ossl_is_absolute_path(include)) { size_t newlen = strlen(include_dir) + strlen(include) + 2; @@ -465,6 +471,12 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) include_path = include; } + if (conf->flag_abspath + && !ossl_is_absolute_path(include_path)) { + ERR_raise(ERR_LIB_CONF, CONF_R_RELATIVE_PATH); + goto err; + } + /* get the BIO of the included file */ #ifndef OPENSSL_NO_POSIX_IO next = process_include(include_path, &dirctx, &dirpath); @@ -544,6 +556,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) */ sk_BIO_free(biosk); return 1; + err: BUF_MEM_free(buff); OPENSSL_free(section); -- cgit v1.2.1