BUG/MINOR: ssl/ocsp: check chunk_strcpy() in ssl_ocsp_get_uri_from_cert()

author William Lallemand <wlallemand@haproxy.org>

Thu, 22 Dec 2022 09:09:11 +0000 (10:09 +0100)

committer William Lallemand <wlallemand@haproxy.org>

Thu, 22 Dec 2022 09:09:11 +0000 (10:09 +0100)
author William Lallemand <wlallemand@haproxy.org>
Thu, 22 Dec 2022 09:09:11 +0000 (10:09 +0100)
committer William Lallemand <wlallemand@haproxy.org>
Thu, 22 Dec 2022 09:09:11 +0000 (10:09 +0100)
diff --git a/src/ssl_ocsp.c b/src/ssl_ocsp.c

index 901b396..0f59325 100644 (file)
--- a/src/ssl_ocsp.c
+++ b/src/ssl_ocsp.c
@@ -590,7 +590,10 @@ int ssl_ocsp_get_uri_from_cert(X509 *cert, struct buffer *out, char **err)
                 goto end;
         }
  
-       chunk_strcpy(out, sk_OPENSSL_STRING_value(ocsp_uri_stk, 0));
+       if (!chunk_strcpy(out, sk_OPENSSL_STRING_value(ocsp_uri_stk, 0))) {
+               memprintf(err, "%sOCSP URI too long!\n", *err ? *err : "");
+               goto end;
+       }
         if (b_data(out) == 0) {
                 memprintf(err, "%sNo OCSP URL!\n", *err ? *err : "");
                 goto end;
author	William Lallemand <wlallemand@haproxy.org>
	Thu, 22 Dec 2022 09:09:11 +0000 (10:09 +0100)
committer	William Lallemand <wlallemand@haproxy.org>
	Thu, 22 Dec 2022 09:09:11 +0000 (10:09 +0100)