Skip to content

Bugfix - Crash triggered by Mutiple OCSP URIs client-cert #41

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
Chenjp wants to merge 5 commits into from
Closed

Bugfix - Crash triggered by Mutiple OCSP URIs client-cert #41

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
db2e75c
Parameters names and ocsp_urls array enhance
Chenjp Mar 2, 2026
7f3bf3e
Enhance
Chenjp Mar 2, 2026
3565242
More check
Chenjp Mar 3, 2026
33565ec
Use api
Chenjp Mar 5, 2026
bc2bb76
Merge branch 'main' into sslutils_urls
Chenjp Mar 5, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
88 changes: 58 additions & 30 deletions native/src/sslutils.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -603,42 +603,70 @@ static int parse_asn1_length(unsigned char **asn1, int *len) {
return 0;
}

/* parses the ocsp url and updates the ocsp_urls and nocsp_urls variables
/* Append ocsp url to the ocsp_urls array and update ocsp_urls_count variables
returns 0 on success, 1 on failure */
static int append_ocsp_url(char ***ocsp_urls, int *ocsp_urls_count,
const char *ocsp_url, apr_pool_t *p)
{
char *copy;
char **temp;
int new_count, ocsp_url_len;

if (*ocsp_urls_count<0 || ocsp_url == NULL|| (ocsp_url_len = strlen(ocsp_url)) == 0) {
return 1;
}

if (!(copy = apr_palloc(p, ocsp_url_len + 1)))
return 1;

memcpy(copy, ocsp_url, ocsp_url_len);
copy[ocsp_url_len] = '\0';

new_count = (*ocsp_urls_count) + 1;

temp = apr_palloc(p, (new_count + 1) * sizeof(char*));
if (temp == NULL) {
return 1;
}
if (*ocsp_urls_count > 0 && *ocsp_urls != NULL) {
memcpy(temp, *ocsp_urls, (*ocsp_urls_count) * sizeof(char*));
}

temp[new_count-1] = copy;
temp[new_count] = NULL;

*ocsp_urls = temp;
*ocsp_urls_count = new_count;

return 0;
}
/* parses the ocsp url and updates the ocsp_urls and ocsp_urls_count variables
returns 0 on success, 1 on failure */
static int parse_ocsp_url(unsigned char *asn1, char ***ocsp_urls,
int *nocsp_urls, apr_pool_t *p)
int *ocsp_urls_count, apr_pool_t *p)
{
char **new_ocsp_urls, *ocsp_url;
int len, err = 0, new_nocsp_urls;
char *ocsp_url;
int len, err = 0;

if (*asn1 == ASN1_STRING) {
err = parse_asn1_length(&asn1, &len);

if (!err) {
new_nocsp_urls = *nocsp_urls+1;
if ((new_ocsp_urls = apr_xrealloc(*ocsp_urls,*nocsp_urls, new_nocsp_urls, p)) == NULL)
err = 1;
}
if (!err) {
*ocsp_urls = new_ocsp_urls;
*nocsp_urls = new_nocsp_urls;
*(*ocsp_urls + *nocsp_urls) = NULL;
if ((ocsp_url = apr_palloc(p, len + 1)) == NULL) {
err = 1;
}
else {
memcpy(ocsp_url, asn1, len);
ocsp_url[len] = '\0';
*(*ocsp_urls + *nocsp_urls - 1) = ocsp_url;
err = append_ocsp_url(ocsp_urls, ocsp_urls_count, (const char *) ocsp_url, p);
}
}
}
return err;

}

/* parses the ANS1 OID and if it is an OCSP OID then calls the parse_ocsp_url function */
static int parse_ASN1_OID(unsigned char *asn1, char ***ocsp_urls, int *nocsp_urls, apr_pool_t *p)
static int parse_ASN1_OID(unsigned char *asn1, char ***ocsp_urls, int *ocsp_urls_count, apr_pool_t *p)
{
int len, err = 0 ;
const unsigned char OCSP_OID[] = {0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01};
Expand All @@ -647,7 +675,7 @@ static int parse_ASN1_OID(unsigned char *asn1, char ***ocsp_urls, int *nocsp_url

if (!err && len == 8 && memcmp(asn1, OCSP_OID, 8) == 0) {
asn1+=len;
err = parse_ocsp_url(asn1, ocsp_urls, nocsp_urls, p);
err = parse_ocsp_url(asn1, ocsp_urls, ocsp_urls_count, p);
}
return err;
}
Expand All @@ -660,7 +688,7 @@ static int parse_ASN1_OID(unsigned char *asn1, char ***ocsp_urls, int *nocsp_url

/* This algo was developed with AIA in mind so it was tested only with this extension */
static int parse_ASN1_Sequence(unsigned char *asn1, char ***ocsp_urls,
int *nocsp_urls, apr_pool_t *p)
int *ocsp_urls_count, apr_pool_t *p)
{
int len = 0 , err = 0;

Expand All @@ -669,11 +697,11 @@ static int parse_ASN1_Sequence(unsigned char *asn1, char ***ocsp_urls,
case ASN1_SEQUENCE:
err = parse_asn1_length(&asn1, &len);
if (!err) {
err = parse_ASN1_Sequence(asn1, ocsp_urls, nocsp_urls, p);
err = parse_ASN1_Sequence(asn1, ocsp_urls, ocsp_urls_count, p);
}
break;
case ASN1_OID:
err = parse_ASN1_OID(asn1,ocsp_urls,nocsp_urls, p);
err = parse_ASN1_OID(asn1,ocsp_urls,ocsp_urls_count, p);
return err;
break;
default:
Expand All @@ -690,24 +718,24 @@ static int parse_ASN1_Sequence(unsigned char *asn1, char ***ocsp_urls,
the ocsp_urls */
static char **decode_OCSP_url(ASN1_OCTET_STRING *os, apr_pool_t *p)
{
char **response = NULL;
unsigned char *ocsp_urls;
int len, numofresponses = 0 ;
char **ocsp_urls = NULL;
unsigned char *asn1;
int len, ocsp_urls_count = 0 ;

len = ASN1_STRING_length(os);

ocsp_urls = apr_palloc(p, len + 1);
memcpy(ocsp_urls, ASN1_STRING_get0_data(os), len);
ocsp_urls[len] = '\0';
asn1 = apr_palloc(p, len + 1);
memcpy(asn1, ASN1_STRING_get0_data(os), len);
asn1[len] = '\0';

if ((response = apr_pcalloc(p, sizeof(char *))) == NULL) {
if ((ocsp_urls = apr_pcalloc(p, sizeof(char *))) == NULL) {
return NULL;
}
if (parse_ASN1_Sequence(ocsp_urls, &response, &numofresponses, p) ||
numofresponses ==0) {
response = NULL;
if (parse_ASN1_Sequence(asn1, &ocsp_urls, &ocsp_urls_count, p) ||
ocsp_urls_count ==0) {
ocsp_urls = NULL;
}
return response;
return ocsp_urls;
}


Expand Down