sb fixes for crl and ocsp

2013-02-20 15:26:22 -08:00 · 2013-02-20 15:26:22 -08:00 · b2b45d3f4a
parent 04d0c581b1
commit b2b45d3f4a
4 changed files with 18 additions and 6 deletions
--- a/ctaocrypt/src/asn.c
+++ b/ctaocrypt/src/asn.c
@ -4295,7 +4295,8 @@ static int DecodeSingleResponse(byte* source,
            break;
        case (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | CERT_REVOKED):
            cs->status = CERT_REVOKED;
-            GetLength(source, &idx, &length, size);
+            if (GetLength(source, &idx, &length, size) < 0)
+                return ASN_PARSE_E;
            idx += length;
            break;
        case (ASN_CONTEXT_SPECIFIC | CERT_UNKNOWN):
--- a/src/io.c
+++ b/src/io.c
@ -506,6 +506,10 @@ static INLINE int tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port)
    }

    *sockfd = socket(AF_INET_V, SOCK_STREAM, 0);
+    if (*sockfd < 0) {
+        CYASSL_MSG("bad socket fd, out of fds?");
+        return -1;
+    }
    XMEMSET(&addr, 0, sizeof(SOCKADDR_IN_T));

    addr.sin_family = AF_INET_V;
@ -672,7 +676,7 @@ int EmbedOcspLookup(void* ctx, const char* url, int urlSz,
                        byte* ocspReqBuf, int ocspReqSz, byte** ocspRespBuf)
 {
    char domainName[80], path[80];
-    int port, httpBufSz, sfd;
+    int port, httpBufSz, sfd = -1;
    int ocspRespSz = 0;
    byte* httpBuf = NULL;

@ -725,6 +729,7 @@ int EmbedOcspLookup(void* ctx, const char* url, int urlSz,
        }
    } else {
        CYASSL_MSG("OCSP Responder connection failed");
+        close(sfd);
        return -1;
    }

--- a/src/ocsp.c
+++ b/src/ocsp.c
@ -274,7 +274,7 @@ int CyaSSL_OCSP_Lookup_Cert(CYASSL_OCSP* ocsp, DecodedCert* cert)
    }

    if (ocsp->useOverrideUrl || cert->extAuthInfo == NULL) {
-        if (ocsp->overrideUrl != NULL) {
+        if (ocsp->overrideUrl[0] != '\0') {
            url = ocsp->overrideUrl;
            urlSz = (int)XSTRLEN(url);
        }
@ -299,7 +299,7 @@ int CyaSSL_OCSP_Lookup_Cert(CYASSL_OCSP* ocsp, DecodedCert* cert)
                                          ocspReqBuf, ocspReqSz, &ocspRespBuf);
    }

-    if (result >= 0) {
+    if (result >= 0 && ocspRespBuf) {
        InitOcspResponse(&ocspResponse, certStatus, ocspRespBuf, result);
        OcspResponseDecode(&ocspResponse);
    
--- a/src/ssl.c
+++ b/src/ssl.c
@ -955,7 +955,10 @@ int CyaSSL_Init(void)
            ret = BAD_MUTEX_ERROR;
    }
    if (ret == 0) {
-        LockMutex(&count_mutex);
+        if (LockMutex(&count_mutex) != 0) {
+            CYASSL_MSG("Bad Lock Mutex count");
+            return BAD_MUTEX_ERROR;
+        }
        initRefCount++;
        UnLockMutex(&count_mutex);
    }
@ -3018,7 +3021,10 @@ int CyaSSL_Cleanup(void)

    CYASSL_ENTER("CyaSSL_Cleanup");

-    LockMutex(&count_mutex);
+    if (LockMutex(&count_mutex) != 0) {
+        CYASSL_MSG("Bad Lock Mutex count");
+        return BAD_MUTEX_ERROR;
+    }

    release = initRefCount-- == 1;
    if (initRefCount < 0)