linux-qubasis
linux oasis port as a qubes template
git clone https://9o.is/git/linux-qubasis.git
0034-acme-client-Fix-signed-ness-of-base64buf_url-input.patch
(5351B)
1 From 67ffb8812ee7ac5fe23a5149ff643d1f392fb1f5 Mon Sep 17 00:00:00 2001
2 From: Michael Forney <mforney@mforney.org>
3 Date: Fri, 23 Apr 2021 20:10:05 -0700
4 Subject: [PATCH] acme-client: Fix signed-ness of base64buf_url input
5
6 This make most of the pointer casts unnecessary.
7 ---
8 usr.sbin/acme-client/acctproc.c | 17 +++++++++--------
9 usr.sbin/acme-client/base64.c | 2 +-
10 usr.sbin/acme-client/extern.h | 2 +-
11 usr.sbin/acme-client/keyproc.c | 5 +++--
12 usr.sbin/acme-client/revokeproc.c | 6 ++++--
13 5 files changed, 18 insertions(+), 14 deletions(-)
14
15 diff --git a/usr.sbin/acme-client/acctproc.c b/usr.sbin/acme-client/acctproc.c
16 index da3d49107ae..9e97a8bb760 100644
17 --- a/usr.sbin/acme-client/acctproc.c
18 +++ b/usr.sbin/acme-client/acctproc.c
19 @@ -42,8 +42,9 @@
20 static char *
21 bn2string(const BIGNUM *bn)
22 {
23 - int len;
24 - char *buf, *bbuf;
25 + int len;
26 + unsigned char *buf;
27 + char *bbuf;
28
29 /* Extract big-endian representation of BIGNUM. */
30
31 @@ -51,7 +52,7 @@ bn2string(const BIGNUM *bn)
32 if ((buf = malloc(len)) == NULL) {
33 warn("malloc");
34 return NULL;
35 - } else if (len != BN_bn2bin(bn, (unsigned char *)buf)) {
36 + } else if (len != BN_bn2bin(bn, buf)) {
37 warnx("BN_bn2bin");
38 free(buf);
39 return NULL;
40 @@ -167,7 +168,7 @@ op_thumbprint(int fd, EVP_PKEY *pkey)
41 warnx("EVP_Digest");
42 goto out;
43 }
44 - if ((dig64 = base64buf_url((char *)dig, digsz)) == NULL) {
45 + if ((dig64 = base64buf_url(dig, digsz)) == NULL) {
46 warnx("base64buf_url");
47 goto out;
48 }
49 @@ -281,7 +282,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acctop op)
50
51 /* Base64-encode the payload. */
52
53 - if ((pay64 = base64buf_url(pay, strlen(pay))) == NULL) {
54 + if ((pay64 = base64buf_url((unsigned char *)pay, strlen(pay))) == NULL) {
55 warnx("base64buf_url");
56 goto out;
57 }
58 @@ -324,7 +325,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acctop op)
59
60 /* The header combined with the nonce, base64. */
61
62 - if ((prot64 = base64buf_url(prot, strlen(prot))) == NULL) {
63 + if ((prot64 = base64buf_url((unsigned char *)prot, strlen(prot))) == NULL) {
64 warnx("base64buf_url");
65 goto out;
66 }
67 @@ -363,7 +364,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acctop op)
68
69 switch (EVP_PKEY_base_id(pkey)) {
70 case EVP_PKEY_RSA:
71 - if ((dig64 = base64buf_url((char *)dig, digsz)) == NULL) {
72 + if ((dig64 = base64buf_url(dig, digsz)) == NULL) {
73 warnx("base64buf_url");
74 goto out;
75 }
76 @@ -402,7 +403,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acctop op)
77 goto out;
78 }
79
80 - if ((dig64 = base64buf_url((char *)buf, 2 * bn_len)) == NULL) {
81 + if ((dig64 = base64buf_url(buf, 2 * bn_len)) == NULL) {
82 warnx("base64buf_url");
83 goto out;
84 }
85 diff --git a/usr.sbin/acme-client/base64.c b/usr.sbin/acme-client/base64.c
86 index 2b6377f0d81..0d84ad4b458 100644
87 --- a/usr.sbin/acme-client/base64.c
88 +++ b/usr.sbin/acme-client/base64.c
89 @@ -39,7 +39,7 @@ base64len(size_t len)
90 * Returns NULL on allocation failure (not logged).
91 */
92 char *
93 -base64buf_url(const char *data, size_t len)
94 +base64buf_url(const unsigned char *data, size_t len)
95 {
96 size_t i, sz;
97 char *buf;
98 diff --git a/usr.sbin/acme-client/extern.h b/usr.sbin/acme-client/extern.h
99 index 915f80e3992..5b0950b0693 100644
100 --- a/usr.sbin/acme-client/extern.h
101 +++ b/usr.sbin/acme-client/extern.h
102 @@ -244,7 +244,7 @@ int checkexit_ext(int *, pid_t, enum comp);
103 * Returns a buffer or NULL on allocation error.
104 */
105 size_t base64len(size_t);
106 -char *base64buf_url(const char *, size_t);
107 +char *base64buf_url(const unsigned char *, size_t);
108
109 /*
110 * JSON parsing routines.
111 diff --git a/usr.sbin/acme-client/keyproc.c b/usr.sbin/acme-client/keyproc.c
112 index a3b6666c279..f0df9f292d4 100644
113 --- a/usr.sbin/acme-client/keyproc.c
114 +++ b/usr.sbin/acme-client/keyproc.c
115 @@ -77,7 +77,8 @@ int
116 keyproc(int netsock, const char *keyfile, const char **alts, size_t altsz,
117 enum keytype keytype)
118 {
119 - char *der64 = NULL, *der = NULL, *dercp;
120 + char *der64 = NULL;
121 + unsigned char *der = NULL, *dercp;
122 char *sans = NULL, *san = NULL;
123 FILE *f;
124 size_t i, sansz;
125 @@ -238,7 +239,7 @@ keyproc(int netsock, const char *keyfile, const char **alts, size_t altsz,
126 } else if ((der = dercp = malloc(len)) == NULL) {
127 warn("malloc");
128 goto out;
129 - } else if (len != i2d_X509_REQ(x, (u_char **)&dercp)) {
130 + } else if (len != i2d_X509_REQ(x, &dercp)) {
131 warnx("i2d_X509_REQ");
132 goto out;
133 } else if ((der64 = base64buf_url(der, len)) == NULL) {
134 diff --git a/usr.sbin/acme-client/revokeproc.c b/usr.sbin/acme-client/revokeproc.c
135 index 0f1bf32678b..58e81233f1a 100644
136 --- a/usr.sbin/acme-client/revokeproc.c
137 +++ b/usr.sbin/acme-client/revokeproc.c
138 @@ -63,7 +63,9 @@ revokeproc(int fd, const char *certfile, int force,
139 int revocate, const char *const *alts, size_t altsz)
140 {
141 GENERAL_NAMES *sans = NULL;
142 - char *der = NULL, *dercp, *der64 = NULL;
143 + unsigned char *der = NULL, *dercp;
144 + char *der64 = NULL;
145 + char *san = NULL, *str, *tok;
146 int rc = 0, cc, i, len;
147 size_t *found = NULL;
148 FILE *f = NULL;
149 @@ -240,7 +242,7 @@ revokeproc(int fd, const char *certfile, int force,
150 } else if ((der = dercp = malloc(len)) == NULL) {
151 warn("malloc");
152 goto out;
153 - } else if (len != i2d_X509(x, (u_char **)&dercp)) {
154 + } else if (len != i2d_X509(x, &dercp)) {
155 warnx("i2d_X509");
156 goto out;
157 } else if ((der64 = base64buf_url(der, len)) == NULL) {
158 --
159 2.49.0
160