Fix buffer overrun in spam= acl condition. Bug 1552

[exim.git] / src / src / dane-openssl.c

diff --git a/src/src/dane-openssl.c b/src/src/dane-openssl.c
index aee6323bfd90884de6b3dc317350a658b271f70f..6345b39ca459cd1461985fa5c8d6edb7d2212cb3 100644 (file)
--- a/src/src/dane-openssl.c
+++ b/src/src/dane-openssl.c
@@ -202,9 +202,9 @@ for(matched = 0; !matched && slist; slist = slist->next)
   {
   dane_mtype_list m;
   unsigned char mdbuf[EVP_MAX_MD_SIZE];
-  unsigned char *buf;
+  unsigned char *buf = NULL;
   unsigned char *buf2;
-  unsigned int len;
+  unsigned int len = 0;
 
   /*
    * Extract ASN.1 DER form of certificate or public key.
@@ -679,6 +679,7 @@ int matched;
 matched = match(dane->selectors[SSL_DANE_USAGE_FIXED_LEAF], cert, 0);
 if(matched > 0)
   if(!ctx->chain)
+    {
     if(  (ctx->chain = sk_X509_new_null())
       && sk_X509_push(ctx->chain, cert))
       CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
@@ -687,6 +688,7 @@ if(matched > 0)
       DANEerr(DANE_F_CHECK_END_ENTITY, ERR_R_MALLOC_FAILURE);
       return -1;
       }
+    }
 return matched;
 }
 
@@ -714,12 +716,14 @@ for(hosts = dane->hosts; hosts; hosts = hosts->next)
    * Sub-domain match: certid is any sub-domain of hostname.
    */
   if(match_subdomain)
+    {
     if(  (idlen = strlen(certid)) > (domlen = strlen(domain)) + 1
       && certid[idlen - domlen - 1] == '.'
       && !strcasecmp(certid + (idlen - domlen), domain))
       return 1;
     else
       continue;
+    }
 
   /*
    * Exact match and initial "*" match. The initial "*" in a certid
@@ -859,7 +863,7 @@ X509 *cert = ctx->cert;             /* XXX: accessor? */
 int matched = 0;
 int chain_length = sk_X509_num(ctx->chain);
 
-DEBUG(D_tls) debug_printf("Dane library verify_chain fn called\n");
+DEBUG(D_tls) debug_printf("Dane verify-chain\n");
 
 issuer_rrs = dane->selectors[SSL_DANE_USAGE_LIMIT_ISSUER];
 leaf_rrs = dane->selectors[SSL_DANE_USAGE_LIMIT_LEAF];
@@ -952,7 +956,7 @@ int (*cb)(int, X509_STORE_CTX *) = ctx->verify_cb;
 int matched;
 X509 *cert = ctx->cert;             /* XXX: accessor? */
 
-DEBUG(D_tls) debug_printf("Dane library verify_cert fn called\n");
+DEBUG(D_tls) debug_printf("Dane verify-cert\n");
 
 if(ssl_idx < 0)
   ssl_idx = SSL_get_ex_data_X509_STORE_CTX_idx();
@@ -1084,7 +1088,7 @@ DANESSL_cleanup(SSL *ssl)
 ssl_dane *dane;
 int u;
 
-DEBUG(D_tls) debug_printf("Dane library cleanup fn called\n");
+DEBUG(D_tls) debug_printf("Dane lib-cleanup\n");
 
 if(dane_idx < 0 || !(dane = SSL_get_ex_data(ssl, dane_idx)))
   return;
@@ -1106,7 +1110,6 @@ if(dane->roots)
 if(dane->chain)
   sk_X509_pop_free(dane->chain, X509_free);
 OPENSSL_free(dane);
-DEBUG(D_tls) debug_printf("Dane library cleanup fn return\n");
 }
 
 static dane_host_list
@@ -1162,7 +1165,8 @@ dane_cert_list xlist = 0;
 dane_pkey_list klist = 0;
 const EVP_MD *md = 0;
 
-DEBUG(D_tls) debug_printf("Dane add_tlsa\n");
+DEBUG(D_tls) debug_printf("Dane add-tlsa: usage %u sel %u mdname \"%s\"\n",
+                         usage, selector, mdname);
 
 if(dane_idx < 0 || !(dane = SSL_get_ex_data(ssl, dane_idx)))
   {
@@ -1340,7 +1344,7 @@ if(sctx->app_verify_callback != verify_cert)
   return -1;
   }
 #else
-DEBUG(D_tls) debug_printf("Dane ssl_init\n");
+DEBUG(D_tls) debug_printf("Dane ssl-init\n");
 if(dane_idx < 0)
   {
   DANEerr(DANE_F_SSL_DANE_INIT, DANE_R_LIBRARY_INIT);
@@ -1362,7 +1366,6 @@ if(!SSL_set_ex_data(ssl, dane_idx, dane))
   OPENSSL_free(dane);
   return 0;
   }
-DEBUG(D_tls) debug_printf("Dane ssl-init: new dane struct: %p\n", dane);
 
 dane->verify = 0;
 dane->hosts = 0;