diff options
| author | David Benjamin <davidben@chromium.org> | 2021-07-16 19:32:27 -0400 |
|---|---|---|
| committer | Openscreen LUCI CQ <openscreen-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2021-07-17 00:26:30 +0000 |
| commit | 1243e01d3f49e8c5e797186b62bd2ce350d808f7 (patch) | |
| tree | 77fb485f46cbc10aa6dcf159e09c58b5a14acb5a | |
| parent | b2074333b14325c183a3bc66cb7e1af881e67663 (diff) | |
| download | openscreen-1243e01d3f49e8c5e797186b62bd2ce350d808f7.tar.gz | |
Fix a few more accesses of private BoringSSL structures.
This CL is needed to unblock the BoringSSL roll in Chromium.
Change-Id: I95734ee6aa3c78b543ac921c3f3ca273950ef7a8
Reviewed-on: https://chromium-review.googlesource.com/c/openscreen/+/3036087
Commit-Queue: Brandon Tolsch <btolsch@chromium.org>
Reviewed-by: Brandon Tolsch <btolsch@chromium.org>
| -rw-r--r-- | cast/common/certificate/cast_cert_validator.cc | 27 |
1 files changed, 17 insertions, 10 deletions
diff --git a/cast/common/certificate/cast_cert_validator.cc b/cast/common/certificate/cast_cert_validator.cc index b66f8859..f8ee66f7 100644 --- a/cast/common/certificate/cast_cert_validator.cc +++ b/cast/common/certificate/cast_cert_validator.cc @@ -103,18 +103,18 @@ CastDeviceCertPolicy GetAudioPolicy(const std::vector<X509*>& path) { int pos = X509_get_ext_by_NID(cert, NID_certificate_policies, -1); if (pos != -1) { X509_EXTENSION* policies_extension = X509_get_ext(cert, pos); - const uint8_t* in = policies_extension->value->data; - CERTIFICATEPOLICIES* policies = d2i_CERTIFICATEPOLICIES( - nullptr, &in, policies_extension->value->length); + const ASN1_STRING* value = X509_EXTENSION_get_data(policies_extension); + const uint8_t* in = ASN1_STRING_get0_data(value); + CERTIFICATEPOLICIES* policies = + d2i_CERTIFICATEPOLICIES(nullptr, &in, ASN1_STRING_length(value)); if (policies) { // Check for |audio_only_policy_oid| in the set of policies. uint32_t policy_count = sk_POLICYINFO_num(policies); for (uint32_t i = 0; i < policy_count; ++i) { POLICYINFO* info = sk_POLICYINFO_value(policies, i); - if (info->policyid->length == - static_cast<int>(audio_only_policy_oid.length) && - memcmp(info->policyid->data, audio_only_policy_oid.data, + if (OBJ_length(info->policyid) == audio_only_policy_oid.length && + memcmp(OBJ_get0_data(info->policyid), audio_only_policy_oid.data, audio_only_policy_oid.length) == 0) { policy = CastDeviceCertPolicy::kAudioOnly; break; @@ -162,10 +162,17 @@ Error VerifyDeviceCert(const std::vector<std::string>& der_certs, // CertVerificationContextImpl. X509_NAME* target_subject = X509_get_subject_name(result_path.target_cert.get()); - std::string common_name(target_subject->canon_enclen, 0); - int len = X509_NAME_get_text_by_NID(target_subject, NID_commonName, - &common_name[0], common_name.size()); - if (len == 0) { + int len = + X509_NAME_get_text_by_NID(target_subject, NID_commonName, nullptr, 0); + if (len <= 0) { + return Error::Code::kErrCertsRestrictions; + } + // X509_NAME_get_text_by_NID writes one more byte than it reports, for a + // trailing NUL. + std::string common_name(len + 1, 0); + len = X509_NAME_get_text_by_NID(target_subject, NID_commonName, + &common_name[0], common_name.size()); + if (len <= 0) { return Error::Code::kErrCertsRestrictions; } common_name.resize(len); |