← Back to branch summary

~ubuntu-branches/ubuntu/saucy/curl/saucy-201307251546

« back to all changes in this revision

Viewing changes to lib/ssluse.c

  • Committer: Package Import Robot
  • Author(s): Alessandro Ghedini
  • Date: 2012-03-23 16:24:51 UTC
  • mto: (3.6.1 experimental) (1.3.1)
  • mto: This revision was merged to the branch mainline in revision 59.
  • Revision ID: package-import@ubuntu.com-20120323162451-z4gstlabjkgnrh7h
Tags: upstream-7.25.0
ImportĀ upstreamĀ versionĀ 7.25.0

Show diffs side-by-side

added added

removed removed

Lines of Context:
lib/ssluse.c
67
67
#include <x509v3.h>
68
68
#endif
69
69
 
 
70
#include "warnless.h"
70
71
#include "curl_memory.h"
71
72
#include "non-ascii.h" /* for Curl_convert_from_utf8 prototype */
72
73
 
144
145
static char global_passwd[64];
145
146
#endif
146
147
 
147
 
static int passwd_callback(char *buf, int num, int verify
 
148
static int passwd_callback(char *buf, int num, int encrypting
148
149
#ifdef HAVE_USERDATA_IN_PWD_CALLBACK
149
150
                           /* This was introduced in 0.9.4, we can set this
150
151
                              using SSL_CTX_set_default_passwd_cb_userdata()
153
154
#endif
154
155
                           )
155
156
{
156
 
  if(verify)
157
 
    fprintf(stderr, "%s\n", buf);
158
 
  else {
159
 
    if(num > (int)strlen((char *)global_passwd)) {
160
 
      strcpy(buf, global_passwd);
161
 
      return (int)strlen(buf);
 
157
  DEBUGASSERT(0 == encrypting);
 
158
 
 
159
  if(!encrypting) {
 
160
    int klen = curlx_uztosi(strlen((char *)global_passwd));
 
161
    if(num > klen) {
 
162
      memcpy(buf, global_passwd, klen+1);
 
163
      return klen;
162
164
    }
163
165
  }
164
166
  return 0;
254
256
      if(!area)
255
257
        return 3; /* out of memory */
256
258
 
257
 
      len = (int)strlen(area);
 
259
      len = curlx_uztosi(strlen(area));
258
260
      RAND_add(area, len, (len >> 1));
259
261
 
260
262
      free(area); /* now remove the random junk */
338
340
      size_t len = strlen(data->set.str[STRING_KEY_PASSWD]);
339
341
      if(len < sizeof(global_passwd))
340
342
        memcpy(global_passwd, data->set.str[STRING_KEY_PASSWD], len+1);
 
343
      else
 
344
        global_passwd[0] = '\0';
341
345
#else
342
346
      /*
343
347
       * We set the password in the callback userdata
1252
1256
        else /* not a UTF8 name */
1253
1257
          j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
1254
1258
 
1255
 
        if(peer_CN && ((int)strlen((char *)peer_CN) != j)) {
 
1259
        if(peer_CN && (curlx_uztosi(strlen((char *)peer_CN)) != j)) {
1256
1260
          /* there was a terminating zero before the end of string, this
1257
1261
             cannot match and we return failure! */
1258
1262
          failf(data, "SSL: illegal cert name field");
1566
1570
#endif
1567
1571
 
1568
1572
#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
1569
 
  ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
 
1573
  /* unless the user explicitly ask to allow the protocol vulnerability we
 
1574
     use the work-around */
 
1575
  if(!conn->data->set.ssl_enable_beast)
 
1576
    ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
1570
1577
#endif
1571
1578
 
1572
1579
  /* disable SSLv2 in the default case (i.e. allow SSLv3 and TLSv1) */