last->next = malloc_or_die(sizeof(struct certs_chain));
last->next->next = NULL;
memset(last->next->info_buf, 0, sizeof(last->next->info_buf));
- memset(last->next->file_buf, 0, sizeof(last->next->file_buf));
+ last->next->file_buf = NULL;
/*
* Saving certificate file into buffer
len = BIO_get_mem_data(bio, &bio_mem_data);
- if (len > (sizeof(last->file_buf) - 1))
+ last->file_buf = malloc((size_t)len + 1);
+ if (last->file_buf == NULL)
{
log_error(LOG_LEVEL_ERROR,
- "X509 PEM cert len %ld is larger than buffer len %lu",
- len, sizeof(last->file_buf) - 1);
- len = sizeof(last->file_buf) - 1;
+ "Failed to allocate %lu bytes to store the X509 PEM certificate",
+ len + 1);
+ ret = -1;
+ goto exit;
}
strncpy(last->file_buf, bio_mem_data, (size_t)len);
+ last->file_buf[len] = '\0';
BIO_free(bio);
bio = BIO_new(BIO_s_mem());
if (!bio)
goto exit;
}
+ /*
+ * XXX: Do we really have to do this always?
+ * Probably it's sufficient to do if the verification fails
+ * in which case we're sending the certificates to the client.
+ */
chain = SSL_get_peer_cert_chain(ssl);
if (chain)
{