X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=openssl.c;h=685995f763b1cfd71b1054ed76aa421d428d0db1;hp=4dac8ea9cba6974d13fa6c562f365a5f403b725f;hb=ed36fcd3daa7d4696342ebe738d36c4348705cd5;hpb=fd1bd3017b9aaee3632dd10b6ddc6ed9a077dc03

diff --git a/openssl.c b/openssl.c
index 4dac8ea9..685995f7 100644
--- a/openssl.c
+++ b/openssl.c
@@ -302,7 +302,7 @@ static int ssl_store_cert(struct client_state *csp, X509 *crt)
    last->next = malloc_or_die(sizeof(struct certs_chain));
    last->next->next = NULL;
    memset(last->next->info_buf, 0, sizeof(last->next->info_buf));
-   memset(last->next->file_buf, 0, sizeof(last->next->file_buf));
+   last->next->file_buf = NULL;
 
    /*
     * Saving certificate file into buffer
@@ -316,15 +316,18 @@ static int ssl_store_cert(struct client_state *csp, X509 *crt)
 
    len = BIO_get_mem_data(bio, &bio_mem_data);
 
-   if (len > (sizeof(last->file_buf) - 1))
+   last->file_buf = malloc((size_t)len + 1);
+   if (last->file_buf == NULL)
    {
       log_error(LOG_LEVEL_ERROR,
-         "X509 PEM cert len %ld is larger than buffer len %lu",
-         len, sizeof(last->file_buf) - 1);
-      len = sizeof(last->file_buf) - 1;
+         "Failed to allocate %lu bytes to store the X509 PEM certificate",
+         len + 1);
+      ret = -1;
+      goto exit;
    }
 
    strncpy(last->file_buf, bio_mem_data, (size_t)len);
+   last->file_buf[len] = '\0';
    BIO_free(bio);
    bio = BIO_new(BIO_s_mem());
    if (!bio)
@@ -1152,6 +1155,11 @@ extern int create_server_ssl_connection(struct client_state *csp)
       goto exit;
    }
 
+   /*
+    * XXX: Do we really have to do this always?
+    *      Probably it's sufficient to do if the verification fails
+    *      in which case we're sending the certificates to the client.
+    */
    chain = SSL_get_peer_cert_chain(ssl);
    if (chain)
    {