X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=ssl_common.c;h=4cf72913b27839f48fcb5c4dee5d56153d80d57c;hp=a8dd371efa1953aafd6790a65875786ebdcbfa16;hb=0bb00ff309ae7c272f5124260b42730274da3388;hpb=6a6fd3ac89d9090c7fa6dc959ec8540305fe71b7

diff --git a/ssl_common.c b/ssl_common.c
index a8dd371e..4cf72913 100644
--- a/ssl_common.c
+++ b/ssl_common.c
@@ -290,8 +290,8 @@ extern void free_certificate_chain(struct client_state *csp)
    /* Cleaning buffers */
    memset(csp->server_certs_chain.info_buf, 0,
       sizeof(csp->server_certs_chain.info_buf));
-   memset(csp->server_certs_chain.file_buf, 0,
-      sizeof(csp->server_certs_chain.file_buf));
+   freez(csp->server_certs_chain.file_buf);
+
    csp->server_certs_chain.next = NULL;
 
    /* Freeing memory in whole linked list */
@@ -299,6 +299,11 @@ extern void free_certificate_chain(struct client_state *csp)
    {
       struct certs_chain *cert_for_free = cert;
       cert = cert->next;
+
+      /* Cleaning buffers */
+      memset(cert_for_free->info_buf, 0, sizeof(cert_for_free->info_buf));
+      freez(cert_for_free->file_buf);
+
       freez(cert_for_free);
    }
 }
@@ -353,11 +358,22 @@ extern void ssl_send_certificate_error(struct client_state *csp)
    cert = &(csp->server_certs_chain);
    while (cert->next != NULL)
    {
-      size_t base64_len = 4 * ((strlen(cert->file_buf) + 2) / 3) + 1;
+      size_t base64_len;
 
-      message_len += strlen(cert->info_buf) + strlen("<pre></pre>\n")
-                     +  base64_len + strlen("<a href=\"data:application"
-                        "/x-x509-ca-cert;base64,\">Download certificate</a>");
+      if (cert->file_buf != NULL)
+      {
+         base64_len = 4 * ((strlen(cert->file_buf) + 2) / 3) + 1;
+
+         message_len += strlen(cert->info_buf) + strlen("<pre></pre>\n")
+            +  base64_len + strlen("<a href=\"data:application"
+            "/x-x509-ca-cert;base64,\">Download certificate</a>");
+      }
+      else
+      {
+         log_error(LOG_LEVEL_ERROR,
+            "Incomplete certificate information for %s.",
+            csp->http->hostport);
+      }
       cert = cert->next;
    }
 
@@ -374,31 +390,36 @@ extern void ssl_send_certificate_error(struct client_state *csp)
    cert = &(csp->server_certs_chain);
    while (cert->next != NULL)
    {
-      size_t olen = 0;
-      size_t base64_len = 4 * ((strlen(cert->file_buf) + 2) / 3) + 1; /* +1 for terminating null*/
-      char base64_buf[base64_len];
-      memset(base64_buf, 0, base64_len);
-
-      /* Encoding certificate into base64 code */
-      ret = ssl_base64_encode((unsigned char*)base64_buf,
-               base64_len, &olen, (const unsigned char*)cert->file_buf,
-               strlen(cert->file_buf));
-      if (ret != 0)
+      if (cert->file_buf != NULL)
       {
-         log_error(LOG_LEVEL_ERROR,
-            "Encoding to base64 failed, buffer is to small");
-      }
-
-      strlcat(message, "<pre>",        message_len);
-      strlcat(message, cert->info_buf, message_len);
-      strlcat(message, "</pre>\n",     message_len);
-
-      if (ret == 0)
-      {
-         strlcat(message, "<a href=\"data:application/x-x509-ca-cert;base64,",
-            message_len);
-         strlcat(message, base64_buf, message_len);
-         strlcat(message, "\">Download certificate</a>", message_len);
+                                                       /* +1 for terminating null */
+         size_t base64_len = base64_len = 4 * ((strlen(cert->file_buf) + 2) / 3) + 1;
+         size_t olen = 0;
+         char base64_buf[base64_len];
+
+         memset(base64_buf, 0, base64_len);
+
+         /* Encoding certificate into base64 code */
+         ret = ssl_base64_encode((unsigned char*)base64_buf,
+                  base64_len, &olen, (const unsigned char*)cert->file_buf,
+                  strlen(cert->file_buf));
+         if (ret != 0)
+         {
+            log_error(LOG_LEVEL_ERROR,
+               "Encoding to base64 failed, buffer is to small");
+         }
+
+         strlcat(message, "<pre>",        message_len);
+         strlcat(message, cert->info_buf, message_len);
+         strlcat(message, "</pre>\n",     message_len);
+
+         if (ret == 0)
+         {
+            strlcat(message, "<a href=\"data:application/x-x509-ca-cert;base64,",
+               message_len);
+            strlcat(message, base64_buf, message_len);
+            strlcat(message, "\">Download certificate</a>", message_len);
+         }
       }
 
       cert = cert->next;
@@ -668,49 +689,6 @@ extern int get_certificate_valid_to_date(char *buffer, size_t buffer_size, const
 }
 
 
-/*********************************************************************
- *
- * Function    :  host_is_ip_address
- *
- * Description :  Checks whether or not a host is specified by
- *                IP address. Does not actually validate the
- *                address.
- *
- * Parameters  :
- *          1  :  host = The host name to check
- *
- * Returns     :   1 => Yes
- *                 0 => No
- *
- *********************************************************************/
-extern int host_is_ip_address(const char *host)
-{
-   const char *p;
-
-   if (NULL != strstr(host, ":"))
-   {
-      /* Assume an IPv6 address. */
-      return 1;
-   }
-
-   for (p = host; *p; p++)
-   {
-      if ((*p != '.') && !privoxy_isdigit(*p))
-      {
-         /* Not a dot or digit so it can't be an IPv4 address. */
-         return 0;
-      }
-   }
-
-   /*
-    * Host only consists of dots and digits so
-    * assume that is an IPv4 address.
-    */
-   return 1;
-
-}
-
-
 /*********************************************************************
  *
  * Function    :  enforce_sane_certificate_state