mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-05-04 20:46:11 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: ssl: Remove unneeded buffer allocation in show ocsp-response

Browse Source 
When calling 'show ssl ocsp-response' from the CLI, a temporary buffer
was created in parse_binary when we could just use a local static buffer
instead. This does not change the behavior of the function, it just
simplifies it.
This commit is contained in:
Remi Tricot-Le Breton 2022-12-15 15:44:35 +01:00 committed by William Lallemand
parent c4913f6b54
commit 9334843859
1 changed files with 7 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/ssl_sock.c
View File

@ -7583,22 +7583,19 @@ static int cli_parse_show_ocspresponse(char **args, char *payload, struct appctx
#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) && !defined OPENSSL_IS_BORINGSSL)
if (*args[3]) {
struct certificate_ocsp *ocsp = NULL;
char *key = NULL;
int key_length = 0;
char key[OCSP_MAX_CERTID_ASN1_LENGTH] = {};
int key_length = OCSP_MAX_CERTID_ASN1_LENGTH;
char *key_ptr = key;
if (strlen(args[3]) > OCSP_MAX_CERTID_ASN1_LENGTH*2) {
return cli_err(appctx, "'show ssl ocsp-response' received a too big key.\n");
}
if (parse_binary(args[3], &key, &key_length, NULL)) {
char full_key[OCSP_MAX_CERTID_ASN1_LENGTH] = {};
memcpy(full_key, key, key_length);
ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, full_key, OCSP_MAX_CERTID_ASN1_LENGTH);
if (!parse_binary(args[3], &key_ptr, &key_length, NULL)) {
return cli_err(appctx, "'show ssl ocsp-response' received an invalid key.\n");
}
if (key)
ha_free(&key);
ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, key, OCSP_MAX_CERTID_ASN1_LENGTH);
if (!ocsp) {
return cli_err(appctx, "Certificate ID does not match any certificate.\n");