Comment 5 for bug 1912389

Revision history for this message
Graham Leggett (minfrin-y) wrote :

diff --git a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
index e0e6615f0..dd202f440 100644
--- a/snmplib/snmp_openssl.c
+++ b/snmplib/snmp_openssl.c
@@ -499,6 +499,8 @@ netsnmp_openssl_cert_dump_extensions(X509 *ocert)
         extension_name = OBJ_nid2sn(nid);
         buf_len = sizeof(buf);
         str = _cert_get_extension_str_at(ocert, i, &buf_ptr, &buf_len, 0);
+ if (!str)
+ continue;
         lf = strchr(str, '\n'); /* look for multiline strings */
         if (NULL != lf)
             *lf = '\0'; /* only log first line of multiline here */
diff --git a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
index 01d72afb2..e0e6615f0 100644
--- a/snmplib/snmp_openssl.c
+++ b/snmplib/snmp_openssl.c
@@ -300,7 +300,7 @@ _cert_get_extension(X509_EXTENSION *oext, char **buf, int *len, int flags)

     if (!buf_ptr) {
         snmp_log(LOG_ERR,
- "not enough space or error in allocation for extenstion\n");
+ "not enough space or error in allocation for extension\n");
         BIO_vfree(bio);
         return NULL;
     }
diff --git a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
index dd202f440..7d6db6ae6 100644
--- a/snmplib/snmp_openssl.c
+++ b/snmplib/snmp_openssl.c
@@ -290,8 +290,11 @@ _cert_get_extension(X509_EXTENSION *oext, char **buf, int *len, int flags)

     space = BIO_get_mem_data(bio, &data);
     if (buf && *buf) {
- if (*len < space)
- buf_ptr = NULL;
+ if (*len < space + 1) {
+ snmp_log(LOG_ERR, "not enough buffer space to print extension\n");
+ BIO_vfree(bio);
+ return NULL;
+ }
         else
             buf_ptr = *buf;
     }
@@ -299,8 +302,7 @@ _cert_get_extension(X509_EXTENSION *oext, char **buf, int *len, int flags)
         buf_ptr = calloc(1,space + 1);

     if (!buf_ptr) {
- snmp_log(LOG_ERR,
- "not enough space or error in allocation for extension\n");
+ snmp_log(LOG_ERR, "error in allocation for extension\n");
         BIO_vfree(bio);
         return NULL;
     }
@@ -479,7 +481,7 @@ netsnmp_openssl_cert_dump_extensions(X509 *ocert)
 {
     X509_EXTENSION *extension;
     const char *extension_name;
- char buf[SNMP_MAXBUF_SMALL], *buf_ptr = buf, *str, *lf;
+ char buf[SNMP_MAXBUF], *buf_ptr = buf, *str, *lf;
     int i, num_extensions, buf_len, nid;

     if (NULL == ocert)
@@ -499,8 +501,11 @@ netsnmp_openssl_cert_dump_extensions(X509 *ocert)
         extension_name = OBJ_nid2sn(nid);
         buf_len = sizeof(buf);
         str = _cert_get_extension_str_at(ocert, i, &buf_ptr, &buf_len, 0);
- if (!str)
+ if (!str) {
+ DEBUGMSGT(("9:cert:dump", " %2d: %s\n", i,
+ extension_name));
             continue;
+ }
         lf = strchr(str, '\n'); /* look for multiline strings */
         if (NULL != lf)
             *lf = '\0'; /* only log first line of multiline here */
diff --git a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
index 7d6db6ae6..c092a007a 100644
--- a/snmplib/snmp_openssl.c
+++ b/snmplib/snmp_openssl.c
@@ -284,33 +284,30 @@ _cert_get_extension(X509_EXTENSION *oext, char **buf, int *len, int flags)
     }
     if (X509V3_EXT_print(bio, oext, 0, 0) != 1) {
         snmp_log(LOG_ERR, "could not print extension!\n");
- BIO_vfree(bio);
- return NULL;
+ goto out;
     }

     space = BIO_get_mem_data(bio, &data);
     if (buf && *buf) {
         if (*len < space + 1) {
             snmp_log(LOG_ERR, "not enough buffer space to print extension\n");
- BIO_vfree(bio);
- return NULL;
+ goto out;
         }
- else
- buf_ptr = *buf;
+ buf_ptr = *buf;
+ } else {
+ buf_ptr = calloc(1, space + 1);
     }
- else
- buf_ptr = calloc(1,space + 1);

     if (!buf_ptr) {
         snmp_log(LOG_ERR, "error in allocation for extension\n");
- BIO_vfree(bio);
- return NULL;
+ goto out;
     }
     memcpy(buf_ptr, data, space);
     buf_ptr[space] = 0;
     if (len)
         *len = space;

+out:
     BIO_vfree(bio);

     return buf_ptr;