kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove 'file:' feature in v3_pci.c's CONF hooks.

Browse Source 
This makes it easier to build a subset of BoringSSL which doesn't depend
on the filesystem (though perhaps it's worth a build define for that
now). This hook is also generally surprising. CONF hooks are bad enough
when they don't open arbitrary files.

Change-Id: Ibf791162dd3d4cec8117eb49ff0cd716a1c54abd
Reviewed-on: https://boringssl-review.googlesource.com/14166
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
David Benjamin 2017-03-10 11:58:15 -05:00 committed by CQ bot account: commit-bot@chromium.org
parent 91222b8d38
commit 93103177a5
1 changed files with 0 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
crypto/x509v3/v3_pci.c
View File

@ -35,7 +35,6 @@
* SUCH DAMAGE.
*/
#include <stdio.h>
#include <string.h>
#include <openssl/conf.h>
@ -153,38 +152,6 @@ static int process_pci_value(CONF_VALUE *val,
goto err;
}
OPENSSL_free(tmp_data2);
} else if (strncmp(val->value, "file:", 5) == 0) {
unsigned char buf[2048];
int n;
BIO *b = BIO_new_file(val->value + 5, "r");
if (!b) {
OPENSSL_PUT_ERROR(X509V3, ERR_R_BIO_LIB);
X509V3_conf_err(val);
goto err;
}
while ((n = BIO_read(b, buf, sizeof(buf))) > 0
|| (n == 0 && BIO_should_retry(b))) {
if (!n)
continue;
tmp_data = OPENSSL_realloc((*policy)->data,
(*policy)->length + n + 1);
if (!tmp_data)
break;
(*policy)->data = tmp_data;
OPENSSL_memcpy(&(*policy)->data[(*policy)->length], buf, n);
(*policy)->length += n;
(*policy)->data[(*policy)->length] = '\0';
}
BIO_free_all(b);
if (n < 0) {
OPENSSL_PUT_ERROR(X509V3, ERR_R_BIO_LIB);
X509V3_conf_err(val);
goto err;
}
} else if (strncmp(val->value, "text:", 5) == 0) {
val_len = strlen(val->value + 5);
tmp_data = OPENSSL_realloc((*policy)->data,