[ocsp] Avoid including a double path separator in request URI

The OCSP responder URI included within an X.509 certificate may or may not include a trailing slash. We currently rely on the fact that format_uri() incorrectly inserts an initial slash, which we include unconditionally within the OCSP request URI. Switch to using uri_encode() directly, and insert a slash only if the X.509 certificate's OCSP responder URI does not already include a trailing slash. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2016-01-21 17:50:34 +00:00 · 2016-01-21 17:50:34 +00:00 · 42c2a6aab7
parent 295ad11367
commit 42c2a6aab7
1 changed files with 26 additions and 28 deletions
--- a/src/crypto/ocsp.c
+++ b/src/crypto/ocsp.c
@ -209,10 +209,10 @@ static int ocsp_request ( struct ocsp_check *ocsp ) {
 static int ocsp_uri_string ( struct ocsp_check *ocsp ) {
 	struct x509_ocsp_responder *responder =
 		&ocsp->cert->extensions.auth_info.ocsp;
-	struct uri path_uri;
-	char *path_base64_string;
-	char *path_uri_string;
-	size_t path_len;
+	char *base64;
+	char *sep;
+	size_t base64_len;
+	size_t uri_len;
 	size_t len;
 	int rc;

@ -224,46 +224,44 @@ static int ocsp_uri_string ( struct ocsp_check *ocsp ) {
 		goto err_no_uri;
 	}

-	/* Base64-encode the request as the URI path */
-	path_len = ( base64_encoded_len ( ocsp->request.builder.len )
-		     + 1 /* NUL */ );
-	path_base64_string = malloc ( path_len );
-	if ( ! path_base64_string ) {
+	/* Calculate base64-encoded request length */
+	base64_len = ( base64_encoded_len ( ocsp->request.builder.len )
+		       + 1 /* NUL */ );
+
+	/* Allocate and construct the base64-encoded request */
+	base64 = malloc ( base64_len );
+	if ( ! base64 ) {
 		rc = -ENOMEM;
-		goto err_path_base64;
+		goto err_alloc_base64;
 	}
 	base64_encode ( ocsp->request.builder.data, ocsp->request.builder.len,
-			path_base64_string, path_len );
+			base64, base64_len );

-	/* URI-encode the Base64-encoded request */
-	memset ( &path_uri, 0, sizeof ( path_uri ) );
-	path_uri.path = path_base64_string;
-	path_uri_string = format_uri_alloc ( &path_uri );
-	if ( ! path_uri_string ) {
-		rc = -ENOMEM;
-		goto err_path_uri;
-	}
+	/* Calculate URI-encoded base64-encoded request length */
+	uri_len = ( uri_encode ( URI_PATH, base64, ( base64_len - 1 /* NUL */ ),
+				 NULL, 0 ) + 1 /* NUL */ );

-	/* Construct URI string */
-	len = ( responder->uri.len + strlen ( path_uri_string ) + 1 /* NUL */ );
+	/* Allocate and construct the URI string */
+	len = ( responder->uri.len + 1 /* possible "/" */ + uri_len );
 	ocsp->uri_string = zalloc ( len );
 	if ( ! ocsp->uri_string ) {
 		rc = -ENOMEM;
-		goto err_ocsp_uri;
+		goto err_alloc_uri;
 	}
 	memcpy ( ocsp->uri_string, responder->uri.data, responder->uri.len );
-	strcpy ( &ocsp->uri_string[responder->uri.len], path_uri_string );
+	sep = &ocsp->uri_string[ responder->uri.len - 1 ];
+	if ( *sep != '/' )
+		*(++sep) = '/';
+	uri_encode ( URI_PATH, base64, base64_len, ( sep + 1 ), uri_len );
 	DBGC2 ( ocsp, "OCSP %p \"%s\" URI is %s\n",
 		ocsp, x509_name ( ocsp->cert ), ocsp->uri_string );

 	/* Success */
 	rc = 0;

- err_ocsp_uri:
-	free ( path_uri_string );
- err_path_uri:
-	free ( path_base64_string );
- err_path_base64:
+ err_alloc_uri:
+	free ( base64 );
+ err_alloc_base64:
 err_no_uri:
 	return rc;
 }