mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-08-10 03:40:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add array bounds check for GetSslIdentity

Browse source
This commit is contained in:
Paul Kulchenko 2022-03-07 20:09:32 -08:00
parent 9af60298da
commit fc24b19248
1 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
tool/net/redbean.c
View file

@ -3201,16 +3201,18 @@ static int LuaGetStatus(lua_State *L) {
static int LuaGetSslIdentity(lua_State *L) { static int LuaGetSslIdentity(lua_State *L) {
const mbedtls_x509_crt *cert; const mbedtls_x509_crt *cert;
OnlyCallDuringRequest(L, "GetSslIdentity"); OnlyCallDuringRequest(L, "GetSslIdentity");
if (!usessl) if (!usessl) {
lua_pushnil(L); lua_pushnil(L);
else } else {
if (sslpskindex) { if (sslpskindex) {
CHECK((sslpskindex-1) >= 0 && (sslpskindex-1) < psks.n);
lua_pushlstring(L, psks.p[sslpskindex-1].identity, lua_pushlstring(L, psks.p[sslpskindex-1].identity,
psks.p[sslpskindex-1].identity_len); psks.p[sslpskindex-1].identity_len);
} else { } else {
cert = mbedtls_ssl_get_peer_cert(&ssl); cert = mbedtls_ssl_get_peer_cert(&ssl);
lua_pushstring(L, cert ? gc(FormatX509Name(&cert->subject)) : ""); lua_pushstring(L, cert ? gc(FormatX509Name(&cert->subject)) : "");
} }
}
return 1; return 1;
} }