Fix for 141256 - correct HTTP parsing for OCSP in NSS
authorjpierre%netscape.com
Wed, 15 May 2002 23:59:40 +0000
changeset 3129 8e034315014e739a3034b9e882cccacbdeee250f
parent 3128 cf92b9a91fb7fc2fba186be6fa3e545306937e71
child 3130 2ef6a4cf6360562539ad01c3592180156cf443a7
push idunknown
push userunknown
push dateunknown
bugs141256
Fix for 141256 - correct HTTP parsing for OCSP in NSS
security/nss/lib/certhigh/ocsp.c
--- a/security/nss/lib/certhigh/ocsp.c
+++ b/security/nss/lib/certhigh/ocsp.c
@@ -1485,16 +1485,19 @@ ocsp_GetResponseData(CERTOCSPResponse *r
  * Again, no copy is done.
  */
 static ocspSignature *
 ocsp_GetResponseSignature(CERTOCSPResponse *response)
 {
     ocspBasicOCSPResponse *basic;
 
     PORT_Assert(response != NULL);
+    if (NULL == response->responseBytes) {
+        return NULL;
+    }
     PORT_Assert(response->responseBytes != NULL);
     PORT_Assert(response->responseBytes->responseTypeTag
 		== SEC_OID_PKIX_OCSP_BASIC_RESPONSE);
 
     basic = response->responseBytes->decodedResponse.basic;
     PORT_Assert(basic != NULL);
 
     return &(basic->responseSignature);
@@ -1510,17 +1513,17 @@ ocsp_GetResponseSignature(CERTOCSPRespon
  * RETURN:
  *   No return value; no errors.
  */
 void
 CERT_DestroyOCSPResponse(CERTOCSPResponse *response)
 {
     if (response != NULL) {
 	ocspSignature *signature = ocsp_GetResponseSignature(response);
-	if (signature->cert != NULL)
+	if (signature && signature->cert != NULL)
 	    CERT_DestroyCertificate(signature->cert);
 
 	/*
 	 * We should actually never have a response without an arena,
 	 * but check just in case.  (If there isn't one, there is not
 	 * much we can do about it...)
 	 */
 	PORT_Assert(response->arena != NULL);
@@ -1848,17 +1851,18 @@ ocsp_GetEncodedResponse(PRArenaPool *are
     PRBool pendingCR = PR_FALSE;
     PRBool contentTypeOK = PR_FALSE;
     unsigned int contentLength = 0;
     void *mark = NULL;
     SECItem *result = NULL;
 
 
     bufsize = OCSP_BUFSIZE;
-    buf = PORT_Alloc(bufsize);
+    buf = PORT_Alloc(bufsize+1);
+    buf[bufsize] = 0; /* NULL termination so string functions are OK */
     if (buf == NULL) {
 	goto loser;
     }
     /*
      * I picked 128 because:
      *	- It is a nice "round" number. ;-)
      *  - I am sure it should cover at least the first line of the http
      *	  response (on the order of 20 should be enough but I am allowing
@@ -2010,36 +2014,16 @@ ocsp_GetEncodedResponse(PRArenaPool *are
 	    bufEnd = buf + len + bytesRead;
 	    if (pendingCR) {
 		buf[0] = '\r';
 		pendingCR = PR_FALSE;
 	    }
 	    continue;
 	}
 	/*
-	 * So, we have a good newline pointer (just past a CR, LF or CRLF),
-	 * but now we want to make sure that what it points to is long
-	 * enough to be something we are looking for.  If it isn't, add
-	 * more to the buffer after first copying what's left to the
-	 * beginning.
-	 */
-	if (((char *)bufEnd - newline) < 40) {
-	    len = (char *)bufEnd - newline;
-	    PORT_Memmove(buf, newline, len);
-	    bytesRead = ocsp_MinMaxRead(sock, buf + len, 40 - len,
-					bufsize - len);
-	    if (bytesRead <= 0) {
-		if (bytesRead == 0)
-		    PORT_SetError(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
-		goto loser;
-	    }
-	    newline = (char *)buf;
-	    bufEnd = buf + len + bytesRead;
-	}
-	/*
 	 * Okay, now we know that we are looking at an HTTP header line
 	 * with enough length to be safe for our comparisons.  See if it is
 	 * one of the ones we are interested in.  (That is, "Content-Length"
 	 * or "Content-Type".)
 	 */
 	if (PORT_Strncasecmp(newline, "content-", 8) == 0) {
 	    s = newline + 8;
 	    if (PORT_Strncasecmp(s, "type: ", 6) == 0) {