mirror of
https://git.sr.ht/~sircmpwn/gmni
synced 2024-11-23 00:42:15 +01:00
gmnlm: host freed too early, causing UAF
The host variable is freed too early. If a client certificate is not found, the later error message in the GEMINI_STATUS_CLASS_CLIENT_CERTIFICATE_REQUIRED case uses the freed host variable to produce an incorrect openssl command. This fix just delays the free to after the switch statement. Test case: gmnlm gemini://feeds.drewdevault.com Prior: The following OpenSSL command will generate a certificate for this host: openssl req -x509 -newkey rsa:4096 \ -keyout /home/andrew/.local/share/gmni/certs/Ú-=öU.key \ -out /home/andrew/.local/share/gmni/certs/Ú-=öU.crt \ -days 36500 -nodes Now: The following OpenSSL command will generate a certificate for this host: openssl req -x509 -newkey rsa:4096 \ -keyout /home/andrew/.local/share/gmni/certs/feeds.drewdevault.com.key \ -out /home/andrew/.local/share/gmni/certs/feeds.drewdevault.com.crt \ -days 36500 -nodes
This commit is contained in:
parent
e0993d4886
commit
b46b312817
@ -415,7 +415,6 @@ do_requests(struct browser *browser, struct gemini_response *resp)
|
||||
} else {
|
||||
browser->opts.client_cert = NULL;
|
||||
}
|
||||
free(host);
|
||||
}
|
||||
|
||||
while (requesting) {
|
||||
@ -540,6 +539,7 @@ out:
|
||||
free(client_cert.key);
|
||||
}
|
||||
free(scheme);
|
||||
free(host);
|
||||
return res;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user