From 093c97d492be691f788fdda06cbebb43ae5c0999 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 2 Jun 2023 10:11:32 +0200 Subject: [PATCH] Add separate case for ip address Signed-off-by: Przemek Stekiel --- library/x509.c | 57 +++++++++++++++++++++++++++++--------------------- 1 file changed, 33 insertions(+), 24 deletions(-) diff --git a/library/x509.c b/library/x509.c index 32846f9cff..c5741291e9 100644 --- a/library/x509.c +++ b/library/x509.c @@ -1590,46 +1590,55 @@ int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size, */ case MBEDTLS_X509_SAN_DNS_NAME: case MBEDTLS_X509_SAN_RFC822_NAME: - case MBEDTLS_X509_SAN_IP_ADDRESS: { const char *dns_name = "dNSName"; const char *rfc822_name = "rfc822Name"; - const char *ip_name = "iPAddress"; - - const char *name = san.type == MBEDTLS_X509_SAN_DNS_NAME ? dns_name : san.type == - MBEDTLS_X509_SAN_RFC822_NAME ? rfc822_name : ip_name; ret = mbedtls_snprintf(p, n, "\n%s %s : ", prefix, - name); + san.type == + MBEDTLS_X509_SAN_DNS_NAME ? dns_name : rfc822_name); MBEDTLS_X509_SAFE_SNPRINTF; if (san.san.unstructured_name.len >= n) { *p = '\0'; return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; } - if (san.type == MBEDTLS_X509_SAN_IP_ADDRESS) { - int len = 0; - unsigned char *ip = san.san.unstructured_name.p; - // Only IPv6 (16 bytes) and IPv4 (4 bytes) types are supported - if (san.san.unstructured_name.len == 4) { - len = sprintf(p, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); - } else { - len = sprintf(p, "%X%X:%X%X:%X%X:%X%X:%X%X:%X%X:%X%X:%X%X", - ip[0], ip[1], ip[2], ip[3], ip[4], ip[5], ip[6], ip[7], ip[8], - ip[9], ip[10], ip[11], ip[12], ip[13], ip[14], ip[15]); - } - p += len; - n -= len; - } else { - memcpy(p, san.san.unstructured_name.p, san.san.unstructured_name.len); - p += san.san.unstructured_name.len; - n -= san.san.unstructured_name.len; - } + memcpy(p, san.san.unstructured_name.p, san.san.unstructured_name.len); + p += san.san.unstructured_name.len; + n -= san.san.unstructured_name.len; } break; + /* + * iPAddress + */ + case MBEDTLS_X509_SAN_IP_ADDRESS: + { + ret = mbedtls_snprintf(p, n, "\n%s %s : ", + prefix, "iPAddress"); + MBEDTLS_X509_SAFE_SNPRINTF; + if (san.san.unstructured_name.len >= n) { + *p = '\0'; + return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; + } + int len = 0; + unsigned char *ip = san.san.unstructured_name.p; + // Only IPv6 (16 bytes) and IPv4 (4 bytes) types are supported + if (san.san.unstructured_name.len == 4) { + len = sprintf(p, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); + } else if (san.san.unstructured_name.len == 16) { + len = sprintf(p, "%X%X:%X%X:%X%X:%X%X:%X%X:%X%X:%X%X:%X%X", + ip[0], ip[1], ip[2], ip[3], ip[4], ip[5], ip[6], ip[7], ip[8], + ip[9], ip[10], ip[11], ip[12], ip[13], ip[14], ip[15]); + } else { + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; + } + p += len; + n -= len; + } + break; /* * directoryName */