romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-06-02 09:44:16 +03:00
Code Issues Projects Releases Packages Wiki Activity

gtls: fix ignored return and uninitialized status in OCSP check

Browse source 
gnutls_ocsp_resp_get_single() was called with (void) discarding its
return value, so a failure (e.g. an OCSP response with no
SingleResponse entries) went undetected.  The following switch() then
read an uninitialized gnutls_ocsp_cert_status_t, which is undefined
behaviour and could yield GNUTLS_OCSP_CERT_GOOD (0) depending on
stack contents, causing gtls_verify_ocsp_status to return CURLE_OK for
a response that was never successfully parsed.

Fix by initializing status to GNUTLS_OCSP_CERT_UNKNOWN and treating a
negative return from gnutls_ocsp_resp_get_single as an error.

Closes #21679
This commit is contained in:
Joshua Rogers 2026-05-19 16:16:12 +02:00 committed by Daniel Stenberg
parent e78b1b3ecc
commit f21b5d4e66
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
1 changed files with 8 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

11
lib/vtls/gtls.c
View file

@ -1429,7 +1429,7 @@ static CURLcode gtls_verify_ocsp_status(struct Curl_easy *data,
{
gnutls_ocsp_resp_t ocsp_resp = NULL;
gnutls_datum_t status_request;
gnutls_ocsp_cert_status_t status;
gnutls_ocsp_cert_status_t status = GNUTLS_OCSP_CERT_UNKNOWN;
gnutls_x509_crl_reason_t reason;
CURLcode result = CURLE_OK;
int rc;
@ -1461,8 +1461,13 @@ static CURLcode gtls_verify_ocsp_status(struct Curl_easy *data,
goto out;
}
(void)gnutls_ocsp_resp_get_single(ocsp_resp, 0, NULL, NULL, NULL, NULL,
&status, NULL, NULL, NULL, &reason);
rc = gnutls_ocsp_resp_get_single(ocsp_resp, 0, NULL, NULL, NULL, NULL,
&status, NULL, NULL, NULL, &reason);
if(rc < 0) {
failf(data, "Invalid OCSP response received");
result = CURLE_SSL_INVALIDCERTSTATUS;
goto out;
}
switch(status) {
case GNUTLS_OCSP_CERT_GOOD: