/src/openssl30/crypto/conf/conf_def.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | /* Part of the code in here was originally in conf.c, which is now removed */ |
11 | | |
12 | | #include <stdio.h> |
13 | | #include <string.h> |
14 | | #include "e_os.h" /* struct stat */ |
15 | | #ifdef __TANDEM |
16 | | # include <sys/types.h> /* needed for stat.h */ |
17 | | # include <sys/stat.h> /* struct stat */ |
18 | | #endif |
19 | | #include "internal/cryptlib.h" |
20 | | #include "internal/o_dir.h" |
21 | | #include <openssl/lhash.h> |
22 | | #include <openssl/conf.h> |
23 | | #include <openssl/conf_api.h> |
24 | | #include "conf_local.h" |
25 | | #include "conf_def.h" |
26 | | #include <openssl/buffer.h> |
27 | | #include <openssl/err.h> |
28 | | #ifndef OPENSSL_NO_POSIX_IO |
29 | | # include <sys/stat.h> |
30 | | # ifdef _WIN32 |
31 | | # define stat _stat |
32 | | # endif |
33 | | #endif |
34 | | |
35 | | #ifndef S_ISDIR |
36 | | # define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) |
37 | | #endif |
38 | | |
39 | | /* |
40 | | * The maximum length we can grow a value to after variable expansion. 64k |
41 | | * should be more than enough for all reasonable uses. |
42 | | */ |
43 | 27.8k | #define MAX_CONF_VALUE_LENGTH 65536 |
44 | | |
45 | | static int is_keytype(const CONF *conf, char c, unsigned short type); |
46 | | static char *eat_ws(CONF *conf, char *p); |
47 | | static void trim_ws(CONF *conf, char *start); |
48 | | static char *eat_alpha_numeric(CONF *conf, char *p); |
49 | | static void clear_comments(CONF *conf, char *p); |
50 | | static int str_copy(CONF *conf, char *section, char **to, char *from); |
51 | | static char *scan_quote(CONF *conf, char *p); |
52 | | static char *scan_dquote(CONF *conf, char *p); |
53 | 456k | #define scan_esc(conf,p) (((IS_EOF((conf),(p)[1]))?((p)+1):((p)+2))) |
54 | | #ifndef OPENSSL_NO_POSIX_IO |
55 | | static BIO *process_include(char *include, OPENSSL_DIR_CTX **dirctx, |
56 | | char **dirpath); |
57 | | static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx); |
58 | | #endif |
59 | | |
60 | | static CONF *def_create(CONF_METHOD *meth); |
61 | | static int def_init_default(CONF *conf); |
62 | | #ifndef OPENSSL_NO_DEPRECATED_3_0 |
63 | | static int def_init_WIN32(CONF *conf); |
64 | | #endif |
65 | | static int def_destroy(CONF *conf); |
66 | | static int def_destroy_data(CONF *conf); |
67 | | static int def_load(CONF *conf, const char *name, long *eline); |
68 | | static int def_load_bio(CONF *conf, BIO *bp, long *eline); |
69 | | static int def_dump(const CONF *conf, BIO *bp); |
70 | | static int def_is_number(const CONF *conf, char c); |
71 | | static int def_to_int(const CONF *conf, char c); |
72 | | |
73 | | static CONF_METHOD default_method = { |
74 | | "OpenSSL default", |
75 | | def_create, |
76 | | def_init_default, |
77 | | def_destroy, |
78 | | def_destroy_data, |
79 | | def_load_bio, |
80 | | def_dump, |
81 | | def_is_number, |
82 | | def_to_int, |
83 | | def_load |
84 | | }; |
85 | | |
86 | | CONF_METHOD *NCONF_default(void) |
87 | 8.64k | { |
88 | 8.64k | return &default_method; |
89 | 8.64k | } |
90 | | |
91 | | #ifndef OPENSSL_NO_DEPRECATED_3_0 |
92 | | static CONF_METHOD WIN32_method = { |
93 | | "WIN32", |
94 | | def_create, |
95 | | def_init_WIN32, |
96 | | def_destroy, |
97 | | def_destroy_data, |
98 | | def_load_bio, |
99 | | def_dump, |
100 | | def_is_number, |
101 | | def_to_int, |
102 | | def_load |
103 | | }; |
104 | | |
105 | | CONF_METHOD *NCONF_WIN32(void) |
106 | 0 | { |
107 | 0 | return &WIN32_method; |
108 | 0 | } |
109 | | #endif |
110 | | |
111 | | static CONF *def_create(CONF_METHOD *meth) |
112 | 8.64k | { |
113 | 8.64k | CONF *ret; |
114 | | |
115 | 8.64k | ret = OPENSSL_malloc(sizeof(*ret)); |
116 | 8.64k | if (ret != NULL) |
117 | 8.64k | if (meth->init(ret) == 0) { |
118 | 0 | OPENSSL_free(ret); |
119 | 0 | ret = NULL; |
120 | 0 | } |
121 | 8.64k | return ret; |
122 | 8.64k | } |
123 | | |
124 | | static int def_init_default(CONF *conf) |
125 | 11.8k | { |
126 | 11.8k | if (conf == NULL) |
127 | 0 | return 0; |
128 | | |
129 | 11.8k | memset(conf, 0, sizeof(*conf)); |
130 | 11.8k | conf->meth = &default_method; |
131 | 11.8k | conf->meth_data = (void *)CONF_type_default; |
132 | | |
133 | 11.8k | return 1; |
134 | 11.8k | } |
135 | | |
136 | | #ifndef OPENSSL_NO_DEPRECATED_3_0 |
137 | | static int def_init_WIN32(CONF *conf) |
138 | 0 | { |
139 | 0 | if (conf == NULL) |
140 | 0 | return 0; |
141 | | |
142 | 0 | memset(conf, 0, sizeof(*conf)); |
143 | 0 | conf->meth = &WIN32_method; |
144 | 0 | conf->meth_data = (void *)CONF_type_win32; |
145 | |
|
146 | 0 | return 1; |
147 | 0 | } |
148 | | #endif |
149 | | |
150 | | static int def_destroy(CONF *conf) |
151 | 8.64k | { |
152 | 8.64k | if (def_destroy_data(conf)) { |
153 | 8.64k | OPENSSL_free(conf); |
154 | 8.64k | return 1; |
155 | 8.64k | } |
156 | 0 | return 0; |
157 | 8.64k | } |
158 | | |
159 | | static int def_destroy_data(CONF *conf) |
160 | 11.8k | { |
161 | 11.8k | if (conf == NULL) |
162 | 0 | return 0; |
163 | 11.8k | _CONF_free_data(conf); |
164 | 11.8k | return 1; |
165 | 11.8k | } |
166 | | |
167 | | static int def_load(CONF *conf, const char *name, long *line) |
168 | 34 | { |
169 | 34 | int ret; |
170 | 34 | BIO *in = NULL; |
171 | | |
172 | | #ifdef OPENSSL_SYS_VMS |
173 | | in = BIO_new_file(name, "r"); |
174 | | #else |
175 | 34 | in = BIO_new_file(name, "rb"); |
176 | 34 | #endif |
177 | 34 | if (in == NULL) { |
178 | 34 | if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE) |
179 | 34 | ERR_raise(ERR_LIB_CONF, CONF_R_NO_SUCH_FILE); |
180 | 0 | else |
181 | 34 | ERR_raise(ERR_LIB_CONF, ERR_R_SYS_LIB); |
182 | 34 | return 0; |
183 | 34 | } |
184 | | |
185 | 0 | ret = def_load_bio(conf, in, line); |
186 | 0 | BIO_free(in); |
187 | |
|
188 | 0 | return ret; |
189 | 34 | } |
190 | | |
191 | | |
192 | | /* Parse a boolean value and fill in *flag. Return 0 on error. */ |
193 | | static int parsebool(const char *pval, int *flag) |
194 | 2.71k | { |
195 | 2.71k | if (OPENSSL_strcasecmp(pval, "on") == 0 |
196 | 2.71k | || OPENSSL_strcasecmp(pval, "true") == 0) { |
197 | 1.98k | *flag = 1; |
198 | 1.98k | } else if (OPENSSL_strcasecmp(pval, "off") == 0 |
199 | 735 | || OPENSSL_strcasecmp(pval, "false") == 0) { |
200 | 629 | *flag = 0; |
201 | 629 | } else { |
202 | 106 | ERR_raise(ERR_LIB_CONF, CONF_R_INVALID_PRAGMA); |
203 | 106 | return 0; |
204 | 106 | } |
205 | 2.60k | return 1; |
206 | 2.71k | } |
207 | | |
208 | | static int def_load_bio(CONF *conf, BIO *in, long *line) |
209 | 3.05k | { |
210 | | /* The macro BUFSIZE conflicts with a system macro in VxWorks */ |
211 | 19.9M | #define CONFBUFSIZE 512 |
212 | 3.05k | int bufnum = 0, i, ii; |
213 | 3.05k | BUF_MEM *buff = NULL; |
214 | 3.05k | char *s, *p, *end; |
215 | 3.05k | int again; |
216 | 3.05k | int first_call = 1; |
217 | 3.05k | long eline = 0; |
218 | 3.05k | char btmp[DECIMAL_SIZE(eline) + 1]; |
219 | 3.05k | CONF_VALUE *v = NULL, *tv; |
220 | 3.05k | CONF_VALUE *sv = NULL; |
221 | 3.05k | char *section = NULL, *buf; |
222 | 3.05k | char *start, *psection, *pname; |
223 | 3.05k | void *h = (void *)(conf->data); |
224 | 3.05k | STACK_OF(BIO) *biosk = NULL; |
225 | 3.05k | #ifndef OPENSSL_NO_POSIX_IO |
226 | 3.05k | char *dirpath = NULL; |
227 | 3.05k | OPENSSL_DIR_CTX *dirctx = NULL; |
228 | 3.05k | #endif |
229 | 3.05k | #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION |
230 | 3.05k | int numincludes = 0; |
231 | 3.05k | #endif |
232 | | |
233 | 3.05k | if ((buff = BUF_MEM_new()) == NULL) { |
234 | 0 | ERR_raise(ERR_LIB_CONF, ERR_R_BUF_LIB); |
235 | 0 | goto err; |
236 | 0 | } |
237 | | |
238 | 3.05k | section = OPENSSL_strdup("default"); |
239 | 3.05k | if (section == NULL) { |
240 | 0 | ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); |
241 | 0 | goto err; |
242 | 0 | } |
243 | | |
244 | 3.05k | if (_CONF_new_data(conf) == 0) { |
245 | 0 | ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); |
246 | 0 | goto err; |
247 | 0 | } |
248 | | |
249 | 3.05k | sv = _CONF_new_section(conf, section); |
250 | 3.05k | if (sv == NULL) { |
251 | 0 | ERR_raise(ERR_LIB_CONF, CONF_R_UNABLE_TO_CREATE_NEW_SECTION); |
252 | 0 | goto err; |
253 | 0 | } |
254 | | |
255 | 3.05k | bufnum = 0; |
256 | 3.05k | again = 0; |
257 | 6.65M | for (;;) { |
258 | 6.65M | if (!BUF_MEM_grow(buff, bufnum + CONFBUFSIZE)) { |
259 | 0 | ERR_raise(ERR_LIB_CONF, ERR_R_BUF_LIB); |
260 | 0 | goto err; |
261 | 0 | } |
262 | 6.65M | p = &(buff->data[bufnum]); |
263 | 6.65M | *p = '\0'; |
264 | 6.65M | read_retry: |
265 | 6.65M | if (in != NULL && BIO_gets(in, p, CONFBUFSIZE - 1) < 0) |
266 | 0 | goto err; |
267 | 6.65M | p[CONFBUFSIZE - 1] = '\0'; |
268 | 6.65M | ii = i = strlen(p); |
269 | 6.65M | if (first_call) { |
270 | | /* Other BOMs imply unsupported multibyte encoding, |
271 | | * so don't strip them and let the error raise */ |
272 | 3.05k | const unsigned char utf8_bom[3] = {0xEF, 0xBB, 0xBF}; |
273 | | |
274 | 3.05k | if (i >= 3 && memcmp(p, utf8_bom, 3) == 0) { |
275 | 4 | memmove(p, p + 3, i - 3); |
276 | 4 | p[i - 3] = 0; |
277 | 4 | i -= 3; |
278 | 4 | ii -= 3; |
279 | 4 | } |
280 | 3.05k | first_call = 0; |
281 | 3.05k | } |
282 | 6.65M | if (i == 0 && !again) { |
283 | | /* the currently processed BIO is NULL or at EOF */ |
284 | 2.16k | BIO *parent; |
285 | | |
286 | 2.16k | #ifndef OPENSSL_NO_POSIX_IO |
287 | | /* continue processing with the next file from directory */ |
288 | 2.16k | if (dirctx != NULL) { |
289 | 287 | BIO *next; |
290 | | |
291 | 287 | if ((next = get_next_file(dirpath, &dirctx)) != NULL) { |
292 | 174 | BIO_vfree(in); |
293 | 174 | in = next; |
294 | 174 | goto read_retry; |
295 | 174 | } else { |
296 | 113 | OPENSSL_free(dirpath); |
297 | 113 | dirpath = NULL; |
298 | 113 | } |
299 | 287 | } |
300 | 1.99k | #endif |
301 | | /* no more files in directory, continue with processing parent */ |
302 | 1.99k | if ((parent = sk_BIO_pop(biosk)) == NULL) { |
303 | | /* everything processed get out of the loop */ |
304 | 1.87k | break; |
305 | 1.87k | } else { |
306 | 113 | BIO_vfree(in); |
307 | 113 | in = parent; |
308 | 113 | goto read_retry; |
309 | 113 | } |
310 | 1.99k | } |
311 | 6.65M | again = 0; |
312 | 13.2M | while (i > 0) { |
313 | 6.70M | if ((p[i - 1] != '\r') && (p[i - 1] != '\n')) |
314 | 135k | break; |
315 | 6.56M | else |
316 | 6.56M | i--; |
317 | 6.70M | } |
318 | | /* |
319 | | * we removed some trailing stuff so there is a new line on the end. |
320 | | */ |
321 | 6.65M | if (ii && i == ii) |
322 | 87.6k | again = 1; /* long line */ |
323 | 6.57M | else { |
324 | 6.57M | p[i] = '\0'; |
325 | 6.57M | eline++; /* another input line */ |
326 | 6.57M | } |
327 | | |
328 | | /* we now have a line with trailing \r\n removed */ |
329 | | |
330 | | /* i is the number of bytes */ |
331 | 6.65M | bufnum += i; |
332 | | |
333 | 6.65M | v = NULL; |
334 | | /* check for line continuation */ |
335 | 6.65M | if (bufnum >= 1) { |
336 | | /* |
337 | | * If we have bytes and the last char '\\' and second last char |
338 | | * is not '\\' |
339 | | */ |
340 | 138k | p = &(buff->data[bufnum - 1]); |
341 | 138k | if (IS_ESC(conf, p[0]) && ((bufnum <= 1) || !IS_ESC(conf, p[-1]))) { |
342 | 1.27k | bufnum--; |
343 | 1.27k | again = 1; |
344 | 1.27k | } |
345 | 138k | } |
346 | 6.65M | if (again) |
347 | 88.4k | continue; |
348 | 6.56M | bufnum = 0; |
349 | 6.56M | buf = buff->data; |
350 | | |
351 | 6.56M | clear_comments(conf, buf); |
352 | 6.56M | s = eat_ws(conf, buf); |
353 | 6.56M | if (IS_EOF(conf, *s)) |
354 | 6.53M | continue; /* blank line */ |
355 | 37.0k | if (*s == '[') { |
356 | 3.21k | char *ss; |
357 | | |
358 | 3.21k | s++; |
359 | 3.21k | start = eat_ws(conf, s); |
360 | 3.21k | ss = start; |
361 | 4.03k | again: |
362 | 4.03k | end = eat_alpha_numeric(conf, ss); |
363 | 4.03k | p = eat_ws(conf, end); |
364 | 4.03k | if (*p != ']') { |
365 | 936 | if (*p != '\0' && ss != p) { |
366 | 818 | ss = p; |
367 | 818 | goto again; |
368 | 818 | } |
369 | 936 | ERR_raise(ERR_LIB_CONF, CONF_R_MISSING_CLOSE_SQUARE_BRACKET); |
370 | 118 | goto err; |
371 | 936 | } |
372 | 3.09k | *end = '\0'; |
373 | 3.09k | if (!str_copy(conf, NULL, §ion, start)) |
374 | 0 | goto err; |
375 | 3.09k | if ((sv = _CONF_get_section(conf, section)) == NULL) |
376 | 2.51k | sv = _CONF_new_section(conf, section); |
377 | 3.09k | if (sv == NULL) { |
378 | 0 | ERR_raise(ERR_LIB_CONF, CONF_R_UNABLE_TO_CREATE_NEW_SECTION); |
379 | 0 | goto err; |
380 | 0 | } |
381 | 3.09k | continue; |
382 | 33.8k | } else { |
383 | 33.8k | pname = s; |
384 | 33.8k | end = eat_alpha_numeric(conf, s); |
385 | 33.8k | if ((end[0] == ':') && (end[1] == ':')) { |
386 | 11.5k | *end = '\0'; |
387 | 11.5k | end += 2; |
388 | 11.5k | psection = pname; |
389 | 11.5k | pname = end; |
390 | 11.5k | end = eat_alpha_numeric(conf, end); |
391 | 22.3k | } else { |
392 | 22.3k | psection = section; |
393 | 22.3k | } |
394 | 33.8k | p = eat_ws(conf, end); |
395 | 33.8k | if (strncmp(pname, ".pragma", 7) == 0 |
396 | 33.8k | && (p != pname + 7 || *p == '=')) { |
397 | 2.74k | char *pval; |
398 | | |
399 | 2.74k | if (*p == '=') { |
400 | 1.78k | p++; |
401 | 1.78k | p = eat_ws(conf, p); |
402 | 1.78k | } |
403 | 2.74k | trim_ws(conf, p); |
404 | | |
405 | | /* Pragma values take the form keyword:value */ |
406 | 2.74k | pval = strchr(p, ':'); |
407 | 2.74k | if (pval == NULL || pval == p || pval[1] == '\0') { |
408 | 27 | ERR_raise(ERR_LIB_CONF, CONF_R_INVALID_PRAGMA); |
409 | 27 | goto err; |
410 | 27 | } |
411 | | |
412 | 2.72k | *pval++ = '\0'; |
413 | 2.72k | trim_ws(conf, p); |
414 | 2.72k | pval = eat_ws(conf, pval); |
415 | | |
416 | | /* |
417 | | * Known pragmas: |
418 | | * |
419 | | * dollarid takes "on", "true or "off", "false" |
420 | | * abspath takes "on", "true or "off", "false" |
421 | | * includedir directory prefix |
422 | | */ |
423 | 2.72k | if (strcmp(p, "dollarid") == 0) { |
424 | 696 | if (!parsebool(pval, &conf->flag_dollarid)) |
425 | 5 | goto err; |
426 | 2.02k | } else if (strcmp(p, "abspath") == 0) { |
427 | 670 | if (!parsebool(pval, &conf->flag_abspath)) |
428 | 48 | goto err; |
429 | 1.35k | } else if (strcmp(p, "includedir") == 0) { |
430 | 325 | OPENSSL_free(conf->includedir); |
431 | 325 | if ((conf->includedir = OPENSSL_strdup(pval)) == NULL) { |
432 | 0 | ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); |
433 | 0 | goto err; |
434 | 0 | } |
435 | 325 | } |
436 | | |
437 | | /* |
438 | | * We *ignore* any unknown pragma. |
439 | | */ |
440 | 2.66k | continue; |
441 | 31.1k | } else if (strncmp(pname, ".include", 8) == 0 |
442 | 31.1k | && (p != pname + 8 || *p == '=')) { |
443 | 1.03k | char *include = NULL; |
444 | 1.03k | BIO *next; |
445 | 1.03k | const char *include_dir = ossl_safe_getenv("OPENSSL_CONF_INCLUDE"); |
446 | 1.03k | char *include_path = NULL; |
447 | | |
448 | 1.03k | #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION |
449 | | /* |
450 | | * The include processing below can cause the "conf" fuzzer to |
451 | | * timeout due to the fuzzer inserting large and complicated |
452 | | * includes - with a large amount of time spent in |
453 | | * OPENSSL_strlcat/OPENSSL_strcpy. This is not a security |
454 | | * concern because config files should never come from untrusted |
455 | | * sources. We just set an arbitrary limit on the allowed |
456 | | * number of includes when fuzzing to prevent this timeout. |
457 | | */ |
458 | 1.03k | if (numincludes++ > 10) |
459 | 6 | goto err; |
460 | 1.02k | #endif |
461 | | |
462 | 1.02k | if (include_dir == NULL) |
463 | 1.02k | include_dir = conf->includedir; |
464 | | |
465 | 1.02k | if (*p == '=') { |
466 | 280 | p++; |
467 | 280 | p = eat_ws(conf, p); |
468 | 280 | } |
469 | 1.02k | trim_ws(conf, p); |
470 | 1.02k | if (!str_copy(conf, psection, &include, p)) |
471 | 3 | goto err; |
472 | | |
473 | 1.02k | if (include_dir != NULL && !ossl_is_absolute_path(include)) { |
474 | 173 | size_t newlen = strlen(include_dir) + strlen(include) + 2; |
475 | | |
476 | 173 | include_path = OPENSSL_malloc(newlen); |
477 | 173 | if (include_path == NULL) { |
478 | 0 | ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); |
479 | 0 | OPENSSL_free(include); |
480 | 0 | goto err; |
481 | 0 | } |
482 | | |
483 | 173 | OPENSSL_strlcpy(include_path, include_dir, newlen); |
484 | 173 | if (!ossl_ends_with_dirsep(include_path)) |
485 | 125 | OPENSSL_strlcat(include_path, "/", newlen); |
486 | 173 | OPENSSL_strlcat(include_path, include, newlen); |
487 | 173 | OPENSSL_free(include); |
488 | 851 | } else { |
489 | 851 | include_path = include; |
490 | 851 | } |
491 | | |
492 | 1.02k | if (conf->flag_abspath |
493 | 1.02k | && !ossl_is_absolute_path(include_path)) { |
494 | 10 | ERR_raise(ERR_LIB_CONF, CONF_R_RELATIVE_PATH); |
495 | 10 | OPENSSL_free(include_path); |
496 | 10 | goto err; |
497 | 10 | } |
498 | | |
499 | | /* get the BIO of the included file */ |
500 | 1.01k | #ifndef OPENSSL_NO_POSIX_IO |
501 | 1.01k | next = process_include(include_path, &dirctx, &dirpath); |
502 | 1.01k | if (include_path != dirpath) { |
503 | | /* dirpath will contain include in case of a directory */ |
504 | 832 | OPENSSL_free(include_path); |
505 | 832 | } |
506 | | #else |
507 | | next = BIO_new_file(include_path, "r"); |
508 | | OPENSSL_free(include_path); |
509 | | #endif |
510 | | |
511 | 1.01k | if (next != NULL) { |
512 | | /* push the currently processing BIO onto stack */ |
513 | 193 | if (biosk == NULL) { |
514 | 95 | if ((biosk = sk_BIO_new_null()) == NULL) { |
515 | 0 | ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); |
516 | 0 | BIO_free(next); |
517 | 0 | goto err; |
518 | 0 | } |
519 | 95 | } |
520 | 193 | if (!sk_BIO_push(biosk, in)) { |
521 | 0 | ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); |
522 | 0 | BIO_free(next); |
523 | 0 | goto err; |
524 | 0 | } |
525 | | /* continue with reading from the included BIO */ |
526 | 193 | in = next; |
527 | 193 | } |
528 | 1.01k | continue; |
529 | 30.0k | } else if (*p != '=') { |
530 | 713 | ERR_raise_data(ERR_LIB_CONF, CONF_R_MISSING_EQUAL_SIGN, |
531 | 713 | "HERE-->%s", p); |
532 | 713 | goto err; |
533 | 713 | } |
534 | 29.3k | *end = '\0'; |
535 | 29.3k | p++; |
536 | 29.3k | start = eat_ws(conf, p); |
537 | 29.3k | trim_ws(conf, start); |
538 | | |
539 | 29.3k | if ((v = OPENSSL_malloc(sizeof(*v))) == NULL) { |
540 | 0 | ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); |
541 | 0 | goto err; |
542 | 0 | } |
543 | 29.3k | v->name = OPENSSL_strdup(pname); |
544 | 29.3k | v->value = NULL; |
545 | 29.3k | if (v->name == NULL) { |
546 | 0 | ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); |
547 | 0 | goto err; |
548 | 0 | } |
549 | 29.3k | if (!str_copy(conf, psection, &(v->value), start)) |
550 | 247 | goto err; |
551 | | |
552 | 29.1k | if (strcmp(psection, section) != 0) { |
553 | 11.4k | if ((tv = _CONF_get_section(conf, psection)) |
554 | 11.4k | == NULL) |
555 | 8.71k | tv = _CONF_new_section(conf, psection); |
556 | 11.4k | if (tv == NULL) { |
557 | 0 | ERR_raise(ERR_LIB_CONF, |
558 | 0 | CONF_R_UNABLE_TO_CREATE_NEW_SECTION); |
559 | 0 | goto err; |
560 | 0 | } |
561 | 11.4k | } else |
562 | 17.6k | tv = sv; |
563 | 29.1k | if (_CONF_add_string(conf, tv, v) == 0) { |
564 | 0 | ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); |
565 | 0 | goto err; |
566 | 0 | } |
567 | 29.1k | v = NULL; |
568 | 29.1k | } |
569 | 37.0k | } |
570 | 1.87k | BUF_MEM_free(buff); |
571 | 1.87k | OPENSSL_free(section); |
572 | | /* |
573 | | * No need to pop, since we only get here if the stack is empty. |
574 | | * If this causes a BIO leak, THE ISSUE IS SOMEWHERE ELSE! |
575 | | */ |
576 | 1.87k | sk_BIO_free(biosk); |
577 | 1.87k | return 1; |
578 | | |
579 | 1.17k | err: |
580 | 1.17k | BUF_MEM_free(buff); |
581 | 1.17k | OPENSSL_free(section); |
582 | | /* |
583 | | * Since |in| is the first element of the stack and should NOT be freed |
584 | | * here, we cannot use sk_BIO_pop_free(). Instead, we pop and free one |
585 | | * BIO at a time, making sure that the last one popped isn't. |
586 | | */ |
587 | 1.25k | while (sk_BIO_num(biosk) > 0) { |
588 | 80 | BIO *popped = sk_BIO_pop(biosk); |
589 | 80 | BIO_vfree(in); |
590 | 80 | in = popped; |
591 | 80 | } |
592 | 1.17k | sk_BIO_free(biosk); |
593 | 1.17k | #ifndef OPENSSL_NO_POSIX_IO |
594 | 1.17k | OPENSSL_free(dirpath); |
595 | 1.17k | if (dirctx != NULL) |
596 | 69 | OPENSSL_DIR_end(&dirctx); |
597 | 1.17k | #endif |
598 | 1.17k | if (line != NULL) |
599 | 1.17k | *line = eline; |
600 | 1.17k | BIO_snprintf(btmp, sizeof(btmp), "%ld", eline); |
601 | 1.17k | ERR_add_error_data(2, "line ", btmp); |
602 | 1.17k | if (h != conf->data) { |
603 | 1.17k | CONF_free(conf->data); |
604 | 1.17k | conf->data = NULL; |
605 | 1.17k | } |
606 | 1.17k | if (v != NULL) { |
607 | 247 | OPENSSL_free(v->name); |
608 | 247 | OPENSSL_free(v->value); |
609 | 247 | OPENSSL_free(v); |
610 | 247 | } |
611 | 1.17k | return 0; |
612 | 3.05k | } |
613 | | |
614 | | static void clear_comments(CONF *conf, char *p) |
615 | 16.0M | { |
616 | 16.0M | for (;;) { |
617 | 16.0M | if (IS_FCOMMENT(conf, *p)) { |
618 | 0 | *p = '\0'; |
619 | 0 | return; |
620 | 0 | } |
621 | 16.0M | if (!IS_WS(conf, *p)) { |
622 | 16.0M | break; |
623 | 16.0M | } |
624 | 1.73k | p++; |
625 | 1.73k | } |
626 | | |
627 | 103M | for (;;) { |
628 | 103M | if (IS_COMMENT(conf, *p)) { |
629 | 498k | *p = '\0'; |
630 | 498k | return; |
631 | 498k | } |
632 | 102M | if (IS_DQUOTE(conf, *p)) { |
633 | 0 | p = scan_dquote(conf, p); |
634 | 0 | continue; |
635 | 0 | } |
636 | 102M | if (IS_QUOTE(conf, *p)) { |
637 | 11.2k | p = scan_quote(conf, p); |
638 | 11.2k | continue; |
639 | 11.2k | } |
640 | 102M | if (IS_ESC(conf, *p)) { |
641 | 396k | p = scan_esc(conf, p); |
642 | 396k | continue; |
643 | 396k | } |
644 | 102M | if (IS_EOF(conf, *p)) |
645 | 15.5M | return; |
646 | 86.7M | else |
647 | 86.7M | p++; |
648 | 102M | } |
649 | 16.0M | } |
650 | | |
651 | | static int str_copy(CONF *conf, char *section, char **pto, char *from) |
652 | 81.5k | { |
653 | 81.5k | int q, r, rr = 0, to = 0, len = 0; |
654 | 81.5k | char *s, *e, *rp, *p, *rrp, *np, *cp, v; |
655 | 81.5k | BUF_MEM *buf; |
656 | | |
657 | 81.5k | if ((buf = BUF_MEM_new()) == NULL) |
658 | 0 | return 0; |
659 | | |
660 | 81.5k | len = strlen(from) + 1; |
661 | 81.5k | if (!BUF_MEM_grow(buf, len)) |
662 | 0 | goto err; |
663 | | |
664 | 25.3M | for (;;) { |
665 | 25.3M | if (IS_QUOTE(conf, *from)) { |
666 | 7.30k | q = *from; |
667 | 7.30k | from++; |
668 | 18.5M | while (!IS_EOF(conf, *from) && (*from != q)) { |
669 | 18.5M | if (IS_ESC(conf, *from)) { |
670 | 28.2k | from++; |
671 | 28.2k | if (IS_EOF(conf, *from)) |
672 | 805 | break; |
673 | 28.2k | } |
674 | 18.5M | buf->data[to++] = *(from++); |
675 | 18.5M | } |
676 | 7.30k | if (*from == q) |
677 | 4.86k | from++; |
678 | 25.2M | } else if (IS_DQUOTE(conf, *from)) { |
679 | 0 | q = *from; |
680 | 0 | from++; |
681 | 0 | while (!IS_EOF(conf, *from)) { |
682 | 0 | if (*from == q) { |
683 | 0 | if (*(from + 1) == q) { |
684 | 0 | from++; |
685 | 0 | } else { |
686 | 0 | break; |
687 | 0 | } |
688 | 0 | } |
689 | 0 | buf->data[to++] = *(from++); |
690 | 0 | } |
691 | 0 | if (*from == q) |
692 | 0 | from++; |
693 | 25.2M | } else if (IS_ESC(conf, *from)) { |
694 | 37.0k | from++; |
695 | 37.0k | v = *(from++); |
696 | 37.0k | if (IS_EOF(conf, v)) |
697 | 931 | break; |
698 | 36.0k | else if (v == 'r') |
699 | 1.62k | v = '\r'; |
700 | 34.4k | else if (v == 'n') |
701 | 998 | v = '\n'; |
702 | 33.4k | else if (v == 'b') |
703 | 604 | v = '\b'; |
704 | 32.8k | else if (v == 't') |
705 | 552 | v = '\t'; |
706 | 36.0k | buf->data[to++] = v; |
707 | 25.2M | } else if (IS_EOF(conf, *from)) |
708 | 80.1k | break; |
709 | 25.1M | else if (*from == '$' |
710 | 25.1M | && (!conf->flag_dollarid |
711 | 55.8k | || from[1] == '{' |
712 | 55.8k | || from[1] == '(')) { |
713 | 28.3k | size_t newsize; |
714 | | |
715 | | /* try to expand it */ |
716 | 28.3k | rrp = NULL; |
717 | 28.3k | s = &(from[1]); |
718 | 28.3k | if (*s == '{') |
719 | 933 | q = '}'; |
720 | 27.4k | else if (*s == '(') |
721 | 974 | q = ')'; |
722 | 26.4k | else |
723 | 26.4k | q = 0; |
724 | | |
725 | 28.3k | if (q) |
726 | 1.90k | s++; |
727 | 28.3k | cp = section; |
728 | 28.3k | e = np = s; |
729 | 8.13M | while (IS_ALNUM(conf, *e) |
730 | 8.13M | || (conf->flag_dollarid && IS_DOLLAR(conf, *e))) |
731 | 8.10M | e++; |
732 | 28.3k | if ((e[0] == ':') && (e[1] == ':')) { |
733 | 4.28k | cp = np; |
734 | 4.28k | rrp = e; |
735 | 4.28k | rr = *e; |
736 | 4.28k | *rrp = '\0'; |
737 | 4.28k | e += 2; |
738 | 4.28k | np = e; |
739 | 5.67k | while (IS_ALNUM(conf, *e) |
740 | 5.67k | || (conf->flag_dollarid && IS_DOLLAR(conf, *e))) |
741 | 1.38k | e++; |
742 | 4.28k | } |
743 | 28.3k | r = *e; |
744 | 28.3k | *e = '\0'; |
745 | 28.3k | rp = e; |
746 | 28.3k | if (q) { |
747 | 1.90k | if (r != q) { |
748 | 128 | ERR_raise(ERR_LIB_CONF, CONF_R_NO_CLOSE_BRACE); |
749 | 128 | goto err; |
750 | 128 | } |
751 | 1.77k | e++; |
752 | 1.77k | } |
753 | | /*- |
754 | | * So at this point we have |
755 | | * np which is the start of the name string which is |
756 | | * '\0' terminated. |
757 | | * cp which is the start of the section string which is |
758 | | * '\0' terminated. |
759 | | * e is the 'next point after'. |
760 | | * r and rr are the chars replaced by the '\0' |
761 | | * rp and rrp is where 'r' and 'rr' came from. |
762 | | */ |
763 | 28.2k | p = _CONF_get_string(conf, cp, np); |
764 | 28.2k | if (rrp != NULL) |
765 | 4.26k | *rrp = rr; |
766 | 28.2k | *rp = r; |
767 | 28.2k | if (p == NULL) { |
768 | 359 | ERR_raise(ERR_LIB_CONF, CONF_R_VARIABLE_HAS_NO_VALUE); |
769 | 359 | goto err; |
770 | 359 | } |
771 | 27.8k | newsize = strlen(p) + buf->length - (e - from); |
772 | 27.8k | if (newsize > MAX_CONF_VALUE_LENGTH) { |
773 | 15 | ERR_raise(ERR_LIB_CONF, CONF_R_VARIABLE_EXPANSION_TOO_LONG); |
774 | 15 | goto err; |
775 | 15 | } |
776 | 27.8k | if (!BUF_MEM_grow_clean(buf, newsize)) { |
777 | 0 | ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); |
778 | 0 | goto err; |
779 | 0 | } |
780 | 10.8M | while (*p) |
781 | 10.8M | buf->data[to++] = *(p++); |
782 | | |
783 | | /* |
784 | | * Since we change the pointer 'from', we also have to change the |
785 | | * perceived length of the string it points at. /RL |
786 | | */ |
787 | 27.8k | len -= e - from; |
788 | 27.8k | from = e; |
789 | | |
790 | | /* |
791 | | * In case there were no braces or parenthesis around the |
792 | | * variable reference, we have to put back the character that was |
793 | | * replaced with a '\0'. /RL |
794 | | */ |
795 | 27.8k | *rp = r; |
796 | 27.8k | } else |
797 | 25.1M | buf->data[to++] = *(from++); |
798 | 25.3M | } |
799 | 81.0k | buf->data[to] = '\0'; |
800 | 81.0k | OPENSSL_free(*pto); |
801 | 81.0k | *pto = buf->data; |
802 | 81.0k | OPENSSL_free(buf); |
803 | 81.0k | return 1; |
804 | 502 | err: |
805 | 502 | BUF_MEM_free(buf); |
806 | 502 | return 0; |
807 | 81.5k | } |
808 | | |
809 | | #ifndef OPENSSL_NO_POSIX_IO |
810 | | /* |
811 | | * Check whether included path is a directory. |
812 | | * Returns next BIO to process and in case of a directory |
813 | | * also an opened directory context and the include path. |
814 | | */ |
815 | | static BIO *process_include(char *include, OPENSSL_DIR_CTX **dirctx, |
816 | | char **dirpath) |
817 | 10.3k | { |
818 | 10.3k | struct stat st; |
819 | 10.3k | BIO *next; |
820 | | |
821 | 10.3k | if (stat(include, &st) < 0) { |
822 | 2.74k | ERR_raise_data(ERR_LIB_SYS, errno, "calling stat(%s)", include); |
823 | | /* missing include file is not fatal error */ |
824 | 2.74k | return NULL; |
825 | 2.74k | } |
826 | | |
827 | 7.58k | if (S_ISDIR(st.st_mode)) { |
828 | 7.55k | if (*dirctx != NULL) { |
829 | 0 | ERR_raise_data(ERR_LIB_CONF, CONF_R_RECURSIVE_DIRECTORY_INCLUDE, |
830 | 0 | "%s", include); |
831 | 0 | return NULL; |
832 | 0 | } |
833 | | /* a directory, load its contents */ |
834 | 7.55k | if ((next = get_next_file(include, dirctx)) != NULL) |
835 | 6.52k | *dirpath = include; |
836 | 7.55k | return next; |
837 | 7.55k | } |
838 | | |
839 | 39 | next = BIO_new_file(include, "r"); |
840 | 39 | return next; |
841 | 7.58k | } |
842 | | |
843 | | /* |
844 | | * Get next file from the directory path. |
845 | | * Returns BIO of the next file to read and updates dirctx. |
846 | | */ |
847 | | static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx) |
848 | 20.3k | { |
849 | 20.3k | const char *filename; |
850 | 20.3k | size_t pathlen; |
851 | | |
852 | 20.3k | pathlen = strlen(path); |
853 | 668k | while ((filename = OPENSSL_DIR_read(dirctx, path)) != NULL) { |
854 | 660k | size_t namelen; |
855 | | |
856 | 660k | namelen = strlen(filename); |
857 | | |
858 | | |
859 | 660k | if ((namelen > 5 |
860 | 660k | && OPENSSL_strcasecmp(filename + namelen - 5, ".conf") == 0) |
861 | 660k | || (namelen > 4 |
862 | 562k | && OPENSSL_strcasecmp(filename + namelen - 4, ".cnf") == 0)) { |
863 | 97.7k | size_t newlen; |
864 | 97.7k | char *newpath; |
865 | 97.7k | BIO *bio; |
866 | | |
867 | 97.7k | newlen = pathlen + namelen + 2; |
868 | 97.7k | newpath = OPENSSL_zalloc(newlen); |
869 | 97.7k | if (newpath == NULL) { |
870 | 0 | ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); |
871 | 0 | break; |
872 | 0 | } |
873 | | #ifdef OPENSSL_SYS_VMS |
874 | | /* |
875 | | * If the given path isn't clear VMS syntax, |
876 | | * we treat it as on Unix. |
877 | | */ |
878 | | if (path[pathlen - 1] == ']' |
879 | | || path[pathlen - 1] == '>' |
880 | | || path[pathlen - 1] == ':') { |
881 | | /* Clear VMS directory syntax, just copy as is */ |
882 | | OPENSSL_strlcpy(newpath, path, newlen); |
883 | | } |
884 | | #endif |
885 | 97.7k | if (newpath[0] == '\0') { |
886 | 97.7k | OPENSSL_strlcpy(newpath, path, newlen); |
887 | 97.7k | OPENSSL_strlcat(newpath, "/", newlen); |
888 | 97.7k | } |
889 | 97.7k | OPENSSL_strlcat(newpath, filename, newlen); |
890 | | |
891 | 97.7k | bio = BIO_new_file(newpath, "r"); |
892 | 97.7k | OPENSSL_free(newpath); |
893 | | /* Errors when opening files are non-fatal. */ |
894 | 97.7k | if (bio != NULL) |
895 | 13.0k | return bio; |
896 | 97.7k | } |
897 | 660k | } |
898 | 7.37k | OPENSSL_DIR_end(dirctx); |
899 | 7.37k | *dirctx = NULL; |
900 | 7.37k | return NULL; |
901 | 20.3k | } |
902 | | #endif |
903 | | |
904 | | static int is_keytype(const CONF *conf, char c, unsigned short type) |
905 | 1.04G | { |
906 | 1.04G | const unsigned short * keytypes = (const unsigned short *) conf->meth_data; |
907 | 1.04G | unsigned char key = (unsigned char)c; |
908 | | |
909 | | #ifdef CHARSET_EBCDIC |
910 | | # if CHAR_BIT > 8 |
911 | | if (key > 255) { |
912 | | /* key is out of range for os_toascii table */ |
913 | | return 0; |
914 | | } |
915 | | # endif |
916 | | /* convert key from ebcdic to ascii */ |
917 | | key = os_toascii[key]; |
918 | | #endif |
919 | | |
920 | 1.04G | if (key > 127) { |
921 | | /* key is not a seven bit ascii character */ |
922 | 43.0M | return 0; |
923 | 43.0M | } |
924 | | |
925 | 997M | return (keytypes[key] & type) ? 1 : 0; |
926 | 1.04G | } |
927 | | |
928 | | static char *eat_ws(CONF *conf, char *p) |
929 | 16.3M | { |
930 | 16.3M | while (IS_WS(conf, *p) && (!IS_EOF(conf, *p))) |
931 | 11.5k | p++; |
932 | 16.3M | return p; |
933 | 16.3M | } |
934 | | |
935 | | static void trim_ws(CONF *conf, char *start) |
936 | 121k | { |
937 | 121k | char *p = start; |
938 | | |
939 | 82.1M | while (!IS_EOF(conf, *p)) |
940 | 82.0M | p++; |
941 | 121k | p--; |
942 | 124k | while ((p >= start) && IS_WS(conf, *p)) |
943 | 2.70k | p--; |
944 | 121k | p++; |
945 | 121k | *p = '\0'; |
946 | 121k | } |
947 | | |
948 | | static char *eat_alpha_numeric(CONF *conf, char *p) |
949 | 113k | { |
950 | 22.0M | for (;;) { |
951 | 22.0M | if (IS_ESC(conf, *p)) { |
952 | 59.5k | p = scan_esc(conf, p); |
953 | 59.5k | continue; |
954 | 59.5k | } |
955 | 22.0M | if (!(IS_ALNUM_PUNCT(conf, *p) |
956 | 22.0M | || (conf->flag_dollarid && IS_DOLLAR(conf, *p)))) |
957 | 113k | return p; |
958 | 21.9M | p++; |
959 | 21.9M | } |
960 | 113k | } |
961 | | |
962 | | static char *scan_quote(CONF *conf, char *p) |
963 | 11.2k | { |
964 | 11.2k | int q = *p; |
965 | | |
966 | 11.2k | p++; |
967 | 42.0M | while (!(IS_EOF(conf, *p)) && (*p != q)) { |
968 | 42.0M | if (IS_ESC(conf, *p)) { |
969 | 151k | p++; |
970 | 151k | if (IS_EOF(conf, *p)) |
971 | 633 | return p; |
972 | 151k | } |
973 | 42.0M | p++; |
974 | 42.0M | } |
975 | 10.6k | if (*p == q) |
976 | 7.34k | p++; |
977 | 10.6k | return p; |
978 | 11.2k | } |
979 | | |
980 | | static char *scan_dquote(CONF *conf, char *p) |
981 | 0 | { |
982 | 0 | int q = *p; |
983 | |
|
984 | 0 | p++; |
985 | 0 | while (!(IS_EOF(conf, *p))) { |
986 | 0 | if (*p == q) { |
987 | 0 | if (*(p + 1) == q) { |
988 | 0 | p++; |
989 | 0 | } else { |
990 | 0 | break; |
991 | 0 | } |
992 | 0 | } |
993 | 0 | p++; |
994 | 0 | } |
995 | 0 | if (*p == q) |
996 | 0 | p++; |
997 | 0 | return p; |
998 | 0 | } |
999 | | |
1000 | | static void dump_value_doall_arg(const CONF_VALUE *a, BIO *out) |
1001 | 0 | { |
1002 | 0 | if (a->name) |
1003 | 0 | BIO_printf(out, "[%s] %s=%s\n", a->section, a->name, a->value); |
1004 | 0 | else |
1005 | 0 | BIO_printf(out, "[[%s]]\n", a->section); |
1006 | 0 | } |
1007 | | |
1008 | | IMPLEMENT_LHASH_DOALL_ARG_CONST(CONF_VALUE, BIO); |
1009 | | |
1010 | | static int def_dump(const CONF *conf, BIO *out) |
1011 | 0 | { |
1012 | 0 | lh_CONF_VALUE_doall_BIO(conf->data, dump_value_doall_arg, out); |
1013 | 0 | return 1; |
1014 | 0 | } |
1015 | | |
1016 | | static int def_is_number(const CONF *conf, char c) |
1017 | 0 | { |
1018 | 0 | return IS_NUMBER(conf, c); |
1019 | 0 | } |
1020 | | |
1021 | | static int def_to_int(const CONF *conf, char c) |
1022 | 0 | { |
1023 | 0 | return c - '0'; |
1024 | 0 | } |