| |
@@ -976,10 +976,11 @@
|
| |
* concatenated, always break them up. */
|
| |
p = s;
|
| |
while ((p != NULL) && (*p != '\0')) {
|
| |
- if (strncmp(p, "-----BEGIN", 10) != 0) {
|
| |
+ p = strstr(p, "-----BEGIN");
|
| |
+ if (p == NULL) {
|
| |
break;
|
| |
}
|
| |
- q = strstr(p, "----END");
|
| |
+ q = strstr(p, "-----END");
|
| |
if (q == NULL) {
|
| |
break;
|
| |
}
|
| |
When parsing the list of certificates provided for signing
verification the parser did not allow leading or trailing
data, like headers you might find in openSSL exported PKCS#12
values:
Bag Attributes
2.16.840.1.113730.5.1.1.1: CT,C,C
localKeyID: 00 9B 92 61 B3 05 7F EE 42 9B 6A AF DE 5B 08 ...
friendlyName: CA Signing Certificate
subject=/O=ACME/CN=CA Signing Certificate
issuer=/O=ACME/CN=CA Signing Certificate
https://pagure.io/certmonger/issue/93