Re: [PATCH 2/4] pem: Add pem_write_certificate_chain
On Thu, 17 Dec 2020 at 21:08, Denis Kenzior <denkenz(a)gmail.com> wrote:
On 12/16/20 7:32 PM, Andrew Zaborowski wrote:
> @@ -45,6 +45,7 @@
> #include "cipher.h"
> #include "cert-private.h"
> #include "missing.h"
> +#include "io.h"
Is this really needed?
Oops, I forgot to clean up after refactoring this a few times.
> #include "pem-private.h"
>
> #define PEM_START_BOUNDARY "-----BEGIN "
> @@ -364,6 +365,55 @@ LIB_EXPORT struct l_certchain *l_pem_load_certificate_chain(
> return pem_list_to_chain(list);
> }
>
> +static bool pem_write_one_cert(struct l_cert *cert, void *user_data)
> +{
> + int *fd = user_data;
> + const uint8_t *der;
> + size_t der_len;
> + struct iovec iov[3];
> + ssize_t r;
> +
> + der = l_cert_get_der_data(cert, &der_len);
> +
> + iov[0].iov_base = "-----BEGIN CERTIFICATE-----\n";
> + iov[0].iov_len = strlen(iov[0].iov_base);
> + iov[1].iov_base = l_base64_encode(der, der_len, 64, &iov[1].iov_len);
Is this being leaked?
Yep.
> + iov[2].iov_base = "\n-----END CERTIFICATE-----\n";
> + iov[2].iov_len = strlen(iov[2].iov_base);
> + r = L_TFR(writev(*fd, iov, 3));
> +
> + if (r == (ssize_t) (iov[0].iov_len + iov[1].iov_len + iov[2].iov_len))
> + return false;
> +
> + close(*fd);
Maybe the close should be in pem_write_certificate_chain()?
Ok.
Best regards