From: tb Date: Sun, 18 Dec 2022 12:04:55 +0000 (+0000) Subject: acme-client: encode unexpected SANs before printing X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=0b60193df276dc6f43ebb60edd076225d1cc0850;p=openbsd acme-client: encode unexpected SANs before printing If a SAN isn't configured, it could be anything, so make printing it safe using strvisx(). If it is configured but duplicate, printing it should be fine, so don't bother. This removes two XXX added in the previous commit. ok florian --- diff --git a/usr.sbin/acme-client/revokeproc.c b/usr.sbin/acme-client/revokeproc.c index a9e2df6211f..0f1bf32678b 100644 --- a/usr.sbin/acme-client/revokeproc.c +++ b/usr.sbin/acme-client/revokeproc.c @@ -1,4 +1,4 @@ -/* $Id: revokeproc.c,v 1.24 2022/12/17 13:53:38 tb Exp $ */ +/* $Id: revokeproc.c,v 1.25 2022/12/18 12:04:55 tb Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons * @@ -23,6 +23,7 @@ #include #include #include +#include #include #include @@ -177,9 +178,17 @@ revokeproc(int fd, const char *certfile, int force, } if (j == altsz) { if (revocate) { - /* XXX strnvis? */ - warnx("%s: unexpected SAN entry: %.*s", - certfile, name_len, name_buf); + char *visbuf; + + visbuf = calloc(4, name_len + 1); + if (visbuf == NULL) { + warn("%s: unexpected SAN", certfile); + goto out; + } + strvisx(visbuf, name_buf, name_len, VIS_SAFE); + warnx("%s: unexpected SAN entry: %s", + certfile, visbuf); + free(visbuf); goto out; } force = 2; @@ -187,7 +196,6 @@ revokeproc(int fd, const char *certfile, int force, } if (found[j]++) { if (revocate) { - /* XXX strnvis? */ warnx("%s: duplicate SAN entry: %.*s", certfile, name_len, name_buf); goto out;