From 0b60193df276dc6f43ebb60edd076225d1cc0850 Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Sun, 18 Dec 2022 12:04:55 +0000
Subject: [PATCH] acme-client: encode unexpected SANs before printing

If a SAN isn't configured, it could be anything, so make printing it safe
using strvisx(). If it is configured but duplicate, printing it should be
fine, so don't bother. This removes two XXX added in the previous commit.

ok florian
---
 usr.sbin/acme-client/revokeproc.c | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/usr.sbin/acme-client/revokeproc.c b/usr.sbin/acme-client/revokeproc.c
index a9e2df6211f..0f1bf32678b 100644
--- a/usr.sbin/acme-client/revokeproc.c
+++ b/usr.sbin/acme-client/revokeproc.c
@@ -1,4 +1,4 @@
-/*	$Id: revokeproc.c,v 1.24 2022/12/17 13:53:38 tb Exp $ */
+/*	$Id: revokeproc.c,v 1.25 2022/12/18 12:04:55 tb Exp $ */
 /*
  * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -23,6 +23,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
+#include <vis.h>
 
 #include <openssl/pem.h>
 #include <openssl/x509.h>
@@ -177,9 +178,17 @@ revokeproc(int fd, const char *certfile, int force,
 		}
 		if (j == altsz) {
 			if (revocate) {
-				/* XXX strnvis? */
-				warnx("%s: unexpected SAN entry: %.*s",
-				    certfile, name_len, name_buf);
+				char *visbuf;
+
+				visbuf = calloc(4, name_len + 1);
+				if (visbuf == NULL) {
+					warn("%s: unexpected SAN", certfile);
+					goto out;
+				}
+				strvisx(visbuf, name_buf, name_len, VIS_SAFE);
+				warnx("%s: unexpected SAN entry: %s",
+				    certfile, visbuf);
+				free(visbuf);
 				goto out;
 			}
 			force = 2;
@@ -187,7 +196,6 @@ revokeproc(int fd, const char *certfile, int force,
 		}
 		if (found[j]++) {
 			if (revocate) {
-				/* XXX strnvis? */
 				warnx("%s: duplicate SAN entry: %.*s",
 				    certfile, name_len, name_buf);
 				goto out;
-- 
2.20.1