From 2295436246dbbffccf32ac29163e0df85a55e7f6 Mon Sep 17 00:00:00 2001 From: Shawn Carey Date: Tue, 26 Sep 2023 12:54:38 -0400 Subject: [PATCH 1/2] check config.id.ca before dereferencing --- library/ziti.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/library/ziti.c b/library/ziti.c index 30d9cf31..4a07d452 100644 --- a/library/ziti.c +++ b/library/ziti.c @@ -211,7 +211,7 @@ int ziti_init_opts(ziti_options *options, uv_loop_t *loop) { options->controller = strdup(ctx->config.controller_url); } - if (strncmp(ctx->config.id.ca, "file://", strlen("file://")) == 0) { + if (ctx->config.id.ca && strncmp(ctx->config.id.ca, "file://", strlen("file://")) == 0) { struct tlsuv_url_s url; TRY(ziti, tlsuv_parse_url(&url, ctx->config.id.ca)); @@ -277,9 +277,9 @@ void ziti_set_unauthenticated(ziti_context ztx) { if (ztx->sessionKey) { init_tls_from_config(ztx->tlsCtx, &ztx->config); - if (ztx->sessonCert) { - ztx->tlsCtx->free_cert(&ztx->sessonCert); - ztx->sessonCert = NULL; + if (ztx->sessionCert) { + ztx->tlsCtx->free_cert(&ztx->sessionCert); + ztx->sessionCert = NULL; } ztx->sessionKey->free(ztx->sessionKey); @@ -1385,15 +1385,15 @@ static void on_create_cert(ziti_create_api_cert_resp *resp, const ziti_error *e, ZTX_LOG(DEBUG, "received API session certificate"); ZTX_LOG(VERBOSE, "cert => %s", resp->client_cert_pem); - if (ztx->sessonCert) { - ztx->tlsCtx->free_cert(&ztx->sessonCert); + if (ztx->sessionCert) { + ztx->tlsCtx->free_cert(&ztx->sessionCert); } - if (ztx->tlsCtx->load_cert(&ztx->sessonCert, resp->client_cert_pem, strlen(resp->client_cert_pem)) != 0) { + if (ztx->tlsCtx->load_cert(&ztx->sessionCert, resp->client_cert_pem, strlen(resp->client_cert_pem)) != 0) { ZTX_LOG(ERROR, "failed to parse supplied session cert"); } - int rc = ztx->tlsCtx->set_own_cert(ztx->tlsCtx, ztx->sessionKey, ztx->sessonCert); + int rc = ztx->tlsCtx->set_own_cert(ztx->tlsCtx, ztx->sessionKey, ztx->sessionCert); if (rc != 0) { ZTX_LOG(ERROR, "failed to set session cert: %d", rc); } @@ -1419,7 +1419,7 @@ static void ca_bundle_cb(char *pkcs7, const ziti_error *err, void *ctx) { goto error; } - if (strcmp(new_pem, ztx->config.id.ca) != 0) { + if (ztx->config.id.ca && strcmp(new_pem, ztx->config.id.ca) != 0) { char *old_ca = ztx->config.id.ca; ztx->config.id.ca = new_pem; From 2384603a16a787f39e51604eb95e1f46dfb90b40 Mon Sep 17 00:00:00 2001 From: Shawn Carey Date: Tue, 26 Sep 2023 12:54:43 -0400 Subject: [PATCH 2/2] typo --- inc_internal/zt_internal.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc_internal/zt_internal.h b/inc_internal/zt_internal.h index 893b1810..e810864c 100644 --- a/inc_internal/zt_internal.h +++ b/inc_internal/zt_internal.h @@ -245,7 +245,7 @@ struct ziti_ctx { tlsuv_private_key_t sessionKey; char *sessionCsr; - tls_cert sessonCert; + tls_cert sessionCert; tls_context *tlsCtx; bool closing;