Skip to content

Commit

Permalink
Merge pull request #680 from openziti/fix-ottca-enrollment
Browse files Browse the repository at this point in the history 
when using ottca enrollment er->cert is null and segfaults on strlen
  • Loading branch information
@dovholuknf
dovholuknf authored Jul 1, 2024
2 parents 1ef8211 + 89da877 commit e8fb572
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 11 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/build-release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,8 @@ jobs:
- { name: 'Linux x86_64', runner: 'ubuntu-20.04', target: 'linux-x64', builder: 'openziti/ziti-builder:1.0.7' }
- { name: 'Linux ARM', runner: 'ubuntu-20.04', target: 'linux-arm', builder: 'openziti/ziti-builder:1.0.7' }
- { name: 'Linux ARM64', runner: 'ubuntu-20.04', target: 'linux-arm64', builder: 'openziti/ziti-builder:1.0.7' }
- { name: 'MacOS x86_64', runner: 'macOS-11', target: 'macOS-x64' }
- { name: 'MacOS arm64', runner: 'macOS-11', target: 'macOS-arm64' }
- { name: 'MacOS x86_64', runner: 'macOS-13', target: 'macOS-x64' }
- { name: 'MacOS arm64', runner: 'macOS-13', target: 'macOS-arm64' }
- { name: 'Windows x86_64', runner: 'windows-2022', target: 'windows-x64' }
- { name: 'Windows ARM64', runner: 'windows-2022', target: 'windows-arm64' }

Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/cmake.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,8 @@ jobs:
- { name: 'Linux x86_64', runner: 'ubuntu-20.04', target: 'linux-x64', builder: 'openziti/ziti-builder:1.0.11', test: 'true' }
- { name: 'Linux ARM', runner: 'ubuntu-20.04', target: 'linux-arm', builder: 'openziti/ziti-builder:1.0.11' }
- { name: 'Linux ARM64', runner: 'ubuntu-20.04', target: 'linux-arm64', builder: 'openziti/ziti-builder:1.0.11' }
- { name: 'MacOS x86_64', runner: 'macOS-11', target: 'macOS-x64', test: 'true' }
- { name: 'MacOS arm64', runner: 'macOS-11', target: 'macOS-arm64' }
- { name: 'MacOS x86_64', runner: 'macOS-13', target: 'macOS-x64', test: 'true' }
- { name: 'MacOS arm64', runner: 'macOS-13', target: 'macOS-arm64' }
- { name: 'Windows x86_64', runner: 'windows-2022', target: 'windows-x64', test: 'true' }
- { name: 'Windows ARM64', runner: 'windows-2022', target: 'windows-arm64' }
steps:
Expand Down
7 changes: 5 additions & 2 deletions library/ziti.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,8 +104,11 @@ static size_t parse_ref(const char *val, const char **res) {
if (val != NULL) {
if (strncmp("file:", val, 5) == 0) {
// load file
*res = val + strlen("file://");
len = strlen(*res) + 1;
struct tlsuv_url_s url;
tlsuv_parse_url(&url, val);
size_t start = strlen(val) - strlen(url.path);
*res = url.path;
len = url.path_len;
} else if (strncmp("pem:", val, 4) == 0) {
// load inline PEM
*res = val + 4;
Expand Down
8 changes: 3 additions & 5 deletions library/ziti_enroll.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -237,8 +237,7 @@ static void enroll_cb(ziti_enrollment_resp *er, const ziti_error *err, void *enr
if (enroll_req->enroll_cb) {
enroll_req->enroll_cb(NULL, ZITI_JWT_INVALID, err->code, enroll_req->external_enroll_ctx);
}
}
else {
} else {
ZITI_LOG(DEBUG, "successfully enrolled with controller %s", ctrl->url);

ziti_config cfg = {0};
Expand All @@ -247,12 +246,11 @@ static void enroll_cb(ziti_enrollment_resp *er, const ziti_error *err, void *enr
cfg.id.key = strdup(enroll_req->ecfg->private_key);

tls_cert c = NULL;
if (enroll_req->ecfg->tls->load_cert(&c, er->cert, strlen(er->cert)) == 0 &&
if (er->cert != NULL && enroll_req->ecfg->tls->load_cert(&c, er->cert, strlen(er->cert)) == 0 &&
enroll_req->ecfg->pk->store_certificate != NULL &&
enroll_req->ecfg->pk->store_certificate(enroll_req->ecfg->pk, c) == 0) {
ZITI_LOG(INFO, "stored certificate to PKCS#11 token");
}
else {
} else {
cfg.id.cert = er->cert ? strdup(er->cert) : strdup(enroll_req->ecfg->own_cert);
}

Expand Down

0 comments on commit e8fb572

Please sign in to comment.