free cleanup 12

[openssl.git] / apps / ocsp.c

diff --git a/apps/ocsp.c b/apps/ocsp.c
index c58cd444fa8c26572259ead1903e79fadd9aa339..20dc1ae4cc7115a84a4c7cc962cf4e5491742f00 100644 (file)
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -222,6 +222,7 @@ int ocsp_main(int argc, char **argv)
     STACK_OF(OCSP_CERTID) *ids = NULL;
     STACK_OF(OPENSSL_STRING) *reqnames = NULL;
     STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL;
+    STACK_OF(X509) *issuers = NULL;
     X509 *issuer = NULL, *cert = NULL, *rca_cert = NULL;
     X509 *signer = NULL, *rsigner = NULL;
     X509_STORE *store = NULL;
@@ -734,8 +735,7 @@ int ocsp_main(int argc, char **argv)
     ERR_print_errors(bio_err);
     X509_free(signer);
     X509_STORE_free(store);
-    if (vpm)
-        X509_VERIFY_PARAM_free(vpm);
+    X509_VERIFY_PARAM_free(vpm);
     EVP_PKEY_free(key);
     EVP_PKEY_free(rkey);
     X509_free(cert);
@@ -1042,13 +1042,32 @@ static BIO *init_responder(const char *port)
     return NULL;
 }
 
+
+static char *urldecode(char *p)
+{
+    unsigned char *out = (unsigned char *)p;
+    char *save = p;
+
+    for (; *p; p++) {
+        if (*p != '%')
+            *out++ = *p;
+        else if (p[1] && p[2]) {
+            *out++ = (app_hex(p[1]) << 4) | app_hex(p[2]);
+            p += 2;
+        }
+    }
+    *p = '\0';
+    return save;
+}
+
 static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
                         const char *port)
 {
     int len;
     OCSP_REQUEST *req = NULL;
     char inbuf[2048];
-    BIO *cbio = NULL;
+    char *p, *q;
+    BIO *cbio = NULL, *getbio = NULL, *b64 = NULL;
 
     if (BIO_do_accept(acbio) <= 0) {
         BIO_printf(bio_err, "Error accepting connection\n");
@@ -1063,7 +1082,29 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
     len = BIO_gets(cbio, inbuf, sizeof inbuf);
     if (len <= 0)
         return 1;
-    if (strncmp(inbuf, "POST", 4) != 0) {
+    if (strncmp(inbuf, "GET", 3) == 0) {
+        /* Expecting GET {sp} /URL {sp} HTTP/1.x */
+        for (p = inbuf + 3; *p == ' ' || *p == '\t'; ++p)
+            continue;
+        if (*p) {
+            /* Move past the slash before the URL part. */
+            p++;
+        }
+        /* Splice off the HTTP version identifier. */
+        for (q = p; *q; q++)
+            if (*q == ' ' || *q == '\t')
+                break;
+        if (*q == '\0') {
+            BIO_printf(bio_err, "Invalid request\n");
+            return 1;
+        }
+        *q = '\0';
+        p = urldecode(p);
+        getbio = BIO_new_mem_buf(p, strlen(p));
+        b64 = BIO_new(BIO_f_base64());
+        BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
+        getbio = BIO_push(b64, getbio);
+    } else if (strncmp(inbuf, "POST", 4) != 0) {
         BIO_printf(bio_err, "Invalid request\n");
         return 1;
     }
@@ -1077,7 +1118,11 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
     }
 
     /* Try to read OCSP request */
-    req = d2i_OCSP_REQUEST_bio(cbio, NULL);
+    if (getbio) {
+        req = d2i_OCSP_REQUEST_bio(getbio, NULL);
+        BIO_free_all(getbio);
+    } else
+        req = d2i_OCSP_REQUEST_bio(cbio, NULL);
 
     if (!req) {
         BIO_printf(bio_err, "Error parsing OCSP request\n");
@@ -1184,8 +1229,7 @@ static OCSP_RESPONSE *query_responder(BIO *cbio, const char *path,
 
     }
  err:
-    if (ctx)
-        OCSP_REQ_CTX_free(ctx);
+    OCSP_REQ_CTX_free(ctx);
 
     return rsp;
 }