* modules/ssl/ssl_engine_ocsp.c (extract_responder_uri): Use

notroj · notroj · commit 1543b9831357 · 2026-04-29T19:10:55.000+01:00
modssl_ASN1_STRING_convert instead of directly accessing ASN1_STRING
  data pointer.

* modules/ssl/ssl_util_ssl.c (modssl_ASN1_STRING_convert): Rename from
  asn1_string_convert and export function.
  (asn1_string_to_utf8): Update to use modssl_ASN1_STRING_convert.
  (modssl_X509_NAME_ENTRY_to_string): Update to use
  modssl_ASN1_STRING_convert.

* modules/ssl/ssl_util_ssl.h (modssl_ASN1_STRING_convert): Declare new
  function.
diff --git a/modules/ssl/ssl_engine_ocsp.c b/modules/ssl/ssl_engine_ocsp.c
@@ -38,8 +38,8 @@ static const char *extract_responder_uri(X509 *cert, apr_pool_t *pool)
         /* Name found in extension, and is a URI: */
         if (OBJ_obj2nid(value->method) == NID_ad_OCSP
             && value->location->type == GEN_URI) {
-            result = apr_pstrdup(pool,
-                                 (char *)value->location->d.uniformResourceIdentifier->data);
+            const ASN1_STRING *uri = value->location->d.uniformResourceIdentifier;
+            result = modssl_ASN1_STRING_convert(pool, uri, 0);
         }
     }
 
diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c
@@ -206,7 +206,7 @@ char *modssl_bio_free_read(apr_pool_t *p, BIO *bio)
 /* Convert ASN.1 string to a pool-allocated char * string, escaping
  * control characters.  If raw is zero, convert to UTF-8, otherwise
  * unchanged from the character set. */
-static char *asn1_string_convert(apr_pool_t *p, const ASN1_STRING *asn1str, int raw)
+char *modssl_ASN1_STRING_convert(apr_pool_t *p, const ASN1_STRING *asn1str, int raw)
 {
     BIO *bio;
     int flags = ASN1_STRFLGS_ESC_CTRL;
@@ -221,13 +221,13 @@ static char *asn1_string_convert(apr_pool_t *p, const ASN1_STRING *asn1str, int
     return modssl_bio_free_read(p, bio);
 }
 
-#define asn1_string_to_utf8(p, a) asn1_string_convert(p, a, 0)
+#define asn1_string_to_utf8(p, a) modssl_ASN1_STRING_convert(p, a, 0)
 
 /* convert a NAME_ENTRY to UTF8 string */
 char *modssl_X509_NAME_ENTRY_to_string(apr_pool_t *p, const X509_NAME_ENTRY *xsne,
                                        int raw)
 {
-    char *result = asn1_string_convert(p, X509_NAME_ENTRY_get_data(xsne), raw);
+    char *result = modssl_ASN1_STRING_convert(p, X509_NAME_ENTRY_get_data(xsne), raw);
     ap_xlate_proto_from_ascii(result, len);
     return result;
 }
diff --git a/modules/ssl/ssl_util_ssl.h b/modules/ssl/ssl_util_ssl.h
@@ -78,6 +78,12 @@ BOOL        modssl_X509_getSAN(apr_pool_t *, X509 *, int, const char *, int, apr
 BOOL        modssl_X509_match_name(apr_pool_t *, X509 *, const char *, BOOL, server_rec *);
 char       *modssl_SSL_SESSION_id2sz(IDCONST unsigned char *, int, char *, int);
 
+/* Convert ASN.1 string to a pool-allocated char * string, escaping
+ * control characters.  If raw is zero, convert to UTF-8, otherwise
+ * unchanged from the character set. */
+char *modssl_ASN1_STRING_convert(apr_pool_t *p, const ASN1_STRING *asn1str,
+                                 int raw);
+
 /* Reads the remaining data in BIO, if not empty, and copies it into a
  * pool-allocated string.  If empty, returns NULL.  BIO_free(bio) is
  * called for both cases. */

Original file line number	Diff line number	Diff line change
`@@ -38,8 +38,8 @@ static const char extract_responder_uri(X509 cert, apr_pool_t *pool)`
`38`	`38`	`/* Name found in extension, and is a URI: */`
`39`	`39`	`if (OBJ_obj2nid(value->method) == NID_ad_OCSP`
`40`	`40`	`&& value->location->type == GEN_URI) {`
`41`		`- result = apr_pstrdup(pool,`
`42`		`- (char *)value->location->d.uniformResourceIdentifier->data);`
	`41`	`+ const ASN1_STRING *uri = value->location->d.uniformResourceIdentifier;`
	`42`	`+ result = modssl_ASN1_STRING_convert(pool, uri, 0);`
`43`	`43`	`}`
`44`	`44`	`}`
`45`	`45`
Original file line number	Diff line number	Diff line change
`@@ -206,7 +206,7 @@ char modssl_bio_free_read(apr_pool_t p, BIO *bio)`
`206`	`206`	`/* Convert ASN.1 string to a pool-allocated char * string, escaping`
`207`	`207`	`* control characters. If raw is zero, convert to UTF-8, otherwise`
`208`	`208`	`* unchanged from the character set. */`
`209`		`-static char asn1_string_convert(apr_pool_t p, const ASN1_STRING *asn1str, int raw)`
	`209`	`+char modssl_ASN1_STRING_convert(apr_pool_t p, const ASN1_STRING *asn1str, int raw)`
`210`	`210`	`{`
`211`	`211`	`BIO *bio;`
`212`	`212`	`int flags = ASN1_STRFLGS_ESC_CTRL;`
`@@ -221,13 +221,13 @@ static char asn1_string_convert(apr_pool_t p, const ASN1_STRING *asn1str, int`
`221`	`221`	`return modssl_bio_free_read(p, bio);`
`222`	`222`	`}`
`223`	`223`
`224`		`-#define asn1_string_to_utf8(p, a) asn1_string_convert(p, a, 0)`
	`224`	`+#define asn1_string_to_utf8(p, a) modssl_ASN1_STRING_convert(p, a, 0)`
`225`	`225`
`226`	`226`	`/* convert a NAME_ENTRY to UTF8 string */`
`227`	`227`	`char modssl_X509_NAME_ENTRY_to_string(apr_pool_t p, const X509_NAME_ENTRY *xsne,`
`228`	`228`	`int raw)`
`229`	`229`	`{`
`230`		`- char *result = asn1_string_convert(p, X509_NAME_ENTRY_get_data(xsne), raw);`
	`230`	`+ char *result = modssl_ASN1_STRING_convert(p, X509_NAME_ENTRY_get_data(xsne), raw);`
`231`	`231`	`ap_xlate_proto_from_ascii(result, len);`
`232`	`232`	`return result;`
`233`	`233`	`}`