p could be uninitialized

[oweals/openssl.git] / crypto / ocsp / ocsp_ht.c

diff --git a/crypto/ocsp/ocsp_ht.c b/crypto/ocsp/ocsp_ht.c
index 58774b3f4667ccebd25c1b475973d388b7e3fd73..9213e58ae49c126f01c587c46d0c105b041c0e54 100644 (file)
--- a/crypto/ocsp/ocsp_ht.c
+++ b/crypto/ocsp/ocsp_ht.c
@@ -64,6 +64,9 @@
 #include <openssl/ocsp.h>
 #include <openssl/err.h>
 #include <openssl/buffer.h>
+#ifdef OPENSSL_SYS_SUNOS
+#define strtoul (unsigned long)strtol
+#endif /* OPENSSL_SYS_SUNOS */
 
 /* Quick and dirty HTTP OCSP request handler.
  * Could make this a bit cleverer by adding
@@ -80,8 +83,8 @@ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req)
        int len, retcode;
        static char req_txt[] =
 "POST %s HTTP/1.0\r\n\
-Content-Type:application/ocsp-request\r\n\
-Content-length: %d\r\n\r\n";
+Content-Type: application/ocsp-request\r\n\
+Content-Length: %d\r\n\r\n";
 
        len = i2d_OCSP_REQUEST(req, NULL);
        if(BIO_printf(b, req_txt, path, len) < 0) {
@@ -94,7 +97,7 @@ Content-length: %d\r\n\r\n";
        }
        if(!(mem = BIO_new(BIO_s_mem()))) goto err;
        /* Copy response to a memory BIO: socket bios can't do gets! */
-       while ((len = BIO_read(b, tmpbuf, 1024))) {
+       while ((len = BIO_read(b, tmpbuf, sizeof tmpbuf))) {
                if(len < 0) {
                        OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_READ_ERROR);
                        goto err;
@@ -107,23 +110,23 @@ Content-length: %d\r\n\r\n";
        }
        /* Parse the HTTP response. This will look like this:
         * "HTTP/1.0 200 OK". We need to obtain the numeric code and
-         * informational message.
+         * (optional) informational message.
         */
 
        /* Skip to first white space (passed protocol info) */
-       for(p = tmpbuf; *p && !isspace(*p); p++) continue;
+       for(p = tmpbuf; *p && !isspace((unsigned char)*p); p++) continue;
        if(!*p) {
                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
                goto err;
        }
        /* Skip past white space to start of response code */
-       while(*p && isspace(*p)) p++;
+       while(*p && isspace((unsigned char)*p)) p++;
        if(!*p) {
                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
                goto err;
        }
        /* Find end of response code: first whitespace after start of code */
-       for(q = p; *q && !isspace(*q); q++) continue;
+       for(q = p; *q && !isspace((unsigned char)*q); q++) continue;
        if(!*q) {
                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
                goto err;
@@ -134,20 +137,26 @@ Content-length: %d\r\n\r\n";
        retcode = strtoul(p, &r, 10);
        if(*r) goto err;
        /* Skip over any leading white space in message */
-       while(*q && isspace(*q))  q++;
-       if(!*q) goto err;
+       while(*q && isspace((unsigned char)*q))  q++;
+       if(*q) {
        /* Finally zap any trailing white space in message (include CRLF) */
        /* We know q has a non white space character so this is OK */
-       for(r = q + strlen(q) - 1; isspace(*r); r--) *r = 0;
+               for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) *r = 0;
+       }
        if(retcode != 200) {
                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_ERROR);
-               ERR_add_error_data(4, "Code=", p, ",Reason=", q);
+               if(!*q) { 
+                       ERR_add_error_data(2, "Code=", p);
+               }
+               else {
+                       ERR_add_error_data(4, "Code=", p, ",Reason=", q);
+               }
                goto err;
        }
        /* Find blank line marking beginning of content */      
        while(BIO_gets(mem, tmpbuf, 512) > 0)
        {
-               for(p = tmpbuf; *p && isspace(*p); p++) continue;
+               for(p = tmpbuf; *p && isspace((unsigned char)*p); p++) continue;
                if(!*p) break;
        }
        if(*p) {