
<p></p>

<p><b>@piotrgregor</b> requested changes on this pull request.</p>


<hr>


<p>In <a href="https://github.com/kamailio/kamailio/pull/3175#discussion_r912953694">src/modules/stirshaken/stirshaken_mod.c</a>:</p>

<pre style='color:#555'>> @@ -158,6 +157,96 @@ static int get_cert_name_hashed(const char *name, char *buf, int buf_len)

        return 0;

 }

 
+static int stirshaken_handle_cache_to_disk(X509 *x, STACK_OF(X509) *xchain, const char *cert_full_path)

+{

+    int i = 0;

+    int w = 0;

+    FILE *fp = NULL;

+    X509 *xc = NULL;

+

+    if (!x) {

+        LM_ERR("Refusing to save an empty cert\n");

+        return -1;

+    }

</pre>

<p dir="auto">Please also check <code class="notranslate">xchain</code> for NULL and call <code class="notranslate">sk_X509_num</code> only if it's not.</p>


<hr>


<p>In <a href="https://github.com/kamailio/kamailio/pull/3175#discussion_r912954696">src/modules/stirshaken/stirshaken_mod.c</a>:</p>

<pre style='color:#555'>> @@ -158,6 +157,96 @@ static int get_cert_name_hashed(const char *name, char *buf, int buf_len)

        return 0;

 }

 
+static int stirshaken_handle_cache_to_disk(X509 *x, STACK_OF(X509) *xchain, const char *cert_full_path)

+{

+    int i = 0;

+    int w = 0;

+    FILE *fp = NULL;

+    X509 *xc = NULL;

+

+    if (!x) {

+        LM_ERR("Refusing to save an empty cert\n");

+        return -1;

+    }

+

</pre>

<p dir="auto">Please also check <code class="notranslate">cert_full_path</code> against NULL pointer or pointer to an empty string.</p>


<hr>


<p>In <a href="https://github.com/kamailio/kamailio/pull/3175#discussion_r912957140">src/modules/stirshaken/stirshaken_mod.c</a>:</p>

<pre style='color:#555'>> +    if (fp) fclose(fp);

+    fp = NULL;

+

+    return 0;

+

+fail:

+       if (fp) fclose(fp);

+       return -1;

+}

+

+static int stirshaken_handle_cache_from_disk(stir_shaken_context_t *ss, stir_shaken_cert_t *cert, const char *name)

+{

+    FILE *fp = NULL;

+    X509 *wcert = NULL;

+

+    LM_DBG("Handle cache from disk; %s", name);

</pre>

<p dir="auto">Please move it below line 214, after <code class="notranslate">stir_shaken_zstr</code> check.</p>


<hr>


<p>In <a href="https://github.com/kamailio/kamailio/pull/3175#discussion_r912957546">src/modules/stirshaken/stirshaken_mod.c</a>:</p>

<pre style='color:#555'>> +

+    if (fp) fclose(fp);

+    fp = NULL;

+

+    return 0;

+

+fail:

+       if (fp) fclose(fp);

+       return -1;

+}

+

+static int stirshaken_handle_cache_from_disk(stir_shaken_context_t *ss, stir_shaken_cert_t *cert, const char *name)

+{

+    FILE *fp = NULL;

+    X509 *wcert = NULL;

+

</pre>

<p dir="auto">Please check <code class="notranslate">cert</code> against NULL.</p>


<hr>


<p>In <a href="https://github.com/kamailio/kamailio/pull/3175#discussion_r912962676">src/modules/stirshaken/stirshaken_mod.c</a>:</p>

<pre style='color:#555'>> +        LM_ERR("Failed to open %s: %s", name, strerror(errno));

+        goto fail;

+    }

+

+    cert->xchain = sk_X509_new_null();

+

+    while ((wcert = PEM_read_X509(fp, NULL, NULL, NULL))) {

+               if (!cert->x) {

+                       cert->x = wcert;

+               }

+               else {

+                       sk_X509_push(cert->xchain, wcert);

+               }

+       }

+

+       LM_DBG("done reading file, got %d certs and %d chains", cert->x ? 1 : 0, sk_X509_num(cert->xchain));

</pre>

<p dir="auto">Let's handle plural/singular form in a log message.<br>

Maybe something like:</p>

<pre class="notranslate"><code class="notranslate">n = sk_X509_num(cert->xchain));

LM_DBG("done reading file, got %d cert%s and %d chain%s", cert->x ? 1 : 0, cert->x ? "", "s", n == 1 ? "" : "s", n);

</code></pre>


<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />Reply to this email directly, <a href="https://github.com/kamailio/kamailio/pull/3175#pullrequestreview-1027482224">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/ABO7UZKBX5DFB6O2FTSIUTLVSLMMLANCNFSM52P2GZPA">unsubscribe</a>.<br />You are receiving this because you are subscribed to this thread.<img src="https://github.com/notifications/beacon/ABO7UZL3VVEZ32FWE6QTOW3VSLMMLA5CNFSM52P2GZPKYY3PNVWWK3TUL52HS4DFWFIHK3DMKJSXC5LFON2FEZLWNFSXPKTDN5WW2ZLOORPWSZGOHU7CE4A.gif" height="1" width="1" alt="" /><span style="color: transparent; font-size: 0; display: none; visibility: hidden; overflow: hidden; opacity: 0; width: 0; height: 0; max-width: 0; max-height: 0; mso-hide: all">Message ID: <span><kamailio/kamailio/pull/3175/review/1027482224</span><span>@</span><span>github</span><span>.</span><span>com></span></span></p>

<script type="application/ld+json">[

{

"@context": "http://schema.org",

"@type": "EmailMessage",

"potentialAction": {

"@type": "ViewAction",

"target": "https://github.com/kamailio/kamailio/pull/3175#pullrequestreview-1027482224",

"url": "https://github.com/kamailio/kamailio/pull/3175#pullrequestreview-1027482224",

"name": "View Pull Request"

},

"description": "View this Pull Request on GitHub",

"publisher": {

"@type": "Organization",

"name": "GitHub",

"url": "https://github.com"

}

}

]</script>