X509 Certificate fix from Daniel Drown

git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/trunk/rdesktop@556 423420c4-83ab-492f-b58f-81f9feb106b5
2003-12-10 08:02:59 +00:00 · 2003-12-10 08:02:59 +00:00 · 1adaed9046
commit 1adaed9046
parent 15d76e893d
1 changed files with 31 additions and 1 deletions
--- a/secure.c
+++ b/secure.c
@ -625,8 +625,38 @@ sec_parse_crypt_info(STREAM s, uint32 * rc4_key_size,
 	}
 	else
 	{
+		uint32 certcount;
+
 		DEBUG_RDP5(("We're going for the RDP5-style encryption\n"));
-		in_uint8s(s, 4);	/* Number of certificates */
+		in_uint32_le(s, certcount); /* Number of certificates */
+
+		if(certcount < 2) 
+		{
+			error("Server didn't send enough X509 certificates\n");
+			return False;
+		}
+
+		for(; certcount > 2; certcount--)
+		{ /* ignore all the certificates between the root and the signing CA */
+			uint32 ignorelen;
+			X509 *ignorecert;
+
+			DEBUG_RDP5(("Ignored certs left: %d\n", certcount));
+
+			in_uint32_le(s, ignorelen);
+			DEBUG_RDP5(("Ignored Certificate length is %d\n", ignorelen));
+			ignorecert = d2i_X509(NULL, &(s->p), ignorelen);
+
+			if(ignorecert == NULL)
+			{ /* XXX: error out? */
+				DEBUG_RDP5(("got a bad cert: this will probably screw up the rest of the communication\n"));
+			}
+
+#ifdef WITH_DEBUG_RDP5
+			DEBUG_RDP5(("cert #%d (ignored):\n",certcount));
+			X509_print_fp(stdout, ignorecert);
+#endif
+		}

 		/* Do da funky X.509 stuffy