Merge pull request #15554 from var-const/objc-cert-null-term

Fix out-of-bounds access loading pem files in Objective-C.
7 years ago · c54f607dd0
parent 7fb48fd792 e05196d819
commit c54f607dd0
1 changed files with 12 additions and 7 deletions
--- a/src/objective-c/GRPCClient/private/GRPCHost.m
+++ b/src/objective-c/GRPCClient/private/GRPCHost.m
@ -129,6 +129,14 @@ static NSMutableDictionary *kHostCache;
                        completionQueue:queue];
 }

+- (NSData *)nullTerminatedDataWithString:(NSString *)string {
+  // dataUsingEncoding: does not return a null-terminated string.
+  NSData *data = [string dataUsingEncoding:NSASCIIStringEncoding allowLossyConversion:YES];
+  NSMutableData *nullTerminated = [NSMutableData dataWithData:data];
+  [nullTerminated appendBytes:"\0" length:1];
+  return nullTerminated;
+}
+
 - (BOOL)setTLSPEMRootCerts:(nullable NSString *)pemRootCerts
            withPrivateKey:(nullable NSString *)pemPrivateKey
             withCertChain:(nullable NSString *)pemCertChain
@ -150,13 +158,12 @@ static NSMutableDictionary *kHostCache;
      kDefaultRootsError = error;
      return;
    }
-    kDefaultRootsASCII =
-        [contentInUTF8 dataUsingEncoding:NSASCIIStringEncoding allowLossyConversion:YES];
+    kDefaultRootsASCII = [self nullTerminatedDataWithString:contentInUTF8];
  });

  NSData *rootsASCII;
  if (pemRootCerts != nil) {
-    rootsASCII = [pemRootCerts dataUsingEncoding:NSASCIIStringEncoding allowLossyConversion:YES];
+    rootsASCII = [self nullTerminatedDataWithString:pemRootCerts];
  } else {
    if (kDefaultRootsASCII == nil) {
      if (errorPtr) {
@ -179,10 +186,8 @@ static NSMutableDictionary *kHostCache;
    creds = grpc_ssl_credentials_create(rootsASCII.bytes, NULL, NULL);
  } else {
    grpc_ssl_pem_key_cert_pair key_cert_pair;
-    NSData *privateKeyASCII =
-        [pemPrivateKey dataUsingEncoding:NSASCIIStringEncoding allowLossyConversion:YES];
-    NSData *certChainASCII =
-        [pemCertChain dataUsingEncoding:NSASCIIStringEncoding allowLossyConversion:YES];
+    NSData *privateKeyASCII = [self nullTerminatedDataWithString:pemPrivateKey];
+    NSData *certChainASCII = [self nullTerminatedDataWithString:pemCertChain];
    key_cert_pair.private_key = privateKeyASCII.bytes;
    key_cert_pair.cert_chain = certChainASCII.bytes;
    creds = grpc_ssl_credentials_create(rootsASCII.bytes, &key_cert_pair, NULL);