X-Git-Url: https://bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=tools%2Ffiles.c;h=8bf67cc3b4f3c169e573a59f3647db9e309f185d;hp=07af6c4194a7e4e0bf993b6f7cdc16b3d9e43178;hb=d8fa415fcabecb7d7c8461d8edbe2f265911e72c;hpb=3210f38e0491b39aec1ef419cb4114e9483089fb

diff --git a/tools/files.c b/tools/files.c
index 07af6c4..8bf67cc 100644
--- a/tools/files.c
+++ b/tools/files.c
@@ -171,13 +171,16 @@ decode_pem(const void *src, size_t len, size_t *num)
 	const unsigned char *buf;
 	bvector bv = VEC_INIT;
 	int inobj;
+	int extra_nl;
 
+	*num = 0;
 	br_pem_decoder_init(&pc);
 	buf = src;
 	inobj = 0;
 	po.name = NULL;
 	po.data = NULL;
 	po.data_len = 0;
+	extra_nl = 1;
 	while (len > 0) {
 		size_t tlen;
 
@@ -213,6 +216,19 @@ decode_pem(const void *src, size_t len, size_t *num)
 			VEC_CLEAREXT(pem_list, &free_pem_object_contents);
 			return NULL;
 		}
+
+		/*
+		 * We add an extra newline at the end, in order to
+		 * support PEM files that lack the newline on their last
+		 * line (this is somwehat invalid, but PEM format is not
+		 * standardised and such files do exist in the wild, so
+		 * we'd better accept them).
+		 */
+		if (len == 0 && extra_nl) {
+			extra_nl = 0;
+			buf = (const unsigned char *)"\n";
+			len = 1;
+		}
 	}
 	if (inobj) {
 		fprintf(stderr, "ERROR: unfinished PEM object\n");
@@ -267,6 +283,9 @@ read_certificates(const char *fname, size_t *num)
 
 	pos = decode_pem(buf, len, &num_pos);
 	xfree(buf);
+	if (pos == NULL) {
+		return NULL;
+	}
 	for (u = 0; u < num_pos; u ++) {
 		if (eqstr(pos[u].name, "CERTIFICATE")
 			|| eqstr(pos[u].name, "X509 CERTIFICATE"))
@@ -296,3 +315,15 @@ read_certificates(const char *fname, size_t *num)
 	VEC_CLEAR(cert_list);
 	return xcs;
 }
+
+/* see brssl.h */
+void
+free_certificates(br_x509_certificate *certs, size_t num)
+{
+	size_t u;
+
+	for (u = 0; u < num; u ++) {
+		xfree(certs[u].data);
+	}
+	xfree(certs);
+}