diff options
Diffstat (limited to 'linux-x86/include/openssl/conf.h')
| -rw-r--r-- | linux-x86/include/openssl/conf.h | 23 |
1 files changed, 7 insertions, 16 deletions
diff --git a/linux-x86/include/openssl/conf.h b/linux-x86/include/openssl/conf.h index 6890c7d..c9027c1 100644 --- a/linux-x86/include/openssl/conf.h +++ b/linux-x86/include/openssl/conf.h @@ -77,7 +77,10 @@ extern "C" { // [section_name] // key2=value2 // -// Config files are represented by a |CONF|. +// Config files are represented by a |CONF|. Use of this module is strongly +// discouraged. It is a remnant of the OpenSSL command-line tool. Parsing an +// untrusted input as a config file risks string injection and denial of service +// vulnerabilities. struct conf_value_st { char *section; @@ -110,8 +113,8 @@ OPENSSL_EXPORT int NCONF_load_bio(CONF *conf, BIO *bio, long *out_error_line); // NCONF_get_section returns a stack of values for a given section in |conf|. // If |section| is NULL, the default section is returned. It returns NULL on // error. -OPENSSL_EXPORT STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, - const char *section); +OPENSSL_EXPORT const STACK_OF(CONF_VALUE) *NCONF_get_section( + const CONF *conf, const char *section); // NCONF_get_string returns the value of the key |name|, in section |section|. // The |section| argument may be NULL to indicate the default section. It @@ -121,19 +124,6 @@ OPENSSL_EXPORT const char *NCONF_get_string(const CONF *conf, const char *name); -// Utility functions - -// CONF_parse_list takes a list separated by 'sep' and calls |list_cb| giving -// the start and length of each member, optionally stripping leading and -// trailing whitespace. This can be used to parse comma separated lists for -// example. If |list_cb| returns <= 0, then the iteration is halted and that -// value is returned immediately. Otherwise it returns one. Note that |list_cb| -// may be called on an empty member. -int CONF_parse_list(const char *list, char sep, int remove_whitespace, - int (*list_cb)(const char *elem, int len, void *usr), - void *arg); - - // Deprecated functions // These defines do nothing but are provided to make old code easier to @@ -179,5 +169,6 @@ BSSL_NAMESPACE_END #define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 104 #define CONF_R_VARIABLE_HAS_NO_VALUE 105 #define CONF_R_VARIABLE_EXPANSION_TOO_LONG 106 +#define CONF_R_VARIABLE_EXPANSION_NOT_SUPPORTED 107 #endif // OPENSSL_HEADER_THREAD_H |