From 5081b5ef7c6338ff5b19520ef828a8a1aaf7631d Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 1 May 2020 16:22:20 -0400
Subject: [PATCH] Ensure that files read in have a trailing new-line

In SCEP when retrieving the CA chain the certificates passed in
on the command-line (RA agent and CA cert) area printed along with
the contents of what was retrieved remotely.

If one of the filesystem certificates lacks a newline then the
output will be jumbled like:

-----END CERTIFICATE----------BEGIN CERTIFICATE-----\n

https://bugzilla.redhat.com/show_bug.cgi?id=1814976
---
 src/submit-u.c                  |  8 +++++
 tests/039-fromfile/expected.out |  4 +++
 tests/039-fromfile/run.sh       | 55 +++++++++++++++++++++++++++++++++
 tests/Makefile.am               |  6 ++--
 tests/tools/Makefile.am         |  6 +++-
 tests/tools/fromfile.c          | 52 +++++++++++++++++++++++++++++++
 6 files changed, 128 insertions(+), 3 deletions(-)
 create mode 100644 tests/039-fromfile/expected.out
 create mode 100755 tests/039-fromfile/run.sh
 create mode 100644 tests/tools/fromfile.c

diff --git a/src/submit-u.c b/src/submit-u.c
index dda2edb..191526b 100644
--- a/src/submit-u.c
+++ b/src/submit-u.c
@@ -100,6 +100,14 @@ cm_submit_u_from_file(const char *filename)
 	}
 	if (csr == NULL) {
 		csr = strdup("");
+	} else {
+		int length = strlen(csr);
+		if (csr[length-1] != '\n') {
+			length += 1;
+			csr = realloc(csr, length + 1);
+			csr[length - 1] = '\n';
+			csr[length] = '\0';
+		}
 	}
 	return csr;
 }
diff --git a/tests/039-fromfile/expected.out b/tests/039-fromfile/expected.out
new file mode 100644
index 0000000..9191a57
--- /dev/null
+++ b/tests/039-fromfile/expected.out
@@ -0,0 +1,4 @@
+[trailing_nl]
+Ok
+[no_trailing_nl]
+Ok
diff --git a/tests/039-fromfile/run.sh b/tests/039-fromfile/run.sh
new file mode 100755
index 0000000..8bae773
--- /dev/null
+++ b/tests/039-fromfile/run.sh
@@ -0,0 +1,55 @@
+#!/bin/bash -e
+
+cd $tmpdir
+
+cat > $tmpdir/trailing_nl <<- EOF
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBAgIRAO1VmyXYM0f7pbXVdEGtRPMwDQYJKoZIhvcNAQELBQAw
+UDEgMB4GA1UEAwwXTG9jYWwgU2lnbmluZyBBdXRob3JpdHkxLDAqBgNVBAMMI2Vk
+NTU5YjI1LWQ4MzM0N2ZiLWE1YjVkNTc0LTQxYWQ0NGYzMB4XDTE1MDQyODE3MDk0
+OFoXDTE2MDQyODE3MDk0OFowUDEgMB4GA1UEAwwXTG9jYWwgU2lnbmluZyBBdXRo
+b3JpdHkxLDAqBgNVBAMMI2VkNTU5YjI1LWQ4MzM0N2ZiLWE1YjVkNTc0LTQxYWQ0
+NGYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5c/LhlyBs0UUiDSy
+nrC+Q0WJkWZeQ/kqwniru+GlXgb3g+7VvyAfdZ45NiBdo/6xXyCLphK0g8oZLyi8
+OwQQoUyVMn9gsGXbjlwSzjXKx3wdUM+lFpenx8iQS9aCfVQJ4tzFgM1pQBQ2AiHs
+jvU18xSFSZApjT5UIK35kyH22D8LhCGGYLaU3xFEfHvd0AOuXwm5Nsiu/HTsSV4N
+peUdFEmFzQwUEUdV2jKOPcXnOArV82vfpdp1nSCX3kruEb9G93VsmQ+9ebKXQRQE
+Ltd65e/EYtXvihuTtElLYuyYZlYJdbTZeLXB4YLvElgNkS9JK7RKHlCm0KYQmcmd
+GZSh8QIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQEBMB0GA1UdDgQWBBRLxeFy3+RS
+FloygyjlXa6YEv8ltzAfBgNVHSMEGDAWgBRLxeFy3+RSFloygyjlXa6YEv8ltzAO
+BgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggEBAH9A9ePIqZGF4VEo5D4j
+MuOJ1J4uTRxHoEGXCDRcuCn3RvT0civWEPpRNo1YVgAWFODpt/HSi3lCVtTb7FwJ
+hfHkxCpAuHmv3sfT8jcCwTTAXL1BLpCO6d0zz0RrFMNK+vGyZu/7LXhaYVu590Q5
+1DMybHmln7i+Tw/eYb4Avk1FWGOEpNdf3ZjUazcDlkO4EwA6BnZUC8gFvz0OI73D
+AJsGq/UsJvMH30ga1rZ/9LiHEMSEys5amk98yMRvi/R1qI02kjANdZ0ID/7cJSw2
+rVCCs61jgYppWv3JHVKYmm6+cVPAUcuRdsUzDpAQDdvGAaZJENE6suulRVEaBEdS
+8gM=
+-----END CERTIFICATE-----
+EOF
+cat > $tmpdir/no_trailing_nl <<- EOF
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBAgIRAO1VmyXYM0f7pbXVdEGtRPMwDQYJKoZIhvcNAQELBQAw
+UDEgMB4GA1UEAwwXTG9jYWwgU2lnbmluZyBBdXRob3JpdHkxLDAqBgNVBAMMI2Vk
+NTU5YjI1LWQ4MzM0N2ZiLWE1YjVkNTc0LTQxYWQ0NGYzMB4XDTE1MDQyODE3MDk0
+OFoXDTE2MDQyODE3MDk0OFowUDEgMB4GA1UEAwwXTG9jYWwgU2lnbmluZyBBdXRo
+b3JpdHkxLDAqBgNVBAMMI2VkNTU5YjI1LWQ4MzM0N2ZiLWE1YjVkNTc0LTQxYWQ0
+NGYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5c/LhlyBs0UUiDSy
+nrC+Q0WJkWZeQ/kqwniru+GlXgb3g+7VvyAfdZ45NiBdo/6xXyCLphK0g8oZLyi8
+OwQQoUyVMn9gsGXbjlwSzjXKx3wdUM+lFpenx8iQS9aCfVQJ4tzFgM1pQBQ2AiHs
+jvU18xSFSZApjT5UIK35kyH22D8LhCGGYLaU3xFEfHvd0AOuXwm5Nsiu/HTsSV4N
+peUdFEmFzQwUEUdV2jKOPcXnOArV82vfpdp1nSCX3kruEb9G93VsmQ+9ebKXQRQE
+Ltd65e/EYtXvihuTtElLYuyYZlYJdbTZeLXB4YLvElgNkS9JK7RKHlCm0KYQmcmd
+GZSh8QIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQEBMB0GA1UdDgQWBBRLxeFy3+RS
+FloygyjlXa6YEv8ltzAfBgNVHSMEGDAWgBRLxeFy3+RSFloygyjlXa6YEv8ltzAO
+BgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggEBAH9A9ePIqZGF4VEo5D4j
+MuOJ1J4uTRxHoEGXCDRcuCn3RvT0civWEPpRNo1YVgAWFODpt/HSi3lCVtTb7FwJ
+hfHkxCpAuHmv3sfT8jcCwTTAXL1BLpCO6d0zz0RrFMNK+vGyZu/7LXhaYVu590Q5
+1DMybHmln7i+Tw/eYb4Avk1FWGOEpNdf3ZjUazcDlkO4EwA6BnZUC8gFvz0OI73D
+AJsGq/UsJvMH30ga1rZ/9LiHEMSEys5amk98yMRvi/R1qI02kjANdZ0ID/7cJSw2
+rVCCs61jgYppWv3JHVKYmm6+cVPAUcuRdsUzDpAQDdvGAaZJENE6suulRVEaBEdS
+8gM=
+EOF
+echo -n "-----END CERTIFICATE-----" >> $tmpdir/no_trailing_nl
+
+$toolsdir/fromfile trailing_nl
+$toolsdir/fromfile no_trailing_nl
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 562b027..1fe7e55 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -151,7 +151,8 @@ EXTRA_DIST = \
 	037-rekey2/run.sh \
 	038-ms-v2-template/expected.out \
 	038-ms-v2-template/extract-extdata.py \
-	038-ms-v2-template/run.sh
+	038-ms-v2-template/run.sh \
+	039-fromfile/run.sh
 
 subdirs = \
 	001-keyiread \
@@ -193,7 +194,8 @@ subdirs = \
 	035-json \
 	036-getcert \
 	037-rekey2 \
-	038-ms-v2-template
+	038-ms-v2-template \
+	039-fromfile
 
 if HAVE_DBM_NSSDB
 subdirs += \
diff --git a/tests/tools/Makefile.am b/tests/tools/Makefile.am
index 9988b8c..d927e9b 100644
--- a/tests/tools/Makefile.am
+++ b/tests/tools/Makefile.am
@@ -15,7 +15,7 @@ endif
 noinst_PROGRAMS = keyiread keygen csrgen submit certread certsave oid2name \
 		  name2oid iterate prefs dates listnicks pem2base base2pem \
 		  dparse payload checksig base64 cadata citerate casave hooks \
-		  libexecdir canon srv addcinfo ls json json-utf8 printenv
+		  libexecdir canon srv addcinfo ls json json-utf8 printenv fromfile
 noinst_LIBRARIES = libtools.a
 if HAVE_OPENSSL
 noinst_PROGRAMS += pk7parse pk7env scepgen pk7verify pk7decrypt
@@ -36,3 +36,7 @@ citerate_SOURCES = citerate.c ../../src/store-gen.c
 
 srv_SOURCES = srv.c ../../src/srvloc.c
 srv_LDADD = $(LDADD)
+
+fromfile_CFLAGS = $(AM_CFLAGS)
+fromfile_SOURCES = fromfile.c
+fromfile_LDADD = $(top_srcdir)/src/submit-u.c $(LDADD) $(UUID_LIBS)
diff --git a/tests/tools/fromfile.c b/tests/tools/fromfile.c
new file mode 100644
index 0000000..c1d2694
--- /dev/null
+++ b/tests/tools/fromfile.c
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2020 Red Hat, Inc.
+ * 
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <time.h>
+#include <krb5.h>
+
+#include "../../src/config.h"
+#include "../../src/submit-u.h"
+
+int
+main(int argc, char **argv)
+{
+	int i, result = 0;
+	char *cert;
+
+	for (i = 1; i < argc; i++) {
+		printf("[%s]\n", argv[i]);
+		cert = cm_submit_u_from_file(argv[i]);
+		if (cert == NULL) {
+			printf("OOM error\n");
+			result = 1;
+		}
+		else if (cert[strlen(cert) - 1] != '\n') {
+			printf("Missing trailing newline\n");
+			result = 1;
+		} else {
+			printf("Ok\n");
+		}
+		free(cert);
+	}
+	return result;
+}
-- 
2.21.1