1 files changed, 23 insertions, 14 deletions

diff --git a/src/scepclient/scep.c b/src/scepclient/scep.c
index f2090274c..3fdcd6c28 100644
--- a/src/scepclient/scep.c
+++ b/src/scepclient/scep.c
@@ -151,8 +151,7 @@ void scep_generate_transaction_id(public_key_t *key, chunk_t *transID,
 	chunk_t digest = chunk_alloca(HASH_SIZE_MD5);
 	chunk_t keyEncoding = chunk_empty, keyInfo;
 	hasher_t *hasher;
-	bool msb_set;
-	u_char *pos;
+	int zeros = 0, msb_set = 0;
 
 	key->get_encoding(key, PUBKEY_ASN1_DER, &keyEncoding);
 
@@ -168,20 +167,27 @@ void scep_generate_transaction_id(public_key_t *key, chunk_t *transID,
 	DESTROY_IF(hasher);
 	free(keyInfo.ptr);
 
-	/* is the most significant bit of the digest set? */
-	msb_set = (*digest.ptr & 0x80) == 0x80;
-
-	/* allocate space for the serialNumber */
-	serialNumber->len = msb_set + digest.len;
-	serialNumber->ptr = malloc(serialNumber->len);
-
-	/* the serial number as the two's complement of the digest */
-	pos = serialNumber->ptr;
+	/* the serialNumber should be valid ASN1 integer content:
+	 * remove leading zeros, add one if MSB is set (two's complement) */
+	while (zeros < digest.len)
+	{
+		if (digest.ptr[zeros])
+		{
+			if (digest.ptr[zeros] & 0x80)
+			{
+				msb_set = 1;
+			}
+			break;
+		}
+		zeros++;
+	}
+	*serialNumber = chunk_alloc(digest.len - zeros + msb_set);
 	if (msb_set)
 	{
-		*pos++ = 0x00;
+		serialNumber->ptr[0] = 0x00;
 	}
-	memcpy(pos, digest.ptr, digest.len);
+	memcpy(serialNumber->ptr + msb_set, digest.ptr + zeros,
+		   digest.len - zeros);
 
 	/* the transaction id is the serial number in hex format */
 	*transID = chunk_to_hex(digest, NULL, TRUE);
@@ -333,7 +339,7 @@ static char* escape_http_request(chunk_t req)
  * Send a SCEP request via HTTP and wait for a response
  */
 bool scep_http_request(const char *url, chunk_t msg, scep_op_t op,
-					   bool http_get_request, chunk_t *response)
+					   bool http_get_request, u_int timeout, chunk_t *response)
 {
 	int len;
 	status_t status;
@@ -361,6 +367,7 @@ bool scep_http_request(const char *url, chunk_t msg, scep_op_t op,
 
 			status = lib->fetcher->fetch(lib->fetcher, complete_url, response,
 										 FETCH_HTTP_VERSION_1_0,
+										 FETCH_TIMEOUT, timeout,
 										 FETCH_REQUEST_HEADER, "Pragma:",
 										 FETCH_REQUEST_HEADER, "Host:",
 										 FETCH_REQUEST_HEADER, "Accept:",
@@ -375,6 +382,7 @@ bool scep_http_request(const char *url, chunk_t msg, scep_op_t op,
 
 			status = lib->fetcher->fetch(lib->fetcher, complete_url, response,
 										 FETCH_HTTP_VERSION_1_0,
+										 FETCH_TIMEOUT, timeout,
 										 FETCH_REQUEST_DATA, msg,
 										 FETCH_REQUEST_TYPE, "",
 										 FETCH_REQUEST_HEADER, "Expect:",
@@ -403,6 +411,7 @@ bool scep_http_request(const char *url, chunk_t msg, scep_op_t op,
 
 		status = lib->fetcher->fetch(lib->fetcher, complete_url, response,
 									 FETCH_HTTP_VERSION_1_0,
+									 FETCH_TIMEOUT, timeout,
 									 FETCH_END);
 	}