From 34b1a7ad5d8d09cb9c9c8015b09a1298c301321c Mon Sep 17 00:00:00 2001
From: Micah Cowan <micah@cowan.name>
Date: Tue, 22 Sep 2009 09:16:43 -0700
Subject: [PATCH] Avoid reusing same buffer for successive quoted args.

---
 src/ChangeLog |  6 ++++++
 src/openssl.c | 10 +++++-----
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/ChangeLog b/src/ChangeLog
index 0a526037..f37814d5 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,9 @@
+2009-09-22  Micah Cowan  <micah@cowan.name>
+
+	* openssl.c (ssl_check_certificate): Avoid reusing the same buffer
+	space for successive quoted arguments. Thanks to Steven Schweda
+	for pointing out the problem.
+
 2009-09-21  Micah Cowan  <micah@cowan.name>
 
 	* progress.c (update_speed_ring): "the the" -> "the".
diff --git a/src/openssl.c b/src/openssl.c
index b85a0422..b55ca8bf 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -512,8 +512,8 @@ ssl_check_certificate (int fd, const char *host)
       char *subject = X509_NAME_oneline (X509_get_subject_name (cert), 0, 0);
       char *issuer = X509_NAME_oneline (X509_get_issuer_name (cert), 0, 0);
       DEBUGP (("certificate:\n  subject: %s\n  issuer:  %s\n",
-               quotearg_style (escape_quoting_style, subject),
-               quotearg_style (escape_quoting_style, issuer)));
+               quotearg_n_style (0, escape_quoting_style, subject),
+               quotearg_n_style (1, escape_quoting_style, issuer)));
       OPENSSL_free (subject);
       OPENSSL_free (issuer);
     }
@@ -524,8 +524,8 @@ ssl_check_certificate (int fd, const char *host)
       char *issuer = X509_NAME_oneline (X509_get_issuer_name (cert), 0, 0);
       logprintf (LOG_NOTQUIET,
                  _("%s: cannot verify %s's certificate, issued by %s:\n"),
-                 severity, quotearg_style (escape_quoting_style, host),
-                 quote (issuer));
+                 severity, quotearg_n_style (0, escape_quoting_style, host),
+                 quote_n (1, issuer));
       /* Try to print more user-friendly (and translated) messages for
          the frequent verification errors.  */
       switch (vresult)
@@ -578,7 +578,7 @@ ssl_check_certificate (int fd, const char *host)
     {
       logprintf (LOG_NOTQUIET, _("\
 %s: certificate common name %s doesn't match requested host name %s.\n"),
-                 severity, quote (common_name), quote (host));
+                 severity, quote_n (0, common_name), quote_n (1, host));
       success = false;
     }
   else
-- 
2.39.2