>From 94e65100cab8e2c9eb39c00e169ca7441864bb6b Mon Sep 17 00:00:00 2001
From: Paul Eggert <address@hidden>
Date: Fri, 26 Dec 2014 09:33:36 -0800
Subject: [PATCH 2/2] Port memory-full checking to GnuTLS 3.3

Instead of using gnutls_global_set_mem_functions, check every call
to a GnuTLS function that might return an indication of memory
exhaustion.  Suggested by Dmitry Antipov in:
http://lists.gnu.org/archive/html/emacs-devel/2014-12/msg02056.html
* gnutls.c (check_memory_full): New function.
(emacs_gnutls_handshake, emacs_gnutls_handle_error)
(gnutls_make_error, gnutls_certificate_details)
(Fgnutls_peer_status, Fgnutls_boot): Use it.
(emacs_gnutls_global_init): Avoid gnutls_global_set_mem_functions.
---
 src/ChangeLog | 11 +++++++++++
 src/gnutls.c  | 57 ++++++++++++++++++++++++++++++++++++++++++++++-----------
 2 files changed, 57 insertions(+), 11 deletions(-)

diff --git a/src/ChangeLog b/src/ChangeLog
index b0e5b09..68b3f28 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,16 @@
 2014-12-26  Paul Eggert  <address@hidden>
 
+	Port memory-full checking to GnuTLS 3.3
+	Instead of using gnutls_global_set_mem_functions, check every call
+	to a GnuTLS function that might return an indication of memory
+	exhaustion.  Suggested by Dmitry Antipov in:
+	http://lists.gnu.org/archive/html/emacs-devel/2014-12/msg02056.html
+	* gnutls.c (check_memory_full): New function.
+	(emacs_gnutls_handshake, emacs_gnutls_handle_error)
+	(gnutls_make_error, gnutls_certificate_details)
+	(Fgnutls_peer_status, Fgnutls_boot): Use it.
+	(emacs_gnutls_global_init): Avoid gnutls_global_set_mem_functions.
+
 	Wrap dll functions more simply
 	* decompress.c, gnutls.c, image.c, xml.c:
 	If WINDOWSNT, use '#define FOO fn_FOO' to wrap dll functions,
diff --git a/src/gnutls.c b/src/gnutls.c
index b14998f..c3457b5 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -375,6 +375,17 @@ init_gnutls_functions (void)
 #endif
 
 
+/* Report memory exhaustion if ERR is an out-of-memory indication.  */
+static void
+check_memory_full (int err)
+{
+  /* When GnuTLS exhausts memory, it doesn't say how much memory it
+     asked for, so tell the Emacs allocator that GnuTLS asked for no
+     bytes.  This isn't accurate, but it's good enough.  */
+  if (err == GNUTLS_E_MEMORY_ERROR)
+    memory_full (0);
+}
+
 #ifdef HAVE_GNUTLS3
 /* Log a simple audit message.  */
 static void
@@ -471,7 +482,7 @@ emacs_gnutls_handshake (struct Lisp_Process *proc)
     }
   else
     {
-      gnutls_alert_send_appropriate (state, ret);
+      check_memory_full (gnutls_alert_send_appropriate (state, ret));
     }
   return ret;
 }
@@ -588,6 +599,8 @@ emacs_gnutls_handle_error (gnutls_session_t session, int err)
   if (err >= 0)
     return 1;
 
+  check_memory_full (err);
+
   max_log_level = global_gnutls_log_level;
 
   /* TODO: use gnutls-error-fatalp and gnutls-error-string.  */
@@ -653,6 +666,7 @@ gnutls_make_error (int err)
       return Qgnutls_e_invalid_session;
     }
 
+  check_memory_full (err);
   return make_number (err);
 }
 
@@ -813,6 +827,7 @@ gnutls_certificate_details (gnutls_x509_crt_t cert)
   /* Version. */
   {
     int version = gnutls_x509_crt_get_version (cert);
+    check_memory_full (version);
     if (version >= GNUTLS_E_SUCCESS)
       res = nconc2 (res, list2 (intern (":version"),
 				make_number (version)));
@@ -821,10 +836,12 @@ gnutls_certificate_details (gnutls_x509_crt_t cert)
   /* Serial. */
   buf_size = 0;
   err = gnutls_x509_crt_get_serial (cert, NULL, &buf_size);
+  check_memory_full (err);
   if (err == GNUTLS_E_SHORT_MEMORY_BUFFER)
     {
       void *serial = xmalloc (buf_size);
       err = gnutls_x509_crt_get_serial (cert, serial, &buf_size);
+      check_memory_full (err);
       if (err >= GNUTLS_E_SUCCESS)
 	res = nconc2 (res, list2 (intern (":serial-number"),
 				  gnutls_hex_string (serial, buf_size, "")));
@@ -834,10 +851,12 @@ gnutls_certificate_details (gnutls_x509_crt_t cert)
   /* Issuer. */
   buf_size = 0;
   err = gnutls_x509_crt_get_issuer_dn (cert, NULL, &buf_size);
+  check_memory_full (err);
   if (err == GNUTLS_E_SHORT_MEMORY_BUFFER)
     {
       char *dn = xmalloc (buf_size);
       err = gnutls_x509_crt_get_issuer_dn (cert, dn, &buf_size);
+      check_memory_full (err);
       if (err >= GNUTLS_E_SUCCESS)
 	res = nconc2 (res, list2 (intern (":issuer"),
 				  make_string (dn, buf_size)));
@@ -863,10 +882,12 @@ gnutls_certificate_details (gnutls_x509_crt_t cert)
   /* Subject. */
   buf_size = 0;
   err = gnutls_x509_crt_get_dn (cert, NULL, &buf_size);
+  check_memory_full (err);
   if (err == GNUTLS_E_SHORT_MEMORY_BUFFER)
     {
       char *dn = xmalloc (buf_size);
       err = gnutls_x509_crt_get_dn (cert, dn, &buf_size);
+      check_memory_full (err);
       if (err >= GNUTLS_E_SUCCESS)
 	res = nconc2 (res, list2 (intern (":subject"),
 				  make_string (dn, buf_size)));
@@ -880,6 +901,7 @@ gnutls_certificate_details (gnutls_x509_crt_t cert)
     unsigned int bits;
 
     err = gnutls_x509_crt_get_pk_algorithm (cert, &bits);
+    check_memory_full (err);
     if (err >= GNUTLS_E_SUCCESS)
       {
 	const char *name = gnutls_pk_algorithm_get_name (err);
@@ -897,10 +919,12 @@ gnutls_certificate_details (gnutls_x509_crt_t cert)
   /* Unique IDs. */
   buf_size = 0;
   err = gnutls_x509_crt_get_issuer_unique_id (cert, NULL, &buf_size);
+  check_memory_full (err);
   if (err == GNUTLS_E_SHORT_MEMORY_BUFFER)
     {
       char *buf = xmalloc (buf_size);
       err = gnutls_x509_crt_get_issuer_unique_id (cert, buf, &buf_size);
+      check_memory_full (err);
       if (err >= GNUTLS_E_SUCCESS)
 	res = nconc2 (res, list2 (intern (":issuer-unique-id"),
 				  make_string (buf, buf_size)));
@@ -909,10 +933,12 @@ gnutls_certificate_details (gnutls_x509_crt_t cert)
 
   buf_size = 0;
   err = gnutls_x509_crt_get_subject_unique_id (cert, NULL, &buf_size);
+  check_memory_full (err);
   if (err == GNUTLS_E_SHORT_MEMORY_BUFFER)
     {
       char *buf = xmalloc (buf_size);
       err = gnutls_x509_crt_get_subject_unique_id (cert, buf, &buf_size);
+      check_memory_full (err);
       if (err >= GNUTLS_E_SUCCESS)
 	res = nconc2 (res, list2 (intern (":subject-unique-id"),
 				  make_string (buf, buf_size)));
@@ -922,6 +948,7 @@ gnutls_certificate_details (gnutls_x509_crt_t cert)
 
   /* Signature. */
   err = gnutls_x509_crt_get_signature_algorithm (cert);
+  check_memory_full (err);
   if (err >= GNUTLS_E_SUCCESS)
     {
       const char *name = gnutls_sign_get_name (err);
@@ -933,10 +960,12 @@ gnutls_certificate_details (gnutls_x509_crt_t cert)
   /* Public key ID. */
   buf_size = 0;
   err = gnutls_x509_crt_get_key_id (cert, 0, NULL, &buf_size);
+  check_memory_full (err);
   if (err == GNUTLS_E_SHORT_MEMORY_BUFFER)
     {
       void *buf = xmalloc (buf_size);
       err = gnutls_x509_crt_get_key_id (cert, 0, buf, &buf_size);
+      check_memory_full (err);
       if (err >= GNUTLS_E_SUCCESS)
 	res = nconc2 (res, list2 (intern (":public-key-id"),
 				  gnutls_hex_string (buf, buf_size, "sha1:")));
@@ -947,11 +976,13 @@ gnutls_certificate_details (gnutls_x509_crt_t cert)
   buf_size = 0;
   err = gnutls_x509_crt_get_fingerprint (cert, GNUTLS_DIG_SHA1,
 					 NULL, &buf_size);
+  check_memory_full (err);
   if (err == GNUTLS_E_SHORT_MEMORY_BUFFER)
     {
       void *buf = xmalloc (buf_size);
       err = gnutls_x509_crt_get_fingerprint (cert, GNUTLS_DIG_SHA1,
 					     buf, &buf_size);
+      check_memory_full (err);
       if (err >= GNUTLS_E_SUCCESS)
 	res = nconc2 (res, list2 (intern (":certificate-id"),
 				  gnutls_hex_string (buf, buf_size, "sha1:")));
@@ -1053,6 +1084,7 @@ The return value is a property list with top-level keys :warnings and
   /* Diffie-Hellman prime bits. */
   {
     int bits = gnutls_dh_get_prime_bits (state);
+    check_memory_full (bits);
     if (bits > 0)
       result = nconc2 (result, list2 (intern (":diffie-hellman-prime-bits"),
 				      make_number (bits)));
@@ -1095,11 +1127,8 @@ emacs_gnutls_global_init (void)
   int ret = GNUTLS_E_SUCCESS;
 
   if (!gnutls_global_initialized)
-    {
-      gnutls_global_set_mem_functions (xmalloc, xmalloc, NULL,
-				       xrealloc, xfree);
-      ret = gnutls_global_init ();
-    }
+    ret = gnutls_global_init ();
+
   gnutls_global_initialized = 1;
 
   return gnutls_make_error (ret);
@@ -1282,7 +1311,7 @@ one trustfile (usually a CA bundle).  */)
       unsigned int gnutls_verify_flags = GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT;
 
       GNUTLS_LOG (2, max_log_level, "allocating x509 credentials");
-      gnutls_certificate_allocate_credentials (&x509_cred);
+      check_memory_full (gnutls_certificate_allocate_credentials (&x509_cred));
       XPROCESS (proc)->gnutls_x509_cred = x509_cred;
 
       verify_flags = Fplist_get (proplist, QCgnutls_bootprop_verify_flags);
@@ -1301,7 +1330,7 @@ one trustfile (usually a CA bundle).  */)
   else /* Qgnutls_anon: */
     {
       GNUTLS_LOG (2, max_log_level, "allocating anon credentials");
-      gnutls_anon_allocate_client_credentials (&anon_cred);
+      check_memory_full (gnutls_anon_allocate_client_credentials (&anon_cred));
       XPROCESS (proc)->gnutls_anon_cred = anon_cred;
     }
 
@@ -1317,8 +1346,11 @@ one trustfile (usually a CA bundle).  */)
   (GNUTLS_VERSION_MINOR > 0 || GNUTLS_VERSION_PATCH >= 20) > 3
       ret = gnutls_certificate_set_x509_system_trust (x509_cred);
       if (ret < GNUTLS_E_SUCCESS)
-	GNUTLS_LOG2i (4, max_log_level,
-		      "setting system trust failed with code ", ret);
+	{
+	  check_memory_full (ret);
+	  GNUTLS_LOG2i (4, max_log_level,
+			"setting system trust failed with code ", ret);
+	}
 #endif
 
       for (tail = trustfiles; CONSP (tail); tail = XCDR (tail))
@@ -1536,7 +1568,10 @@ one trustfile (usually a CA bundle).  */)
 
       XPROCESS (proc)->gnutls_certificate = gnutls_verify_cert;
 
-      if (!gnutls_x509_crt_check_hostname (gnutls_verify_cert, c_hostname))
+      int err = gnutls_x509_crt_check_hostname (gnutls_verify_cert,
+						c_hostname);
+      check_memory_full (err);
+      if (!err)
 	{
 	  XPROCESS (proc)->gnutls_extra_peer_verification |=
 	    CERTIFICATE_NOT_MATCHING;
-- 
1.9.3