[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_8-2-g498e2a1
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_8-2-g498e2a1 |
|
Date: |
Thu, 05 Nov 2009 21:11:25 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=498e2a1ae31441f5d5b92a2765fa28f36bedb4aa
The branch, master has been updated
via 498e2a1ae31441f5d5b92a2765fa28f36bedb4aa (commit)
from ed4a6d07ee08f457a7e0cd7edcd956b1f9ad6a49 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 498e2a1ae31441f5d5b92a2765fa28f36bedb4aa
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Nov 5 23:09:51 2009 +0200
Cleanups and several bug fixes found by Tomas Mraz.
"I've patched the following problems in the code found by review of
gnutls-2.8.5 code done by Steve Grubb.
See the patch attached.
The gnutls_constate.c bug might be potentially serious so I've decided
to mail it to you directly, not to the public mailing list.
The auth_cert.c change is just cleanup of the code.
In gnutls_openssl.c I've just fixed the potential crasher, correct fix
would require using asprintf or precomputed length of the buffer to
allocate a memory.
The certtool.c change is again just a cleanup."
-----------------------------------------------------------------------
Summary of changes:
lib/auth_cert.c | 9 ++++-----
lib/gnutls_constate.c | 2 +-
lib/gnutls_sig.c | 5 ++---
libextra/gnutls_openssl.c | 3 ++-
src/certtool.c | 11 ++---------
src/cfg/cfg+.c | 2 +-
src/cfg/platon/str/strdyn.c | 8 ++++++--
src/serv.c | 6 +++++-
8 files changed, 23 insertions(+), 23 deletions(-)
diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index 0dbba1f..5a6d8be 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -1895,7 +1895,7 @@ _gnutls_server_select_cert (gnutls_session_t session,
gnutls_pk_algorithm_t requested_algo)
{
unsigned i;
- int idx, ret;
+ int idx;
gnutls_certificate_credentials_t cred;
cred = (gnutls_certificate_credentials_t)
@@ -1914,7 +1914,6 @@ _gnutls_server_select_cert (gnutls_session_t session,
/* Otherwise... */
- ret = 0;
idx = -1; /* default is use no certificate */
@@ -1949,7 +1948,7 @@ _gnutls_server_select_cert (gnutls_session_t session,
/* store the certificate pointer for future use, in the handshake.
* (This will allow not calling this callback again.)
*/
- if (idx >= 0 && ret == 0)
+ if (idx >= 0)
{
_gnutls_selected_certs_set (session,
&cred->cert_list[idx][0],
@@ -1958,9 +1957,9 @@ _gnutls_server_select_cert (gnutls_session_t session,
}
else
/* Certificate does not support REQUESTED_ALGO. */
- ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- return ret;
+ return 0;
}
/* Frees the rsa_info_st structure.
diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c
index 9afd897..d3fd256 100644
--- a/lib/gnutls_constate.c
+++ b/lib/gnutls_constate.c
@@ -431,7 +431,7 @@ _gnutls_connection_state_init (gnutls_session_t session)
/* Setup the master secret
*/
- if ((ret = _gnutls_generate_master (session, 0), 0) < 0)
+ if ((ret = _gnutls_generate_master (session, 0)) < 0)
{
gnutls_assert ();
return ret;
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index af14f6b..f75a705 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -314,7 +314,7 @@ _gnutls_verify_sig (gnutls_cert * cert,
int ret;
gnutls_datum_t vdata;
- if (cert->version == 0 || cert == NULL)
+ if (cert == NULL || cert->version == 0)
{ /* this is the only way to check
* if it is initialized
*/
@@ -324,8 +324,7 @@ _gnutls_verify_sig (gnutls_cert * cert,
/* If the certificate supports signing continue.
*/
- if (cert != NULL)
- if (cert->key_usage != 0)
+ if (cert->key_usage != 0)
if (!(cert->key_usage & KEY_DIGITAL_SIGNATURE))
{
gnutls_assert ();
diff --git a/libextra/gnutls_openssl.c b/libextra/gnutls_openssl.c
index 38ae5a8..fee62f6 100644
--- a/libextra/gnutls_openssl.c
+++ b/libextra/gnutls_openssl.c
@@ -887,9 +887,10 @@ X509_get_issuer_name (const X509 * cert)
char *
X509_NAME_oneline (gnutls_x509_dn * name, char *buf, int len)
{
- memset (buf, 0, len);
+ /* XXX openssl allocates buffer if buf == NULL */
if (!buf)
return NULL;
+ memset (buf, 0, len);
snprintf (buf, len - 1,
"C=%s, ST=%s, L=%s, O=%s, OU=%s, CN=%s/Email=%s",
diff --git a/src/certtool.c b/src/certtool.c
index 145bceb..d41be38 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -2176,7 +2176,6 @@ _verify_x509_mem (const void *cert, int cert_size)
/* Verify using internal algorithm too. */
{
int verify_status;
- int comma;
ret = gnutls_x509_crt_list_verify (x509_cert_list, x509_ncerts,
&x509_cert_list[x509_ncerts - 1], 1,
@@ -2193,28 +2192,22 @@ _verify_x509_mem (const void *cert, int cert_size)
if (verify_status & GNUTLS_CERT_INVALID)
{
fprintf (outfile, "Not verified");
- comma = 1;
}
else
{
fprintf (outfile, "Verified");
- comma = 1;
}
if (verify_status & GNUTLS_CERT_SIGNER_NOT_CA)
{
- if (comma)
- fprintf (outfile, ", ");
+ fprintf (outfile, ", ");
fprintf (outfile, "Issuer is not a CA");
- comma = 1;
}
if (verify_status & GNUTLS_CERT_INSECURE_ALGORITHM)
{
- if (comma)
- fprintf (outfile, ", ");
+ fprintf (outfile, ", ");
fprintf (outfile, "Insecure algorithm");
- comma = 1;
}
fprintf (outfile, ".\n");
diff --git a/src/cfg/cfg+.c b/src/cfg/cfg+.c
index db01911..1fe611e 100644
--- a/src/cfg/cfg+.c
+++ b/src/cfg/cfg+.c
@@ -72,7 +72,7 @@ cfg_get_context(options)
for (i = 0; i < CFG_N_PROPS; i++) {
con->prop[i] =
PLATON_FUNC(strdyn_create_ar)(cfg_default_properties[i]);
if (con->prop[i] == NULL) {
- /* TODO: possible freeing on failure */
+ cfg_free_context(con);
return NULL;
}
}
diff --git a/src/cfg/platon/str/strdyn.c b/src/cfg/platon/str/strdyn.c
index cc57672..34c0247 100644
--- a/src/cfg/platon/str/strdyn.c
+++ b/src/cfg/platon/str/strdyn.c
@@ -316,15 +316,19 @@ PLATON_FUNC(strdyn_explode_str)(str, sep)
s_size = strstr(s, sep) - s;
- if ((ar[i] = (char*) malloc((s_size + 1) * sizeof(char))) ==
NULL)
+ if ((ar[i] = (char*) malloc((s_size + 1) * sizeof(char))) ==
NULL) {
+ PLATON_FUNC(strdyn_free)(ar);
return NULL;
+ }
strncpy(ar[i], s, s_size);
ar[i][s_size] = '\0';
}
- if ((ar[ar_size] = strdup(s)) == NULL)
+ if ((ar[ar_size] = strdup(s)) == NULL) {
+ PLATON_FUNC(strdyn_free)(ar);
return NULL;
+ }
ar[ar_size + 1] = NULL;
diff --git a/src/serv.c b/src/serv.c
index a8eb8fa..7cee7c3 100644
--- a/src/serv.c
+++ b/src/serv.c
@@ -500,7 +500,10 @@ peer_print_info (gnutls_session_t session, int *ret_length,
http_buffer = malloc (len);
if (http_buffer == NULL)
- return NULL;
+ {
+ free(crtinfo);
+ return NULL;
+ }
strcpy (http_buffer, HTTP_BEGIN);
@@ -617,6 +620,7 @@ peer_print_info (gnutls_session_t session, int *ret_length,
strcat (http_buffer, "<hr><PRE>");
strcat (http_buffer, crtinfo);
strcat (http_buffer, "\n</PRE>\n");
+ free(crtinfo);
}
strcat (http_buffer, "<hr><P>Your HTTP header was:<PRE>");
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_9_8-2-g498e2a1,
Nikos Mavrogiannopoulos <=