[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_2_8_x, updated. gnutls_2_8_5-4-ge391cd8
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, gnutls_2_8_x, updated. gnutls_2_8_5-4-ge391cd8 |
|
Date: |
Thu, 05 Nov 2009 21:14:32 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=e391cd877585833215f76ac854404fb3429ae8e9
The branch, gnutls_2_8_x has been updated
via e391cd877585833215f76ac854404fb3429ae8e9 (commit)
via f89bb712ca0147314679200dd11d60143b601c59 (commit)
from fdaadedde4886625c05cb8da364dc402a3614319 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e391cd877585833215f76ac854404fb3429ae8e9
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Nov 5 23:14:25 2009 +0200
Documented previous fix.
commit f89bb712ca0147314679200dd11d60143b601c59
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Nov 5 23:09:51 2009 +0200
Cleanups and several bug fixes found by Tomas Mraz.
"I've patched the following problems in the code found by review of
gnutls-2.8.5 code done by Steve Grubb.
See the patch attached.
The gnutls_constate.c bug might be potentially serious so I've decided
to mail it to you directly, not to the public mailing list.
The auth_cert.c change is just cleanup of the code.
In gnutls_openssl.c I've just fixed the potential crasher, correct fix
would require using asprintf or precomputed length of the buffer to
allocate a memory.
The certtool.c change is again just a cleanup."
-----------------------------------------------------------------------
Summary of changes:
NEWS | 2 ++
lib/auth_cert.c | 9 ++++-----
lib/gnutls_constate.c | 2 +-
lib/gnutls_sig.c | 5 ++---
libextra/gnutls_openssl.c | 3 ++-
src/certtool.c | 11 ++---------
src/cfg/cfg+.c | 2 +-
src/cfg/platon/str/strdyn.c | 8 ++++++--
src/serv.c | 6 +++++-
9 files changed, 25 insertions(+), 23 deletions(-)
diff --git a/NEWS b/NEWS
index e18665f..9371187 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,8 @@ See the end for copying conditions.
* Version 2.8.6 (unreleased)
+** libgnutls: Cleanups and several bug fixes found by Tomas Mraz.
+
** API and ABI modifications:
No changes since last version.
diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index c0e7547..bd467ee 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -1816,7 +1816,7 @@ _gnutls_server_select_cert (gnutls_session_t session,
gnutls_pk_algorithm_t requested_algo)
{
unsigned i;
- int idx, ret;
+ int idx;
gnutls_certificate_credentials_t cred;
cred = (gnutls_certificate_credentials_t)
@@ -1835,7 +1835,6 @@ _gnutls_server_select_cert (gnutls_session_t session,
/* Otherwise... */
- ret = 0;
idx = -1; /* default is use no certificate */
@@ -1860,7 +1859,7 @@ _gnutls_server_select_cert (gnutls_session_t session,
/* store the certificate pointer for future use, in the handshake.
* (This will allow not calling this callback again.)
*/
- if (idx >= 0 && ret == 0)
+ if (idx >= 0)
{
_gnutls_selected_certs_set (session,
&cred->cert_list[idx][0],
@@ -1869,9 +1868,9 @@ _gnutls_server_select_cert (gnutls_session_t session,
}
else
/* Certificate does not support REQUESTED_ALGO. */
- ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- return ret;
+ return 0;
}
/* Frees the rsa_info_st structure.
diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c
index 521e55f..4687076 100644
--- a/lib/gnutls_constate.c
+++ b/lib/gnutls_constate.c
@@ -431,7 +431,7 @@ _gnutls_connection_state_init (gnutls_session_t session)
/* Setup the master secret
*/
- if ((ret = _gnutls_generate_master (session, 0), 0) < 0)
+ if ((ret = _gnutls_generate_master (session, 0)) < 0)
{
gnutls_assert ();
return ret;
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index 81f5aa3..27d0a81 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -302,7 +302,7 @@ _gnutls_verify_sig (gnutls_cert * cert,
int ret;
gnutls_datum_t vdata;
- if (cert->version == 0 || cert == NULL)
+ if (cert == NULL || cert->version == 0)
{ /* this is the only way to check
* if it is initialized
*/
@@ -312,8 +312,7 @@ _gnutls_verify_sig (gnutls_cert * cert,
/* If the certificate supports signing continue.
*/
- if (cert != NULL)
- if (cert->key_usage != 0)
+ if (cert->key_usage != 0)
if (!(cert->key_usage & KEY_DIGITAL_SIGNATURE))
{
gnutls_assert ();
diff --git a/libextra/gnutls_openssl.c b/libextra/gnutls_openssl.c
index b079088..26ee268 100644
--- a/libextra/gnutls_openssl.c
+++ b/libextra/gnutls_openssl.c
@@ -887,9 +887,10 @@ X509_get_issuer_name (const X509 * cert)
char *
X509_NAME_oneline (gnutls_x509_dn * name, char *buf, int len)
{
- memset (buf, 0, len);
+ /* XXX openssl allocates buffer if buf == NULL */
if (!buf)
return NULL;
+ memset (buf, 0, len);
snprintf (buf, len - 1,
"C=%s, ST=%s, L=%s, O=%s, OU=%s, CN=%s/Email=%s",
diff --git a/src/certtool.c b/src/certtool.c
index 882cb99..c4e92fa 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -2175,7 +2175,6 @@ _verify_x509_mem (const void *cert, int cert_size)
/* Verify using internal algorithm too. */
{
int verify_status;
- int comma;
ret = gnutls_x509_crt_list_verify (x509_cert_list, x509_ncerts,
&x509_cert_list[x509_ncerts - 1], 1,
@@ -2192,28 +2191,22 @@ _verify_x509_mem (const void *cert, int cert_size)
if (verify_status & GNUTLS_CERT_INVALID)
{
fprintf (outfile, "Not verified");
- comma = 1;
}
else
{
fprintf (outfile, "Verified");
- comma = 1;
}
if (verify_status & GNUTLS_CERT_SIGNER_NOT_CA)
{
- if (comma)
- fprintf (outfile, ", ");
+ fprintf (outfile, ", ");
fprintf (outfile, "Issuer is not a CA");
- comma = 1;
}
if (verify_status & GNUTLS_CERT_INSECURE_ALGORITHM)
{
- if (comma)
- fprintf (outfile, ", ");
+ fprintf (outfile, ", ");
fprintf (outfile, "Insecure algorithm");
- comma = 1;
}
fprintf (outfile, ".\n");
diff --git a/src/cfg/cfg+.c b/src/cfg/cfg+.c
index db01911..1fe611e 100644
--- a/src/cfg/cfg+.c
+++ b/src/cfg/cfg+.c
@@ -72,7 +72,7 @@ cfg_get_context(options)
for (i = 0; i < CFG_N_PROPS; i++) {
con->prop[i] =
PLATON_FUNC(strdyn_create_ar)(cfg_default_properties[i]);
if (con->prop[i] == NULL) {
- /* TODO: possible freeing on failure */
+ cfg_free_context(con);
return NULL;
}
}
diff --git a/src/cfg/platon/str/strdyn.c b/src/cfg/platon/str/strdyn.c
index cc57672..34c0247 100644
--- a/src/cfg/platon/str/strdyn.c
+++ b/src/cfg/platon/str/strdyn.c
@@ -316,15 +316,19 @@ PLATON_FUNC(strdyn_explode_str)(str, sep)
s_size = strstr(s, sep) - s;
- if ((ar[i] = (char*) malloc((s_size + 1) * sizeof(char))) ==
NULL)
+ if ((ar[i] = (char*) malloc((s_size + 1) * sizeof(char))) ==
NULL) {
+ PLATON_FUNC(strdyn_free)(ar);
return NULL;
+ }
strncpy(ar[i], s, s_size);
ar[i][s_size] = '\0';
}
- if ((ar[ar_size] = strdup(s)) == NULL)
+ if ((ar[ar_size] = strdup(s)) == NULL) {
+ PLATON_FUNC(strdyn_free)(ar);
return NULL;
+ }
ar[ar_size + 1] = NULL;
diff --git a/src/serv.c b/src/serv.c
index 9760439..24392a6 100644
--- a/src/serv.c
+++ b/src/serv.c
@@ -493,7 +493,10 @@ peer_print_info (gnutls_session_t session, int *ret_length,
http_buffer = malloc (len);
if (http_buffer == NULL)
- return NULL;
+ {
+ free(crtinfo);
+ return NULL;
+ }
strcpy (http_buffer, HTTP_BEGIN);
@@ -610,6 +613,7 @@ peer_print_info (gnutls_session_t session, int *ret_length,
strcat (http_buffer, "<hr><PRE>");
strcat (http_buffer, crtinfo);
strcat (http_buffer, "\n</PRE>\n");
+ free(crtinfo);
}
strcat (http_buffer, "<hr><P>Your HTTP header was:<PRE>");
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_2_8_x, updated. gnutls_2_8_5-4-ge391cd8,
Nikos Mavrogiannopoulos <=