Some updates in the srp codebase, to detect illegal usernames etc.

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2002-12-06 13:36:10 +0000
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2002-12-06 13:36:10 +0000
commit: b428f02d3d7220a62819cab0999d4e765bda37c3 (patch)
tree: 3bf70f87d298e3bb404ee6b7cb2812cc56ab7dc8
parent: d039bacdf41587d839cd54b0482991db25a6702b (diff)
download: gnutls-b428f02d3d7220a62819cab0999d4e765bda37c3.tar.gz
2 files changed, 8 insertions, 2 deletions
diff --git a/libextra/ext_srp.c b/libextra/ext_srp.c
index 299625bd5c..6a16bd4dcd 100644
--- a/libextra/ext_srp.c
+++ b/libextra/ext_srp.c
@@ -117,7 +117,13 @@ int _gnutls_srp_send_params( gnutls_session state, opaque* data, size_t data_siz
 
 		if ( !is_srp(state->security_parameters.current_cipher_suite))
 			return 0; /* no data to send */
-		
+
+		/* Even if we are resuming, the username in the parameters
+		 * should be non null.
+		 */
+		if (state->security_parameters.extensions.srp_username[0]==0)
+			return GNUTLS_E_ILLEGAL_SRP_USERNAME;
+
 		if (state->internals.resumed==RESUME_FALSE)
 			return _gnutls_gen_srp_server_hello( state, data, data_size);
 		else
diff --git a/libextra/gnutls_srp.c b/libextra/gnutls_srp.c
index 1656e34666..3d0f3a05ef 100644
--- a/libextra/gnutls_srp.c
+++ b/libextra/gnutls_srp.c
@@ -349,7 +349,7 @@ int gnutls_srp_set_client_credentials( gnutls_srp_client_credentials res, char *
 		gnutls_assert();
 		return GNUTLS_E_INVALID_REQUEST;
 	}
-	
+
 	res->username = gnutls_strdup( username);
 	if (res->username == NULL) return GNUTLS_E_MEMORY_ERROR;
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2002-12-06 13:36:10 +0000
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2002-12-06 13:36:10 +0000
commit	b428f02d3d7220a62819cab0999d4e765bda37c3 (patch)
tree	3bf70f87d298e3bb404ee6b7cb2812cc56ab7dc8
parent	d039bacdf41587d839cd54b0482991db25a6702b (diff)
download	gnutls-b428f02d3d7220a62819cab0999d4e765bda37c3.tar.gz