diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-11-11 09:05:13 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-11-11 09:05:13 +0000 |
| commit | fe6db41f818b2fc2c79058649ccb1fb2c023e2be (patch) | |
| tree | 019d5428c24eebbf085c8c82d87c91883ad3db92 | |
| parent | 879877ccdd6458f62a11583d013d59df5c8a87a2 (diff) | |
| download | gnutls-fe6db41f818b2fc2c79058649ccb1fb2c023e2be.tar.gz | |
added some check for the input parameters.
| -rw-r--r-- | lib/x509/crl.c | 55 | ||||
| -rw-r--r-- | lib/x509/crq.c | 50 | ||||
| -rw-r--r-- | lib/x509/pkcs12.c | 30 | ||||
| -rw-r--r-- | lib/x509/pkcs12_bag.c | 60 | ||||
| -rw-r--r-- | lib/x509/privkey.c | 36 | ||||
| -rw-r--r-- | lib/x509/privkey_pkcs8.c | 10 | ||||
| -rw-r--r-- | lib/x509/x509.c | 104 |
7 files changed, 339 insertions, 6 deletions
diff --git a/lib/x509/crl.c b/lib/x509/crl.c index 7b30cf842e..308cf65ee4 100644 --- a/lib/x509/crl.c +++ b/lib/x509/crl.c @@ -99,6 +99,11 @@ int gnutls_x509_crl_import(gnutls_x509_crl crl, const gnutls_datum * data, int result = 0, need_free = 0; gnutls_datum _data = { data->data, data->size }; + if (crl == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + /* If the CRL is in PEM format then decode it */ if (format == GNUTLS_X509_FMT_PEM) { @@ -161,6 +166,11 @@ int gnutls_x509_crl_import(gnutls_x509_crl crl, const gnutls_datum * data, int gnutls_x509_crl_get_issuer_dn(gnutls_x509_crl crl, char *buf, size_t *sizeof_buf) { + if (crl == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + return _gnutls_x509_parse_dn(crl->crl, "tbsCertList.issuer.rdnSequence", buf, sizeof_buf); @@ -190,6 +200,11 @@ int gnutls_x509_crl_get_issuer_dn_by_oid(gnutls_x509_crl crl, const char *oid, int indx, char *buf, size_t *sizeof_buf) { + if (crl == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + return _gnutls_x509_parse_dn_oid(crl->crl, "tbsCertList.issuer.rdnSequence", oid, indx, buf, sizeof_buf); @@ -210,6 +225,11 @@ int gnutls_x509_crl_get_signature_algorithm(gnutls_x509_crl crl) int result; gnutls_datum sa; + if (crl == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + /* Read the signature algorithm. Note that parameters are not * read. They will be read from the issuer's certificate if needed. */ @@ -242,6 +262,11 @@ int gnutls_x509_crl_get_version(gnutls_x509_crl crl) opaque version[5]; int len, result; + if (crl == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + len = sizeof(version); if ((result = asn1_read_value(crl->crl, "tbsCertList.version", version, @@ -264,6 +289,11 @@ int gnutls_x509_crl_get_version(gnutls_x509_crl crl) **/ time_t gnutls_x509_crl_get_this_update(gnutls_x509_crl crl) { + if (crl == NULL) { + gnutls_assert(); + return (time_t)-1; + } + return _gnutls_x509_get_time(crl->crl, "tbsCertList.thisUpdate"); } @@ -281,6 +311,11 @@ time_t gnutls_x509_crl_get_this_update(gnutls_x509_crl crl) **/ time_t gnutls_x509_crl_get_next_update(gnutls_x509_crl crl) { + if (crl == NULL) { + gnutls_assert(); + return (time_t)-1; + } + return _gnutls_x509_get_time(crl->crl, "tbsCertList.nextUpdate"); } @@ -300,6 +335,11 @@ int gnutls_x509_crl_get_certificate_count(gnutls_x509_crl crl) int count, result; + if (crl == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + result = asn1_number_of_elements(crl->crl, "tbsCertList.revokedCertificates", @@ -337,6 +377,11 @@ int gnutls_x509_crl_get_certificate(gnutls_x509_crl crl, int index, char serial_name[64]; char date_name[64]; + if (crl == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + _gnutls_int2str(index + 1, str_index); _gnutls_str_cpy(serial_name, sizeof(serial_name), "tbsCertList.revokedCertificates.?"); @@ -388,6 +433,11 @@ int _gnutls_x509_crl_get_raw_issuer_dn(gnutls_x509_crl crl, int start1, end1; gnutls_datum crl_signed_data; + if (crl == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + /* get the issuer of 'crl' */ if ((result = @@ -459,6 +509,11 @@ cleanup: int gnutls_x509_crl_export( gnutls_x509_crl crl, gnutls_x509_crt_fmt format, unsigned char* output_data, size_t* output_data_size) { + if (crl == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + return _gnutls_x509_export_int( crl->crl, format, PEM_CRL, *output_data_size, output_data, output_data_size); } diff --git a/lib/x509/crq.c b/lib/x509/crq.c index 79a653c0c3..ac04d1c4da 100644 --- a/lib/x509/crq.c +++ b/lib/x509/crq.c @@ -105,6 +105,11 @@ int gnutls_x509_crq_import(gnutls_x509_crq crq, const gnutls_datum * data, { int result = 0, need_free = 0; gnutls_datum _data; + + if (crq==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } _data.data = data->data; _data.size = data->size; @@ -171,6 +176,11 @@ int gnutls_x509_crq_import(gnutls_x509_crq crq, const gnutls_datum * data, int gnutls_x509_crq_get_dn(gnutls_x509_crq crq, char *buf, size_t *sizeof_buf) { + if (crq==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + return _gnutls_x509_parse_dn( crq->crq, "certificationRequestInfo.subject.rdnSequence", buf, sizeof_buf); } @@ -198,6 +208,11 @@ int gnutls_x509_crq_get_dn(gnutls_x509_crq crq, char *buf, int gnutls_x509_crq_get_dn_by_oid(gnutls_x509_crq crq, const char* oid, int indx, char *buf, size_t *sizeof_buf) { + if (crq==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + return _gnutls_x509_parse_dn_oid( crq->crq, "certificationRequestInfo.subject.rdnSequence", oid, indx, buf, sizeof_buf); } @@ -356,6 +371,11 @@ static int parse_attribute(ASN1_TYPE asn1_struct, int gnutls_x509_crq_get_challenge_password(gnutls_x509_crq crq, char* pass, size_t* sizeof_pass) { + if (crq==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + return parse_attribute( crq->crq, "certificationRequestInfo.attributes", "1.2.840.113549.1.9.7", 0, pass, sizeof_pass); } @@ -403,6 +423,11 @@ int gnutls_x509_crq_set_version(gnutls_x509_crq crq, unsigned int version) int result; uint8 null = version; + if (crq==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + result = asn1_write_value( crq->crq, "certificationRequestInfo.version", &null, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); @@ -427,6 +452,11 @@ int gnutls_x509_crq_set_key(gnutls_x509_crq crq, gnutls_x509_privkey key) { int result; + if (crq==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + result = _gnutls_x509_encode_and_copy_PKI_params( crq->crq, "certificationRequestInfo.subjectPKInfo", key->pk_algorithm, key->params, key->params_size); @@ -453,6 +483,11 @@ int gnutls_x509_crq_set_challenge_password(gnutls_x509_crq crq, const char* pass { int result; + if (crq==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + /* Add the attribute. */ result = asn1_write_value( crq->crq, "certificationRequestInfo.attributes", "NEW", 1); @@ -493,6 +528,11 @@ int result; gnutls_datum signature; const char* pk; + if (crq==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + if (key->pk_algorithm != GNUTLS_PK_RSA) { gnutls_assert(); return GNUTLS_E_UNIMPLEMENTED_FEATURE; @@ -568,6 +608,11 @@ const char* pk; int gnutls_x509_crq_export( gnutls_x509_crq crq, gnutls_x509_crt_fmt format, unsigned char* output_data, size_t* output_data_size) { + if (crq==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + return _gnutls_x509_export_int( crq->crq, format, PEM_CRQ, *output_data_size, output_data, output_data_size); } @@ -593,6 +638,11 @@ int gnutls_x509_crq_get_pk_algorithm( gnutls_x509_crq crq, unsigned int* bits) { int result; + if (crq==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + result = _gnutls_x509_get_pk_algorithm( crq->crq, "certificationRequestInfo.subjectPKInfo", bits); if (result < 0) { diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index 1256b62426..75d04ed270 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -174,6 +174,11 @@ int gnutls_pkcs12_import(gnutls_pkcs12 pkcs12, const gnutls_datum * data, int result = 0, need_free = 0; gnutls_datum _data = { data->data, data->size }; + if (pkcs12==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + /* If the PKCS12 is in PEM format then decode it */ if (format == GNUTLS_X509_FMT_PEM) { @@ -233,6 +238,11 @@ int gnutls_pkcs12_import(gnutls_pkcs12 pkcs12, const gnutls_datum * data, int gnutls_pkcs12_export( gnutls_pkcs12 pkcs12, gnutls_x509_crt_fmt format, unsigned char* output_data, size_t* output_data_size) { + if (pkcs12==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + return _gnutls_x509_export_int( pkcs12->pkcs12, format, PEM_PKCS12, *output_data_size, output_data, output_data_size); } @@ -485,6 +495,11 @@ int gnutls_pkcs12_get_bag(gnutls_pkcs12 pkcs12, char counter[MAX_INT_DIGITS]; gnutls_datum tmp = {NULL, 0}; + if (pkcs12==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + /* Step 1. decode the data. */ result = _decode_pkcs12_auth_safe( pkcs12->pkcs12, &c2, NULL); @@ -617,6 +632,11 @@ int gnutls_pkcs12_set_bag(gnutls_pkcs12 pkcs12, gnutls_pkcs12_bag bag) int enc = 0, dum = 1; char null; + if (pkcs12==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + /* Step 1. Check if the pkcs12 structure is empty. In that * case generate an empty PFX. */ @@ -723,6 +743,11 @@ int gnutls_pkcs12_generate_mac(gnutls_pkcs12 pkcs12, const char* pass) gnutls_datum tmp = {NULL, 0}; opaque sha_mac[20]; + if (pkcs12==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + /* Generate the salt. */ _gnutls_get_random(salt, sizeof(salt), GNUTLS_WEAK_RANDOM); @@ -826,6 +851,11 @@ int gnutls_pkcs12_verify_mac(gnutls_pkcs12 pkcs12, const char* pass) opaque sha_mac[20]; opaque sha_mac_orig[20]; + if (pkcs12==NULL || pass == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + /* read the iterations */ diff --git a/lib/x509/pkcs12_bag.c b/lib/x509/pkcs12_bag.c index affe903b02..39bde9b105 100644 --- a/lib/x509/pkcs12_bag.c +++ b/lib/x509/pkcs12_bag.c @@ -97,6 +97,11 @@ void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag bag) **/ gnutls_pkcs12_bag_type gnutls_pkcs12_bag_get_type(gnutls_pkcs12_bag bag, int indx) { + if (bag == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + if (indx >= bag->bag_elements) return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; return bag->element[indx].type; @@ -111,6 +116,11 @@ gnutls_pkcs12_bag_type gnutls_pkcs12_bag_get_type(gnutls_pkcs12_bag bag, int ind **/ int gnutls_pkcs12_bag_get_count(gnutls_pkcs12_bag bag) { + if (bag == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + return bag->bag_elements; } @@ -125,6 +135,11 @@ int gnutls_pkcs12_bag_get_count(gnutls_pkcs12_bag bag) **/ int gnutls_pkcs12_bag_get_data(gnutls_pkcs12_bag bag, int indx, gnutls_const_datum * data) { + if (bag == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + if (indx >= bag->bag_elements) return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; @@ -281,6 +296,10 @@ int gnutls_pkcs12_bag_set_data(gnutls_pkcs12_bag bag, gnutls_pkcs12_bag_type typ const gnutls_datum* data) { int ret; + if (bag == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } if (bag->bag_elements == MAX_BAG_ELEMENTS-1) { gnutls_assert(); @@ -332,6 +351,11 @@ int gnutls_pkcs12_bag_set_crt(gnutls_pkcs12_bag bag, gnutls_x509_crt crt) int ret; gnutls_datum data; + if (bag == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + ret = _gnutls_x509_der_encode( crt->cert, "", &data, 0); if (ret < 0) { gnutls_assert(); @@ -362,6 +386,12 @@ int gnutls_pkcs12_bag_set_crl(gnutls_pkcs12_bag bag, gnutls_x509_crl crl) int ret; gnutls_datum data; + + if (bag == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + ret = _gnutls_x509_der_encode( crl->crl, "", &data, 0); if (ret < 0) { gnutls_assert(); @@ -393,6 +423,12 @@ int gnutls_pkcs12_bag_set_key_id(gnutls_pkcs12_bag bag, int indx, { int ret; + + if (bag == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + if (indx > bag->bag_elements-1) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; @@ -424,6 +460,10 @@ int ret; int gnutls_pkcs12_bag_get_key_id(gnutls_pkcs12_bag bag, int indx, gnutls_datum* id) { + if (bag == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } if (indx > bag->bag_elements-1) { gnutls_assert(); @@ -451,6 +491,11 @@ int gnutls_pkcs12_bag_get_key_id(gnutls_pkcs12_bag bag, int indx, int gnutls_pkcs12_bag_get_friendly_name(gnutls_pkcs12_bag bag, int indx, char **name) { + if (bag == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + if (indx > bag->bag_elements-1) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; @@ -478,6 +523,11 @@ int gnutls_pkcs12_bag_get_friendly_name(gnutls_pkcs12_bag bag, int indx, int gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag bag, int indx, const char* name) { + if (bag == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + if (indx > bag->bag_elements-1) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; @@ -506,6 +556,11 @@ int gnutls_pkcs12_bag_decrypt(gnutls_pkcs12_bag bag, const char* pass) { int ret; gnutls_datum dec; + + if (bag == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } if (bag->element[0].type != GNUTLS_BAG_ENCRYPTED) { gnutls_assert(); @@ -555,6 +610,11 @@ gnutls_datum der = {NULL, 0}; gnutls_datum enc = {NULL, 0}; schema_id id; + if (bag == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + if (bag->element[0].type == GNUTLS_BAG_ENCRYPTED) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 3cf6ed9313..a470dcae4b 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -269,6 +269,11 @@ int gnutls_x509_privkey_import(gnutls_x509_privkey key, const gnutls_datum * dat { int result = 0, need_free = 0; gnutls_datum _data; + + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } _data.data = data->data; _data.size = data->size; @@ -374,6 +379,11 @@ int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey key, int i = 0, ret; size_t siz = 0; + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + siz = m->size; if (_gnutls_mpi_scan(&key->params[0], m->data, &siz)) { gnutls_assert(); @@ -444,6 +454,11 @@ int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey key, **/ int gnutls_x509_privkey_get_pk_algorithm( gnutls_x509_privkey key) { + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + return key->pk_algorithm; } @@ -473,6 +488,11 @@ int gnutls_x509_privkey_export( gnutls_x509_privkey key, gnutls_x509_crt_fmt format, unsigned char* output_data, size_t* output_data_size) { char * msg; + + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } if (key->pk_algorithm == GNUTLS_PK_RSA) msg = PEM_KEY_RSA; @@ -506,6 +526,11 @@ int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey key, { size_t siz; + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + siz = 0; _gnutls_mpi_print(NULL, &siz, key->params[0]); @@ -813,6 +838,11 @@ int gnutls_x509_privkey_generate( gnutls_x509_privkey key, gnutls_pk_algorithm a { int ret; + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + switch( algo) { case GNUTLS_PK_DSA: return GNUTLS_E_UNIMPLEMENTED_FEATURE; @@ -879,8 +909,14 @@ int result; GNUTLS_HASH_HANDLE hd; gnutls_datum der = { NULL, 0 }; + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + if (*output_data_size < 20) { gnutls_assert(); + *output_data_size = 20; return GNUTLS_E_SHORT_MEMORY_BUFFER; } diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index 894accea21..b8316779df 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -407,6 +407,11 @@ int gnutls_x509_privkey_export_pkcs8(gnutls_x509_privkey key, gnutls_datum tmp; schema_id schema; + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + /* Get the private key info * tmp holds the DER encoding. */ @@ -824,6 +829,11 @@ int gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey key, gnutls_datum _data; int encrypted; + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + _data.data = data->data; _data.size = data->size; diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 7df61d07bd..5ed50f5d09 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -152,6 +152,11 @@ int gnutls_x509_crt_import(gnutls_x509_crt cert, const gnutls_datum * data, int result = 0, need_free = 0; gnutls_datum _data; opaque *signature = NULL; + + if (cert==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } _data.data = data->data; _data.size = data->size; @@ -223,6 +228,11 @@ int gnutls_x509_crt_import(gnutls_x509_crt cert, const gnutls_datum * data, int gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt cert, char *buf, size_t *sizeof_buf) { + if (cert==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + return _gnutls_x509_parse_dn( cert->cert, "tbsCertificate.issuer.rdnSequence", buf, sizeof_buf); } @@ -250,6 +260,11 @@ int gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt cert, char *buf, int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt cert, const char* oid, int indx, char *buf, size_t *sizeof_buf) { + if (cert==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + return _gnutls_x509_parse_dn_oid( cert->cert, "tbsCertificate.issuer.rdnSequence", oid, indx, buf, sizeof_buf); } @@ -273,6 +288,11 @@ int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt cert, const char* oid, int gnutls_x509_crt_get_dn(gnutls_x509_crt cert, char *buf, size_t *sizeof_buf) { + if (cert==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + return _gnutls_x509_parse_dn( cert->cert, "tbsCertificate.subject.rdnSequence", buf, sizeof_buf); } @@ -300,6 +320,11 @@ int gnutls_x509_crt_get_dn(gnutls_x509_crt cert, char *buf, int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt cert, const char* oid, int indx, char *buf, size_t *sizeof_buf) { + if (cert==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + return _gnutls_x509_parse_dn_oid( cert->cert, "tbsCertificate.subject.rdnSequence", oid, indx, buf, sizeof_buf); } @@ -319,6 +344,11 @@ int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt cert) int result; gnutls_datum sa; + if (cert==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + /* Read the signature algorithm. Note that parameters are not * read. They will be read from the issuer's certificate if needed. */ @@ -349,7 +379,12 @@ int gnutls_x509_crt_get_version(gnutls_x509_crt cert) { opaque version[5]; int len, result; - + + if (cert==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + len = sizeof(version); if ((result = asn1_read_value(cert->cert, "tbsCertificate.version", version, &len)) != ASN1_SUCCESS) { @@ -373,6 +408,11 @@ int gnutls_x509_crt_get_version(gnutls_x509_crt cert) **/ time_t gnutls_x509_crt_get_activation_time(gnutls_x509_crt cert) { + if (cert==NULL) { + gnutls_assert(); + return (time_t)-1; + } + return _gnutls_x509_get_time( cert->cert, "tbsCertificate.validity.notBefore"); } @@ -387,6 +427,11 @@ time_t gnutls_x509_crt_get_activation_time(gnutls_x509_crt cert) **/ time_t gnutls_x509_crt_get_expiration_time(gnutls_x509_crt cert) { + if (cert==NULL) { + gnutls_assert(); + return (time_t)-1; + } + return _gnutls_x509_get_time( cert->cert, "tbsCertificate.validity.notAfter"); } @@ -410,6 +455,11 @@ int gnutls_x509_crt_get_serial(gnutls_x509_crt cert, char* result, { int ret; + if (cert==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + if ((ret = asn1_read_value(cert->cert, "tbsCertificate.serialNumber", result, result_size)) < 0) { gnutls_assert(); return _gnutls_asn2err(ret); @@ -440,6 +490,11 @@ int gnutls_x509_crt_get_pk_algorithm( gnutls_x509_crt cert, unsigned int* bits) { int result; + if (cert==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + result = _gnutls_x509_get_pk_algorithm( cert->cert, "tbsCertificate.subjectPublicKeyInfo", bits); @@ -487,7 +542,13 @@ int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt cert, char num[MAX_INT_DIGITS]; gnutls_x509_subject_alt_name type; - memset(ret, 0, *ret_size); + if (cert==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if (ret) memset(ret, 0, *ret_size); + else *ret_size = 0; if ((result = _gnutls_x509_crt_get_extension(cert, "2.5.29.17", 0, &dnsname, critical)) < 0) { @@ -551,12 +612,12 @@ int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt cert, _gnutls_str_cat( nptr, sizeof(nptr), "."); _gnutls_str_cat( nptr, sizeof(nptr), ext_data); - len = sizeof(ext_data); - + len = *ret_size; result = - asn1_read_value(c2, nptr, ret, ret_size); + asn1_read_value(c2, nptr, ret, &len); asn1_delete_structure(&c2); - + *ret_size = len; + if (result==ASN1_MEM_ERROR) return GNUTLS_E_SHORT_MEMORY_BUFFER; @@ -589,6 +650,11 @@ int gnutls_x509_crt_get_ca_status(gnutls_x509_crt cert, unsigned int* critical) gnutls_datum basicConstraints; int ca; + if (cert==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + if ((result = _gnutls_x509_crt_get_extension(cert, "2.5.29.19", 0, &basicConstraints, critical)) < 0) { gnutls_assert(); @@ -638,6 +704,11 @@ int gnutls_x509_crt_get_key_usage(gnutls_x509_crt cert, unsigned int *key_usage, gnutls_datum keyUsage; uint16 _usage; + if (cert==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + if ((result = _gnutls_x509_crt_get_extension(cert, "2.5.29.15", 0, &keyUsage, critical)) < 0) { return result; @@ -686,6 +757,11 @@ int gnutls_x509_crt_get_extension_by_oid(gnutls_x509_crt cert, const char* oid, int result; gnutls_datum output; + if (cert==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + if ((result = _gnutls_x509_crt_get_extension(cert, oid, indx, &output, critical)) < 0) { gnutls_assert(); @@ -884,6 +960,11 @@ gnutls_datum tmp; int gnutls_x509_crt_export( gnutls_x509_crt cert, gnutls_x509_crt_fmt format, unsigned char* output_data, size_t* output_data_size) { + if (cert==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + return _gnutls_x509_export_int( cert->cert, format, "CERTIFICATE", *output_data_size, output_data, output_data_size); } @@ -917,8 +998,14 @@ int i, pk, result = 0; gnutls_datum der = { NULL, 0 }; GNUTLS_HASH_HANDLE hd; + if (crt==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + if (*output_data_size < 20) { gnutls_assert(); + *output_data_size = 20; return GNUTLS_E_SHORT_MEMORY_BUFFER; } @@ -1002,6 +1089,11 @@ int gnutls_x509_crt_check_revocation(gnutls_x509_crt cert, int ncerts, ret, i, j; gnutls_datum dn1, dn2; + if (cert==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + for (j = 0; j < crl_list_length; j++) { /* do for all the crls */ /* Step 1. check if issuer's DN match |