Fix off-by-one in TLS 1.2 handshake.

* lib/auth_cert.c (_gnutls_gen_cert_server_cert_req): Before invoking `gnutls_malloc ()', increment SIZE when using TLS 1.2 so that the allocated buffer is large-enough to contain the list of supported hashes. Don't change SIZE later on. Signed-off-by: Simon Josefsson <simon@josefsson.org>
author: Ludovic CourtÃ¨s <ludo@chbouib.org> 2007-06-13 19:41:57 +0200
committer: Simon Josefsson <simon@josefsson.org> 2007-06-14 09:05:16 +0200
commit: d2c3f9c514ae1252d4f0e9f3a143c6aa360902db (patch)
tree: 44eebefd7fa7f576c97441b21d9830bba086a235
parent: 937885f613a5dc4ef88a29f0070d3bc1ef752cc5 (diff)
download: gnutls-d2c3f9c514ae1252d4f0e9f3a143c6aa360902db.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index 9114f09cfa..f91c71c4b6 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -1417,6 +1417,11 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session, opaque ** data)
       session->internals.ignore_rdn_sequence == 0)
     size += cred->x509_rdn_sequence.size;
 
+  if (ver == GNUTLS_TLS1_2)
+    /* Need at least one byte to announce the number of supported hash
+       functions (see below).  */
+    size += 1;
+
   (*data) = gnutls_malloc (size);
   pdata = (*data);
 
@@ -1436,7 +1441,7 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session, opaque ** data)
     {
       /* Supported hashes (nothing for now -- FIXME). */
       *pdata = 0;
-      pdata++, size++;
+      pdata++;
     }
 
   if (session->security_parameters.cert_type == GNUTLS_CRT_X509 &&
author	Ludovic CourtÃ¨s <ludo@chbouib.org>	2007-06-13 19:41:57 +0200
committer	Simon Josefsson <simon@josefsson.org>	2007-06-14 09:05:16 +0200
commit	d2c3f9c514ae1252d4f0e9f3a143c6aa360902db (patch)
tree	44eebefd7fa7f576c97441b21d9830bba086a235
parent	937885f613a5dc4ef88a29f0070d3bc1ef752cc5 (diff)
download	gnutls-d2c3f9c514ae1252d4f0e9f3a143c6aa360902db.tar.gz