diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-08-12 22:22:55 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-08-19 22:00:59 +0200 |
commit | c6968ed9432d6935c4d590c552368ac9a92f1c30 (patch) | |
tree | e7bca192d184ac1cdee92701bca7d4b1e78757e4 | |
parent | c6816015ff2ff1c8932ab768455b3fdffff6cd5b (diff) | |
download | gnutls-c6968ed9432d6935c4d590c552368ac9a92f1c30.tar.gz |
certtool: lifted limits on file size to load
-rw-r--r-- | src/certtool-common.c | 90 | ||||
-rw-r--r-- | src/certtool-common.h | 4 |
2 files changed, 38 insertions, 56 deletions
diff --git a/src/certtool-common.c b/src/certtool-common.c index 03a90dfa6d..0157f82fa7 100644 --- a/src/certtool-common.c +++ b/src/certtool-common.c @@ -61,20 +61,34 @@ #include <read-file.h> unsigned char *lbuffer = NULL; -int lbuffer_size = 0; +unsigned long lbuffer_size = 0; -void fix_lbuffer(unsigned size) +static unsigned long file_size(FILE *fp) +{ + unsigned long size; + unsigned long cur = ftell(fp); + fseek(fp, 0, SEEK_END); + size = ftell(fp); + fseek(fp, cur, SEEK_SET); + return size; +} + +void fix_lbuffer(unsigned long size) { if (lbuffer_size == 0 || lbuffer == NULL) { if (size == 0) lbuffer_size = 64*1024; else - lbuffer_size = MAX(64*1024,size); + lbuffer_size = MAX(64*1024,size+1); lbuffer = malloc(lbuffer_size); - if (lbuffer == NULL) { - fprintf(stderr, "memory error"); - exit(1); - } + } else if (size > lbuffer_size) { + lbuffer_size = MAX(64*1024,size+1); + lbuffer = realloc(lbuffer, lbuffer_size); + } + + if (lbuffer == NULL) { + fprintf(stderr, "memory error"); + exit(1); } } @@ -365,22 +379,17 @@ gnutls_x509_crt_t load_cert(int mand, common_info_st * info) return crt ? crt[0] : NULL; } -#define MAX_CERTS 256 - /* Loads a certificate list */ gnutls_x509_crt_t *load_cert_list(int mand, size_t * crt_size, common_info_st * info) { FILE *fd; - static gnutls_x509_crt_t crt[MAX_CERTS]; - char *ptr; - int ret, i; + static gnutls_x509_crt_t *crt; + int ret; gnutls_datum_t dat; - size_t size; - int ptr_size; - - fix_lbuffer(0); + unsigned size; + unsigned int crt_max; *crt_size = 0; if (info->verbose) @@ -400,54 +409,27 @@ gnutls_x509_crt_t *load_cert_list(int mand, size_t * crt_size, exit(1); } + fix_lbuffer(file_size(fd)); + size = fread(lbuffer, 1, lbuffer_size - 1, fd); lbuffer[size] = 0; fclose(fd); - ptr = (void *) lbuffer; - ptr_size = size; - - for (i = 0; i < MAX_CERTS; i++) { - ret = gnutls_x509_crt_init(&crt[i]); - if (ret < 0) { - fprintf(stderr, "crt_init: %s\n", - gnutls_strerror(ret)); - exit(1); - } - - dat.data = (void *) ptr; - dat.size = ptr_size; - - ret = - gnutls_x509_crt_import(crt[i], &dat, - info->incert_format); - if (ret < 0 && *crt_size > 0) - break; - if (ret < 0) { - fprintf(stderr, "crt_import: %s\n", - gnutls_strerror(ret)); - exit(1); - } - - ptr = strstr(ptr, "---END"); - if (ptr == NULL) - break; - ptr++; + dat.data = (void *) lbuffer; + dat.size = size; - ptr_size = size; - ptr_size -= - (unsigned int) ((unsigned char *) ptr - - (unsigned char *) lbuffer); + ret = gnutls_x509_crt_list_import2(&crt, &crt_max, &dat, GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) { + fprintf(stderr, "Error loading certificates: %s\n", gnutls_strerror(ret)); + exit(1); + } - if (ptr_size < 0) - break; + *crt_size = crt_max; - (*crt_size)++; - } if (info->verbose) fprintf(stderr, "Loaded %d certificates.\n", - (int) *crt_size); + (int) crt_max); return crt; } diff --git a/src/certtool-common.h b/src/certtool-common.h index f6661ee462..70f287ea33 100644 --- a/src/certtool-common.h +++ b/src/certtool-common.h @@ -111,8 +111,8 @@ const char *get_password(common_info_st * cinfo, unsigned int *flags, int confirm); extern unsigned char *lbuffer; -extern int lbuffer_size; +extern unsigned long lbuffer_size; -void fix_lbuffer(unsigned); +void fix_lbuffer(unsigned long); #endif |