diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-05-24 10:46:03 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-05-24 15:01:49 +0200 |
commit | 20abda405acdf359711ebbaaceea0b4af328f2e3 (patch) | |
tree | 94be2e298d57e25b9fabf041198b3b66ee1eda7b | |
parent | 3e7d0eefc5ede77b03c205f3df498946e4ceb72c (diff) | |
download | gnutls-20abda405acdf359711ebbaaceea0b4af328f2e3.tar.gz |
ext/status_request: ensure response IDs are properly deinitialized
That is, do not attempt to loop through the array if there is no array
allocated.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/ext/status_request.c | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c index f5a46dca23..049d852e35 100644 --- a/lib/ext/status_request.c +++ b/lib/ext/status_request.c @@ -69,7 +69,10 @@ typedef struct { static void deinit_responder_id(status_request_ext_st *priv) { -unsigned i; + unsigned i; + + if (priv->responder_id == NULL) + return; for (i = 0; i < priv->responder_id_size; i++) gnutls_free(priv->responder_id[i].data); @@ -135,6 +138,7 @@ server_recv(gnutls_session_t session, { size_t i; ssize_t data_size = size; + unsigned responder_ids = 0; /* minimum message is type (1) + responder_id_list (2) + request_extension (2) = 5 */ @@ -153,23 +157,24 @@ server_recv(gnutls_session_t session, DECR_LEN(data_size, 1); data++; - priv->responder_id_size = _gnutls_read_uint16(data); + responder_ids = _gnutls_read_uint16(data); DECR_LEN(data_size, 2); data += 2; - if (data_size <= (ssize_t) (priv->responder_id_size * 2)) + if (data_size <= (ssize_t) (responder_ids * 2)) return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); - if (priv->responder_id != NULL) - deinit_responder_id(priv); + deinit_responder_id(priv); - priv->responder_id = gnutls_calloc(1, priv->responder_id_size + priv->responder_id = gnutls_calloc(1, responder_ids * sizeof(*priv->responder_id)); if (priv->responder_id == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); + priv->responder_id_size = responder_ids; + for (i = 0; i < priv->responder_id_size; i++) { size_t l; |