diff options
author | Ludovic Courtès <ludo@gnu.org> | 2007-08-01 23:18:58 +0200 |
---|---|---|
committer | Simon Josefsson <simon@josefsson.org> | 2007-08-02 20:35:57 +0200 |
commit | 10d8110588533e91d67960e058d696f12ee1065c (patch) | |
tree | ae42d5295e64dbefda57b4cf854e5e3bc765a91b | |
parent | d86f140d8547e32a7ada6a6d55de2f836e9b694c (diff) | |
download | gnutls-10d8110588533e91d67960e058d696f12ee1065c.tar.gz |
Fixed erroneous checks and sloppy return values in certificate selection.
* lib/auth_cert.c (_gnutls_get_selected_cert): Dereference
APR_CERT_LIST_LENGTH, APR_PKEY and APR_CERT_LIST when validating their
value.
(_gnutls_server_select_cert): When IDX < 0, set RET to
`GNUTLS_E_INSUFFICIENT_CREDENTIALS'.
Signed-off-by: Simon Josefsson <simon@josefsson.org>
-rw-r--r-- | lib/auth_cert.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/auth_cert.c b/lib/auth_cert.c index f91c71c4b6..f0cb427205 100644 --- a/lib/auth_cert.c +++ b/lib/auth_cert.c @@ -1483,8 +1483,8 @@ _gnutls_get_selected_cert (gnutls_session_t session, *apr_pkey = session->internals.selected_key; *apr_cert_list_length = session->internals.selected_cert_list_length; - if (apr_cert_list_length == 0 || apr_pkey == NULL || - apr_cert_list == NULL) + if (*apr_cert_list_length == 0 || *apr_pkey == NULL || + *apr_cert_list == NULL) { gnutls_assert (); return GNUTLS_E_INSUFFICIENT_CREDENTIALS; @@ -1763,6 +1763,9 @@ _gnutls_server_select_cert (gnutls_session_t session, cred->cert_list_length[idx], &cred->pkey[idx], 0); } + else + /* Certificate does not support REQUESTED_ALGO. */ + ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS; return ret; } |