diff options
| author | Daiki Ueno <ueno@gnu.org> | 2023-03-19 13:01:39 +0900 |
|---|---|---|
| committer | Daiki Ueno <ueno@gnu.org> | 2023-03-21 07:55:03 +0900 |
| commit | d7577cc531bac9687ff740b315b7b01eaca1a3ff (patch) | |
| tree | a44693c347ae639d1e9e2f6a0cc734db218e3fbd | |
| parent | c30996af95f68c13af622e91401108aeea394c1a (diff) | |
| download | gnutls-d7577cc531bac9687ff740b315b7b01eaca1a3ff.tar.gz | |
psk: guard against the case where psk_auth_info_t has NULL username
This happens when gnutls_psk_server_get_username is called from a
client. Also simplify the embedded NUL-byte check with memchr.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
| -rw-r--r-- | lib/psk.c | 3 | ||||
| -rw-r--r-- | lib/str.h | 7 | ||||
| -rw-r--r-- | lib/x509/email-verify.c | 5 | ||||
| -rw-r--r-- | lib/x509/hostname-verify.c | 4 |
4 files changed, 5 insertions, 14 deletions
@@ -476,8 +476,7 @@ const char *gnutls_psk_server_get_username(gnutls_session_t session) if (info == NULL) return NULL; - if (info->username[0] != 0 - && !_gnutls_has_embedded_null(info->username, info->username_len)) + if (info->username && !memchr(info->username, '\0', info->username_len)) return info->username; return NULL; @@ -73,13 +73,6 @@ inline static unsigned _gnutls_dnsname_is_valid(const char *str, unsigned size) return 1; } -inline static bool _gnutls_has_embedded_null(const char *str, unsigned size) -{ - if (strlen(str) != size) - return true; - return false; -} - void _gnutls_str_cpy(char *dest, size_t dest_tot_size, const char *src); void _gnutls_str_cat(char *dest, size_t dest_tot_size, const char *src); diff --git a/lib/x509/email-verify.c b/lib/x509/email-verify.c index bedbcd2e20..c9ece51dcb 100644 --- a/lib/x509/email-verify.c +++ b/lib/x509/email-verify.c @@ -82,8 +82,7 @@ gnutls_x509_crt_check_email(gnutls_x509_crt_t cert, if (ret == GNUTLS_SAN_RFC822NAME) { found_rfc822name = 1; - if (_gnutls_has_embedded_null - (rfc822name, rfc822namesize)) { + if (memchr(rfc822name, '\0', rfc822namesize)) { _gnutls_debug_log ("certificate has %s with embedded null in rfc822name\n", rfc822name); @@ -132,7 +131,7 @@ gnutls_x509_crt_check_email(gnutls_x509_crt_t cert, goto cleanup; } - if (_gnutls_has_embedded_null(rfc822name, rfc822namesize)) { + if (memchr(rfc822name, '\0', rfc822namesize)) { _gnutls_debug_log ("certificate has EMAIL %s with embedded null in name\n", rfc822name); diff --git a/lib/x509/hostname-verify.c b/lib/x509/hostname-verify.c index c3c6a3e70a..fbe7f1a389 100644 --- a/lib/x509/hostname-verify.c +++ b/lib/x509/hostname-verify.c @@ -220,7 +220,7 @@ gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert, if (ret == GNUTLS_SAN_DNSNAME) { found_dnsname = 1; - if (_gnutls_has_embedded_null(dnsname, dnsnamesize)) { + if (memchr(dnsname, '\0', dnsnamesize)) { _gnutls_debug_log ("certificate has %s with embedded null in name\n", dnsname); @@ -274,7 +274,7 @@ gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert, goto cleanup; } - if (_gnutls_has_embedded_null(dnsname, dnsnamesize)) { + if (memchr(dnsname, '\0', dnsnamesize)) { _gnutls_debug_log ("certificate has CN %s with embedded null in name\n", dnsname); |