Some minor fixes in SRP support. Changed extension generation. Now less

allocation with malloc are done.
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2002-04-18 13:31:58 +0000
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2002-04-18 13:31:58 +0000
commit: a6de8f97e88bfa45f973909faf1b3c8caf8f8909 (patch)
tree: 6e2b052dbcbe367d5d862bdbb05a8f2e6e110654 /lib
parent: 05de2ecb11d8956aa7def54bf324e8667ab5379c (diff)
download: gnutls-a6de8f97e88bfa45f973909faf1b3c8caf8f8909.tar.gz
11 files changed, 69 insertions, 42 deletions
diff --git a/lib/auth_srp.c b/lib/auth_srp.c
index eb8e217f55..1862ca1fdb 100644
--- a/lib/auth_srp.c
+++ b/lib/auth_srp.c
@@ -69,8 +69,10 @@ MOD_AUTH_STRUCT srp_auth_struct = {
 #define V state->gnutls_key->x
 #define S state->gnutls_key->KEY
 
-/* Send the first key exchange message ( g, n, s) and append the verifier algorithm number */
-int gen_srp_server_hello(GNUTLS_STATE state, opaque ** data)
+/* Send the first key exchange message ( g, n, s) and append the verifier algorithm number 
+ * Data is allocated by the called, and should have data_size size.
+ */
+int gen_srp_server_hello(GNUTLS_STATE state, opaque * data, int data_size)
 {
 	size_t n_g, n_n, n_s;
 	size_t ret;
@@ -128,13 +130,12 @@ int gen_srp_server_hello(GNUTLS_STATE state, opaque ** data)
 	gcry_mpi_set(N, pwd_entry->n);
 	gcry_mpi_set(V, pwd_entry->v);
 
-	(*data) = gnutls_malloc(n_n + n_g + pwd_entry->salt_size + 6 + 1);
-	if ((*data)==NULL) {
+	if (data_size < n_n + n_g + pwd_entry->salt_size + 6 + 1) {
 		gnutls_assert();
-		return GNUTLS_E_MEMORY_ERROR;
+		return GNUTLS_E_INVALID_REQUEST;
 	}
 
-	data_g = (*data); 
+	data_g = data; 
 
 	/* firstly copy the algorithm used to generate the verifier 
 	 */
diff --git a/lib/auth_srp.h b/lib/auth_srp.h
index 951ca62857..655ba58bb1 100644
--- a/lib/auth_srp.h
+++ b/lib/auth_srp.h
@@ -23,7 +23,7 @@ typedef struct SRP_SERVER_AUTH_INFO_INT {
 } *SRP_SERVER_AUTH_INFO;
 
 int proc_srp_server_hello(GNUTLS_STATE state, const opaque * data, int data_size);
-int gen_srp_server_hello(GNUTLS_STATE state, opaque ** data);
+int gen_srp_server_hello(GNUTLS_STATE state, opaque * data, int data_size);
 
 typedef struct  SRP_SERVER_AUTH_INFO_INT  SRP_SERVER_AUTH_INFO_INT;
 
diff --git a/lib/auth_srp_passwd.c b/lib/auth_srp_passwd.c
index 97fe1ce207..58f6d98770 100644
--- a/lib/auth_srp_passwd.c
+++ b/lib/auth_srp_passwd.c
@@ -215,7 +215,6 @@ static int pwd_read_conf( const char* pconf_file, GNUTLS_SRP_PWD_ENTRY* entry, i
 	fd = fopen( pconf_file, "r");
 	if (fd==NULL) {
 		gnutls_assert();
-		gnutls_free(entry);
 		return GNUTLS_E_FILE_ERROR;
 	}
 
diff --git a/lib/ext_cert_type.c b/lib/ext_cert_type.c
index 9966c6ed22..5bf5621419 100644
--- a/lib/ext_cert_type.c
+++ b/lib/ext_cert_type.c
@@ -102,7 +102,7 @@ int _gnutls_cert_type_recv_params( GNUTLS_STATE state, const opaque* data, int d
 /* returns data_size or a negative number on failure
  * data is allocated localy
  */
-int _gnutls_cert_type_send_params( GNUTLS_STATE state, opaque** data) {
+int _gnutls_cert_type_send_params( GNUTLS_STATE state, opaque* data, int data_size) {
 	uint16 len, i;
 	
 	/* this function sends the client extension data (dnsname) */
@@ -118,15 +118,16 @@ int _gnutls_cert_type_send_params( GNUTLS_STATE state, opaque** data) {
 			/* We don't use this extension if X.509 certificates
 			 * are used.
 			 */
-				*data=NULL;
 				return 0;
 			}
 			
-			(*data) = gnutls_malloc(len);
-			if (*data==NULL) return GNUTLS_E_MEMORY_ERROR;
-			
+			if (data_size < len) {
+				gnutls_assert();
+				return GNUTLS_E_INVALID_REQUEST;
+			}
+
 			for (i=0;i<len;i++) {
-				(*data)[i] = _gnutls_cert_type2num( state->gnutls_internals.
+				data[i] = _gnutls_cert_type2num( state->gnutls_internals.
 					cert_type_priority.algorithm_priority[i]);
 			}
 			return len;
@@ -136,17 +137,18 @@ int _gnutls_cert_type_send_params( GNUTLS_STATE state, opaque** data) {
 
 		if ( state->security_parameters.cert_type != DEFAULT_CERT_TYPE) {
 			len = 1;
-			(*data) = gnutls_malloc(len); 
-			if (*data==NULL) return GNUTLS_E_MEMORY_ERROR;
+			if (data_size < len) {
+				gnutls_assert();
+				return GNUTLS_E_INVALID_REQUEST;
+			}
 			
-			(*data)[0] = _gnutls_cert_type2num( state->security_parameters.cert_type);
+			data[0] = _gnutls_cert_type2num( state->security_parameters.cert_type);
 			return len;
 		}	
 	
 	
 	}
 
-	*data = NULL;
 	return 0;
 }
 
diff --git a/lib/ext_cert_type.h b/lib/ext_cert_type.h
index 4d66406801..e8d341b275 100644
--- a/lib/ext_cert_type.h
+++ b/lib/ext_cert_type.h
@@ -4,4 +4,4 @@
 int _gnutls_num2cert_type( int num);
 int _gnutls_cert_type2num( int record_size);
 int _gnutls_cert_type_recv_params( GNUTLS_STATE state, const opaque* data, int data_size);
-int _gnutls_cert_type_send_params( GNUTLS_STATE state, opaque** data);
+int _gnutls_cert_type_send_params( GNUTLS_STATE state, opaque* data, int);
diff --git a/lib/ext_max_record.c b/lib/ext_max_record.c
index 1ffef22004..96ba5f09ef 100644
--- a/lib/ext_max_record.c
+++ b/lib/ext_max_record.c
@@ -80,7 +80,7 @@ int _gnutls_max_record_recv_params( GNUTLS_STATE state, const opaque* data, int
 /* returns data_size or a negative number on failure
  * data is allocated localy
  */
-int _gnutls_max_record_send_params( GNUTLS_STATE state, opaque** data) {
+int _gnutls_max_record_send_params( GNUTLS_STATE state, opaque* data, int data_size) {
 	uint16 len;
 	/* this function sends the client extension data (dnsname) */
 	if (state->security_parameters.entity == GNUTLS_CLIENT) {
@@ -89,10 +89,12 @@ int _gnutls_max_record_send_params( GNUTLS_STATE state, opaque** data) {
 			gnutls_assert();
 			
 			len = 1;
-			(*data) = gnutls_malloc(len); /* hold the size and the type also */
-			if (*data==NULL) return GNUTLS_E_MEMORY_ERROR;
+			if (data_size < len) {
+				gnutls_assert();
+				return GNUTLS_E_INVALID_REQUEST;
+			}
 			
-			(*data)[0] = _gnutls_mre_record2num( state->gnutls_internals.proposed_record_size);
+			data[0] = _gnutls_mre_record2num( state->gnutls_internals.proposed_record_size);
 			return len;
 		}
 
@@ -100,17 +102,18 @@ int _gnutls_max_record_send_params( GNUTLS_STATE state, opaque** data) {
 
 		if (state->security_parameters.max_record_size != DEFAULT_MAX_RECORD_SIZE) {
 			len = 1;
-			(*data) = gnutls_malloc(len); 
-			if (*data==NULL) return GNUTLS_E_MEMORY_ERROR;
+			if (data_size < len) {
+				gnutls_assert();
+				return GNUTLS_E_INVALID_REQUEST;
+			}
 			
-			(*data)[0] = _gnutls_mre_record2num( state->security_parameters.max_record_size);
+			data[0] = _gnutls_mre_record2num( state->security_parameters.max_record_size);
 			return len;
 		}	
 	
 	
 	}
 
-	*data = NULL;
 	return 0;
 }
 
diff --git a/lib/ext_max_record.h b/lib/ext_max_record.h
index 47f72485af..c6243304c0 100644
--- a/lib/ext_max_record.h
+++ b/lib/ext_max_record.h
@@ -4,4 +4,4 @@
 int _gnutls_mre_num2record( int num);
 int _gnutls_mre_record2num( int record_size);
 int _gnutls_max_record_recv_params( GNUTLS_STATE state, const opaque* data, int data_size);
-int _gnutls_max_record_send_params( GNUTLS_STATE state, opaque** data);
+int _gnutls_max_record_send_params( GNUTLS_STATE state, opaque* data, int);
diff --git a/lib/ext_srp.c b/lib/ext_srp.c
index 92d9c6e635..c04d5ced44 100644
--- a/lib/ext_srp.c
+++ b/lib/ext_srp.c
@@ -64,7 +64,7 @@ int _gnutls_srp_recv_params( GNUTLS_STATE state, const opaque* data, int data_si
 /* returns data_size or a negative number on failure
  * data is allocated localy
  */
-int _gnutls_srp_send_params( GNUTLS_STATE state, opaque** data) {
+int _gnutls_srp_send_params( GNUTLS_STATE state, opaque* data, int data_size) {
 	uint8 len;
 
 	if (_gnutls_kx_priority( state, GNUTLS_KX_SRP) < 0) {
@@ -77,17 +77,17 @@ int _gnutls_srp_send_params( GNUTLS_STATE state, opaque** data) {
 	if (state->security_parameters.entity == GNUTLS_CLIENT) {
 		const GNUTLS_SRP_CLIENT_CREDENTIALS cred = _gnutls_get_cred( state->gnutls_key, GNUTLS_CRD_SRP, NULL);
 
-		(*data) = NULL;
-
 		if (cred==NULL) return 0;
 
 		if (cred->username!=NULL) { /* send username */
 			len = strlen(cred->username);
-			(*data) = gnutls_malloc(len+1); /* hold the size also */
-			if (*data==NULL) return GNUTLS_E_MEMORY_ERROR;
+			if (data_size < len+1) {
+				gnutls_assert();
+				return GNUTLS_E_INVALID_REQUEST;
+			}
 			
-			(*data)[0] = len;
-			memcpy( &(*data)[1], cred->username, len);
+			data[0] = len;
+			memcpy( &data[1], cred->username, len);
 			return len + 1;
 		}
 	} else { /* SERVER SIDE sending (g,n,s) */
@@ -101,7 +101,7 @@ int _gnutls_srp_send_params( GNUTLS_STATE state, opaque** data) {
 			return 0; /* no data to send */
 		
 		if (state->gnutls_internals.resumed==RESUME_FALSE)
-			return gen_srp_server_hello( state, data);
+			return gen_srp_server_hello( state, data, data_size);
 		else
 			return 0;
 	}
diff --git a/lib/ext_srp.h b/lib/ext_srp.h
index d0fc3d40f1..ae3158a693 100644
--- a/lib/ext_srp.h
+++ b/lib/ext_srp.h
@@ -1,6 +1,6 @@
 #ifdef ENABLE_SRP
 
 int _gnutls_srp_recv_params( GNUTLS_STATE state, const opaque* data, int data_size);
-int _gnutls_srp_send_params( GNUTLS_STATE state, opaque** data);
+int _gnutls_srp_send_params( GNUTLS_STATE state, opaque* data, int);
 
 #endif
diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c
index b0316bc4eb..5311a25e65 100644
--- a/lib/gnutls_extensions.c
+++ b/lib/gnutls_extensions.c
@@ -34,7 +34,7 @@ typedef struct {
 	char *name;
 	uint16 type;
 	int (*gnutls_ext_func_recv)( GNUTLS_STATE, const opaque*, int); /* recv data */
-	int (*gnutls_ext_func_send)( GNUTLS_STATE, opaque**); /* send data */
+	int (*gnutls_ext_func_send)( GNUTLS_STATE, opaque*, int); /* send data */
 } gnutls_extension_entry;
 
 static gnutls_extension_entry extensions[] = {
@@ -176,8 +176,9 @@ static void _gnutls_extension_list_add( GNUTLS_STATE state, uint8 type) {
 int _gnutls_gen_extensions( GNUTLS_STATE state, opaque** data) {
 int next, size;
 uint16 pos=0;
-opaque* sdata;
-int (*ext_func_send)( GNUTLS_STATE, opaque**);
+opaque sdata[1024];
+int sdata_size = sizeof(sdata);
+int (*ext_func_send)( GNUTLS_STATE, opaque*, int);
 
 
 	(*data) = gnutls_malloc(2); /* allocate size for size */
@@ -193,7 +194,7 @@ int (*ext_func_send)( GNUTLS_STATE, opaque**);
 		next--;
 		ext_func_send = _gnutls_ext_func_send(next);
 		if (ext_func_send == NULL) continue;
-		size = ext_func_send( state, &sdata);
+		size = ext_func_send( state, sdata, sdata_size);
 
 		if (size > 0) {
 			(*data) = gnutls_realloc( (*data), pos+size+4);
@@ -212,7 +213,6 @@ int (*ext_func_send)( GNUTLS_STATE, opaque**);
 			
 			memcpy( &(*data)[pos], sdata, size);
 			pos+=size;
-			gnutls_free(sdata);
 			
 			/* add this extension to the extension list
 			 */
diff --git a/lib/gnutls_srp.c b/lib/gnutls_srp.c
index 0aa59b958f..41e42dfe53 100644
--- a/lib/gnutls_srp.c
+++ b/lib/gnutls_srp.c
@@ -403,6 +403,17 @@ int gnutls_srp_allocate_server_sc( GNUTLS_SRP_SERVER_CREDENTIALS *sc) {
 	return 0;
 }
 
+inline
+static int file_exists( const char* file) {
+FILE* fd;
+
+	fd = fopen( file, "r");
+	if (fd==NULL) return -1;
+
+	fclose(fd);
+	return 0;
+}
+
 /**
   * gnutls_srp_set_server_cred_file - Used to set the password files, in a GNUTLS_SRP_SERVER_CREDENTIALS structure
   * @res: is an &GNUTLS_SRP_SERVER_CREDENTIALS structure.
@@ -417,6 +428,17 @@ int i;
 		gnutls_assert();
 		return GNUTLS_E_INVALID_PARAMETERS;
 	}
+
+	/* Check if the files can be opened */
+	if (file_exists( password_file)!=0) {
+		gnutls_assert();
+		return GNUTLS_E_FILE_ERROR;
+	}
+
+	if (file_exists( password_conf_file)!=0) {
+		gnutls_assert();
+		return GNUTLS_E_FILE_ERROR;
+	}
 	
 	res->password_file = gnutls_realloc( res->password_file,
 		sizeof(char*)*(res->password_files+1));
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2002-04-18 13:31:58 +0000
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2002-04-18 13:31:58 +0000
commit	a6de8f97e88bfa45f973909faf1b3c8caf8f8909 (patch)
tree	6e2b052dbcbe367d5d862bdbb05a8f2e6e110654 /lib
parent	05de2ecb11d8956aa7def54bf324e8667ab5379c (diff)
download	gnutls-a6de8f97e88bfa45f973909faf1b3c8caf8f8909.tar.gz