summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2003-08-11 18:29:49 +0000
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2003-08-11 18:29:49 +0000
commitf8c5c05a58933e12843b7e4145b0ed6d565345c2 (patch)
tree262afef6775c4d1e7ec81d0636fc5594caef7e31 /lib
parent5201ca6996cd2085292f15c67f4f53ec805a1b3e (diff)
downloadgnutls-f8c5c05a58933e12843b7e4145b0ed6d565345c2.tar.gz
still more patches by Arne Thomassen
Diffstat (limited to 'lib')
-rw-r--r--lib/auth_cert.c23
-rw-r--r--lib/auth_cert.h2
-rw-r--r--lib/auth_dh_common.c5
-rw-r--r--lib/auth_rsa_export.c4
-rw-r--r--lib/dh_compat.c1
-rw-r--r--lib/gnutls_algorithms.c32
-rw-r--r--lib/gnutls_anon_cred.c4
-rw-r--r--lib/gnutls_auth.c2
-rw-r--r--lib/gnutls_cert.c4
-rw-r--r--lib/gnutls_compress_int.c19
-rw-r--r--lib/gnutls_dh_primes.c2
-rw-r--r--lib/gnutls_errors.c2
-rw-r--r--lib/gnutls_extensions.c2
-rw-r--r--lib/gnutls_global.c34
-rw-r--r--lib/gnutls_handshake.c18
-rw-r--r--lib/gnutls_hash_int.c4
-rw-r--r--lib/gnutls_mem.c11
-rw-r--r--lib/gnutls_num.c3
-rw-r--r--lib/gnutls_pk.c8
-rw-r--r--lib/gnutls_record.c2
-rw-r--r--lib/gnutls_state.c11
-rw-r--r--lib/gnutls_x509.c2
-rw-r--r--lib/io_debug.h2
-rw-r--r--lib/x509/compat.c2
-rw-r--r--lib/x509/verify.c6
25 files changed, 100 insertions, 105 deletions
diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index 1163c0c326..d0bef0f2cb 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -1213,7 +1213,7 @@ int _gnutls_gen_cert_server_cert_req(gnutls_session session,
if (session->security_parameters.cert_type == GNUTLS_CRT_X509 &&
session->internals.ignore_rdn_sequence == 0) {
_gnutls_write_datum16(pdata, cred->x509_rdn_sequence);
- pdata += cred->x509_rdn_sequence.size + 2;
+ /* pdata += cred->x509_rdn_sequence.size + 2; */
}
return size;
@@ -1333,10 +1333,9 @@ static int _gnutls_server_find_cert_list_index(gnutls_session session,
requested_algo)
{
uint i, j;
- int index = -1;
+ int index;
const gnutls_certificate_credentials cred;
int my_certs_length;
- int *ij_map = NULL;
cred =
_gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
@@ -1365,17 +1364,19 @@ static int _gnutls_server_find_cert_list_index(gnutls_session session,
if (session->internals.server_cert_callback != NULL && cred->ncerts > 0) {
/* use the callback to get certificate
*/
- gnutls_datum *my_certs = NULL;
+ gnutls_datum *my_certs;
+ int *ij_map;
+ my_certs_length = cred->ncerts;
my_certs =
- gnutls_malloc(cred->ncerts * sizeof(gnutls_datum));
+ gnutls_malloc(my_certs_length * sizeof(gnutls_datum));
if (my_certs == NULL)
- goto clear;
- my_certs_length = cred->ncerts;
+ goto out;
/* put our certificate's issuer and dn into cdn, idn
*/
- ij_map = gnutls_malloc(sizeof(int) * cred->ncerts);
+ ij_map = gnutls_malloc(my_certs_length * sizeof(int));
+ if (ij_map == NULL) goto cleanup_certs;
j = 0;
for (i = 0; i < cred->ncerts; i++) {
@@ -1405,11 +1406,13 @@ static int _gnutls_server_find_cert_list_index(gnutls_session session,
if (index != -1)
index = ij_map[index];
- clear:
- gnutls_free(my_certs);
gnutls_free(ij_map);
+ cleanup_certs:
+ gnutls_free(my_certs);
+
}
+ out:
/* store the index for future use, in the handshake.
* (This will allow not calling this callback again.)
*/
diff --git a/lib/auth_cert.h b/lib/auth_cert.h
index a667aa394e..a9760ab0ec 100644
--- a/lib/auth_cert.h
+++ b/lib/auth_cert.h
@@ -4,7 +4,7 @@
# include "gnutls_auth.h"
# include "x509/x509.h"
-/* This structure may be complex but, it's the only way to
+/* This structure may be complex, but it's the only way to
* support a server that has multiple certificates
*/
typedef struct {
diff --git a/lib/auth_dh_common.c b/lib/auth_dh_common.c
index ddb61b7176..287c5c4191 100644
--- a/lib/auth_dh_common.c
+++ b/lib/auth_dh_common.c
@@ -127,6 +127,7 @@ int _gnutls_gen_dh_common_client_kx(gnutls_session session, opaque ** data)
_gnutls_mpi_release(&x);
if (session->key->KEY == NULL) {
gnutls_assert();
+ gnutls_free(*data); *data = NULL;
return GNUTLS_E_MEMORY_ERROR;
}
@@ -134,6 +135,8 @@ int _gnutls_gen_dh_common_client_kx(gnutls_session session, opaque ** data)
session->key->client_Y));
if (ret<0) {
gnutls_assert();
+ failed:
+ gnutls_free(*data); *data = NULL;
return ret;
}
@@ -147,7 +150,7 @@ int _gnutls_gen_dh_common_client_kx(gnutls_session session, opaque ** data)
_gnutls_mpi_release(&session->key->KEY);
if (ret < 0) {
- return ret;
+ goto failed;
}
return n_X + 2;
diff --git a/lib/auth_rsa_export.c b/lib/auth_rsa_export.c
index 8c4e4ca8a1..66d4f25280 100644
--- a/lib/auth_rsa_export.c
+++ b/lib/auth_rsa_export.c
@@ -152,7 +152,7 @@ static int gen_rsa_export_server_kx(gnutls_session session, opaque ** data)
apr_pkey, &ddata,
&signature)) < 0) {
gnutls_assert();
- gnutls_free(*data);
+ gnutls_free(*data); *data = NULL;
return ret;
}
} else {
@@ -219,6 +219,7 @@ CERTIFICATE_AUTH_INFO info = _gnutls_get_auth_info( session);
if (peer_cert.subject_pk_algorithm != GNUTLS_PK_RSA) {
gnutls_assert();
+ _gnutls_free_cert( &peer_cert);
return 0;
}
@@ -349,7 +350,6 @@ static int proc_rsa_export_server_kx(gnutls_session session, opaque * data,
_gnutls_free_cert( &peer_cert);
if (ret < 0) {
gnutls_assert();
- return ret;
}
return ret;
diff --git a/lib/dh_compat.c b/lib/dh_compat.c
index f1bec80adf..30c25ba428 100644
--- a/lib/dh_compat.c
+++ b/lib/dh_compat.c
@@ -125,6 +125,7 @@ int gnutls_dh_params_generate(gnutls_datum * prime,
prime->data = gnutls_malloc(siz);
if (prime->data == NULL) {
gnutls_free(generator->data);
+ generator->data = NULL; generator->size = 0;
_gnutls_mpi_release(&tmp_g);
_gnutls_mpi_release(&tmp_prime);
return GNUTLS_E_MEMORY_ERROR;
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index cb316c51fb..ecbe4c5a65 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -85,7 +85,7 @@ static const gnutls_pk_map pk_mappings[] = {
#define GNUTLS_PK_MAP_LOOP(b) \
const gnutls_pk_map *p; \
- for(p = pk_mappings; p->kx_algorithm != 0; p++) { b ; }
+ for(p = pk_mappings; p->kx_algorithm != 0; p++) { b }
#define GNUTLS_PK_MAP_ALG_LOOP(a) \
GNUTLS_PK_MAP_LOOP( if(p->kx_algorithm == kx_algorithm) { a; break; })
@@ -1183,25 +1183,22 @@ _gnutls_supported_ciphersuites(gnutls_session session,
GNUTLS_CipherSuite* ciphers;
gnutls_protocol_version version;
- *_ciphers = NULL;
-
if (count == 0) {
return 0;
}
- version = gnutls_protocol_get_version( session);
-
tmp_ciphers = gnutls_alloca(count * sizeof(GNUTLS_CipherSuite));
if ( tmp_ciphers==NULL)
return GNUTLS_E_MEMORY_ERROR;
ciphers = gnutls_malloc(count * sizeof(GNUTLS_CipherSuite));
-
if ( ciphers==NULL) {
gnutls_afree( tmp_ciphers);
return GNUTLS_E_MEMORY_ERROR;
}
+ version = gnutls_protocol_get_version( session);
+
for (i = 0; i < count; i++) {
memcpy( &tmp_ciphers[i], &cs_algorithms[i].id, sizeof( GNUTLS_CipherSuite));
}
@@ -1252,12 +1249,7 @@ _gnutls_supported_ciphersuites(gnutls_session session,
}
}
#endif
- if (ret_count == 0) {
- gnutls_free(ciphers);
- ciphers = NULL;
- }
- *_ciphers = ciphers;
gnutls_afree(tmp_ciphers);
/* This function can no longer return 0 cipher suites.
@@ -1265,9 +1257,10 @@ _gnutls_supported_ciphersuites(gnutls_session session,
*/
if (ret_count == 0) {
gnutls_assert();
- gnutls_free( ciphers);
+ gnutls_free(ciphers);
return GNUTLS_E_NO_CIPHER_SUITES;
}
+ *_ciphers = ciphers;
return ret_count;
}
@@ -1282,15 +1275,14 @@ _gnutls_supported_ciphersuites(gnutls_session session,
int
_gnutls_supported_compression_methods(gnutls_session session, uint8 ** comp)
{
- unsigned int i, j=0;
- int tmp;
+ unsigned int i, j;
*comp = gnutls_malloc( sizeof(uint8) * SUPPORTED_COMPRESSION_METHODS);
if (*comp == NULL)
return GNUTLS_E_MEMORY_ERROR;
- for (i = 0; i < SUPPORTED_COMPRESSION_METHODS; i++) {
- tmp = _gnutls_compression_get_num(session->internals.
+ for (i = j = 0; i < SUPPORTED_COMPRESSION_METHODS; i++) {
+ int tmp = _gnutls_compression_get_num(session->internals.
compression_method_priority.
priority[i]);
@@ -1309,7 +1301,7 @@ _gnutls_supported_compression_methods(gnutls_session session, uint8 ** comp)
if (j==0) {
gnutls_assert();
- gnutls_free( *comp);
+ gnutls_free( *comp); *comp = NULL;
return GNUTLS_E_NO_COMPRESSION_ALGORITHMS;
}
return j;
@@ -1319,7 +1311,7 @@ _gnutls_supported_compression_methods(gnutls_session session, uint8 ** comp)
* gnutls_certificate_type_get_name - Returns a string with the name of the specified certificate type
* @type: is a certificate type
*
- * Returns a string that contains the name
+ * Returns a string (or NULL) that contains the name
* of the specified certificate type.
**/
const char *gnutls_certificate_type_get_name( gnutls_certificate_type type)
@@ -1339,7 +1331,7 @@ gnutls_pk_algorithm _gnutls_map_pk_get_pk(gnutls_kx_algorithm kx_algorithm)
{
gnutls_pk_algorithm ret = -1;
- GNUTLS_PK_MAP_ALG_LOOP(ret = p->pk_algorithm);
+ GNUTLS_PK_MAP_ALG_LOOP(ret = p->pk_algorithm)
return ret;
}
@@ -1351,7 +1343,7 @@ gnutls_pk_algorithm _gnutls_map_pk_get_pk(gnutls_kx_algorithm kx_algorithm)
enum encipher_type _gnutls_kx_encipher_type(gnutls_kx_algorithm kx_algorithm)
{
int ret = CIPHER_IGN;
- GNUTLS_PK_MAP_ALG_LOOP(ret = p->encipher_type);
+ GNUTLS_PK_MAP_ALG_LOOP(ret = p->encipher_type)
return ret;
}
diff --git a/lib/gnutls_anon_cred.c b/lib/gnutls_anon_cred.c
index 7c3910e7c8..a52c64c737 100644
--- a/lib/gnutls_anon_cred.c
+++ b/lib/gnutls_anon_cred.c
@@ -19,10 +19,10 @@
*
*/
-#ifdef ENABLE_ANON
-
#include "gnutls_int.h"
+#ifdef ENABLE_ANON
+
#include "gnutls_errors.h"
#include "auth_anon.h"
#include "gnutls_auth_int.h"
diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c
index 05dddc6199..2c5bef6f9a 100644
--- a/lib/gnutls_auth.c
+++ b/lib/gnutls_auth.c
@@ -208,7 +208,7 @@ void* _gnutls_get_auth_info( gnutls_session session) {
* _gnutls_free_auth_info - Frees the auth info structure
* @session: is a &gnutls_session structure.
*
- * this function frees the auth info structure and sets it to
+ * This function frees the auth info structure and sets it to
* null. It must be called since some structures contain malloced
* elements.
-*/
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index c99b67cb25..32ffc4d8d5 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -295,7 +295,7 @@ OPENPGP_VERIFY_KEY_FUNC _E_gnutls_openpgp_verify_key = NULL;
* _gnutls_openpgp_cert_verify_peers - This function returns the peer's certificate status
* @session: is a gnutls session
*
- * This function will try to verify the peer's certificate and return it's status (TRUSTED, INVALID etc.).
+ * This function will try to verify the peer's certificate and return its status (TRUSTED, INVALID etc.).
* Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent.
*
-*/
@@ -353,7 +353,7 @@ int _gnutls_openpgp_cert_verify_peers(gnutls_session session)
* gnutls_certificate_verify_peers - This function returns the peer's certificate verification status
* @session: is a gnutls session
*
- * This function will try to verify the peer's certificate and return it's status (trusted, invalid etc.).
+ * This function will try to verify the peer's certificate and return its status (trusted, invalid etc.).
* However you must also check the peer's name in order to check if the verified certificate belongs to the
* actual peer.
*
diff --git a/lib/gnutls_compress_int.c b/lib/gnutls_compress_int.c
index e5a96bb192..216b7f328a 100644
--- a/lib/gnutls_compress_int.c
+++ b/lib/gnutls_compress_int.c
@@ -68,6 +68,8 @@ int err;
ret->handle = gnutls_malloc( sizeof( z_stream));
if (ret->handle==NULL) {
gnutls_assert();
+ cleanup_ret:
+ gnutls_free(ret);
return NULL;
}
@@ -87,8 +89,7 @@ int err;
if (err!=Z_OK) {
gnutls_assert();
gnutls_free( ret->handle);
- gnutls_free( ret);
- return NULL;
+ goto cleanup_ret;
}
break;
}
@@ -101,7 +102,7 @@ int err;
if (ret->handle==NULL) {
gnutls_assert();
- return NULL;
+ goto cleanup_ret;
}
}
@@ -164,7 +165,7 @@ int err;
if (err!=LZO_E_OK) {
gnutls_assert();
- gnutls_free( *compressed);
+ gnutls_free( *compressed); *compressed = NULL;
return GNUTLS_E_COMPRESSION_FAILED;
}
@@ -194,7 +195,7 @@ int err;
if (err!=Z_OK || zhandle->avail_in != 0) {
gnutls_assert();
- gnutls_free( *compressed);
+ gnutls_free( *compressed); *compressed = NULL;
return GNUTLS_E_COMPRESSION_FAILED;
}
@@ -212,7 +213,7 @@ int err;
#endif
if ((size_t)compressed_size > max_comp_size) {
- gnutls_free(*compressed);
+ gnutls_free(*compressed); *compressed = NULL;
return GNUTLS_E_COMPRESSION_FAILED;
}
@@ -263,7 +264,7 @@ int cur_pos;
if (err!=LZO_E_OK) {
gnutls_assert();
- gnutls_free( *plain);
+ gnutls_free( *plain); *plain = NULL;
return GNUTLS_E_DECOMPRESSION_FAILED;
}
@@ -307,7 +308,7 @@ int cur_pos;
if (err!=Z_OK) {
gnutls_assert();
- gnutls_free( *plain);
+ gnutls_free( *plain); *plain = NULL;
return GNUTLS_E_DECOMPRESSION_FAILED;
}
@@ -322,7 +323,7 @@ int cur_pos;
if ((size_t)plain_size > max_record_size) {
gnutls_assert();
- gnutls_free( *plain);
+ gnutls_free( *plain); *plain = NULL;
return GNUTLS_E_DECOMPRESSION_FAILED;
}
diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c
index d5bedaafcb..e0932b16e2 100644
--- a/lib/gnutls_dh_primes.c
+++ b/lib/gnutls_dh_primes.c
@@ -498,7 +498,7 @@ int gnutls_dh_params_export_raw(gnutls_dh_params params,
prime->data = gnutls_malloc(size);
if (prime->data == NULL) {
- gnutls_free(generator->data);
+ gnutls_free(generator->data); generator->data = NULL;
return GNUTLS_E_MEMORY_ERROR;
}
prime->size = size;
diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c
index d570bea753..349bd87fbc 100644
--- a/lib/gnutls_errors.c
+++ b/lib/gnutls_errors.c
@@ -158,7 +158,7 @@ static gnutls_error_entry error_algorithms[] = {
* If a function returns a negative value you may feed that value
* to this function to see if it is fatal. Returns 1 for a fatal
* error 0 otherwise. However you may want to check the
- * error code manualy, since some non-fatal errors to the protocol
+ * error code manually, since some non-fatal errors to the protocol
* may be fatal for you (your program).
*
* This is only useful if you are dealing with errors from the
diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c
index 3525addf68..95a3e60863 100644
--- a/lib/gnutls_extensions.c
+++ b/lib/gnutls_extensions.c
@@ -213,7 +213,7 @@ int (*ext_func_send)( gnutls_session, opaque*, int);
_gnutls_extension_list_add( session, next);
} else if (size < 0) {
gnutls_assert();
- gnutls_free(*data);
+ gnutls_free(*data); *data = NULL;
return size;
}
diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c
index df2642d658..0297e0d7da 100644
--- a/lib/gnutls_global.c
+++ b/lib/gnutls_global.c
@@ -154,21 +154,19 @@ static int _gnutls_init = 0;
* Returns zero on success.
*
* Note that this function will also initialize libgcrypt, if it has not
- * been initialized before. Thus if you want to manualy initialize libgcrypt
+ * been initialized before. Thus if you want to manually initialize libgcrypt
* you must do it before calling this function. This is useful in cases you
* want to disable libgcrypt's internal lockings etc.
*
**/
int gnutls_global_init( void)
{
- int result;
+ static int result = 0;
+ int res;
+ if (_gnutls_init) goto out;
_gnutls_init++;
- if (_gnutls_init!=1) {
- return 0;
- }
-
if (gcry_control( GCRYCTL_ANY_INITIALIZATION_P) == 0) {
/* for gcrypt in order to be able to allocate memory */
gcry_set_allocation_handler(gnutls_malloc, gnutls_secure_malloc, _gnutls_is_secure_memory, gnutls_realloc, gnutls_free);
@@ -188,7 +186,7 @@ int gnutls_global_init( void)
result = _gnutls_register_rc2_cipher();
if (result < 0) {
gnutls_assert();
- return result;
+ goto out;
}
/* set default recv/send functions
@@ -202,18 +200,21 @@ int gnutls_global_init( void)
* version.
*/
- result=asn1_array2tree( pkix_asn1_tab, &_gnutls_pkix1_asn, NULL);
- if (result != ASN1_SUCCESS) {
- return _gnutls_asn2err(result);
+ res=asn1_array2tree( pkix_asn1_tab, &_gnutls_pkix1_asn, NULL);
+ if (res != ASN1_SUCCESS) {
+ result = _gnutls_asn2err(res);
+ goto out;
}
- result=asn1_array2tree( gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL);
- if (result != ASN1_SUCCESS) {
+ res=asn1_array2tree( gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL);
+ if (res != ASN1_SUCCESS) {
asn1_delete_structure(&_gnutls_pkix1_asn);
- return _gnutls_asn2err(result);
+ result = _gnutls_asn2err(res);
+ goto out;
}
- return 0;
+ out:
+ return result;
}
/**
@@ -226,9 +227,8 @@ int gnutls_global_init( void)
void gnutls_global_deinit( void) {
- _gnutls_init--;
-
- if (_gnutls_init==0) {
+ if (_gnutls_init==1) {
+ _gnutls_init--;
asn1_delete_structure(&_gnutls_gnutls_asn);
asn1_delete_structure(&_gnutls_pkix1_asn);
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 7df65edcfc..c6303a7d5e 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -1006,9 +1006,6 @@ int _gnutls_recv_handshake(gnutls_session session, uint8 ** data,
}
}
-
- ret = GNUTLS_E_INTERNAL_ERROR;
-
if (data != NULL && length32 > 0)
*data = dataptr;
@@ -1035,6 +1032,7 @@ int _gnutls_recv_handshake(gnutls_session session, uint8 ** data,
/* dataptr is freed because the caller does not
* need it */
gnutls_free(dataptr);
+ if (data!=NULL) *data = NULL;
break;
case GNUTLS_SERVER_HELLO_DONE:
if (length32==0) ret = 0;
@@ -1417,11 +1415,11 @@ static int _gnutls_copy_comp_methods(gnutls_session session,
*/
static int _gnutls_send_client_hello(gnutls_session session, int again)
{
- opaque *data;
+ opaque *data = NULL;
opaque *extdata = NULL;
int extdatalen;
int pos = 0;
- int datalen, ret = 0;
+ int datalen = 0, ret = 0;
opaque random[TLS_RANDOM_SIZE];
gnutls_protocol_version hver;
@@ -1431,13 +1429,9 @@ static int _gnutls_send_client_hello(gnutls_session session, int again)
session->internals.resumed_security_parameters.
session_id_size;
- if (SessionID == NULL || session_id_len == 0) {
- session_id_len = 0;
- SessionID = NULL;
- }
+ if (SessionID == NULL) session_id_len = 0;
+ else if (session_id_len == 0) SessionID = NULL;
- data = NULL;
- datalen = 0;
if (again == 0) {
datalen = 2 + (session_id_len + 1) + TLS_RANDOM_SIZE;
@@ -1576,7 +1570,6 @@ static int _gnutls_send_client_hello(gnutls_session session, int again)
gnutls_free(extdata);
} else if (extdatalen < 0) {
gnutls_assert();
- gnutls_free(extdata);
gnutls_free(data);
return extdatalen;
}
@@ -1614,7 +1607,6 @@ static int _gnutls_send_server_hello(gnutls_session session, int again)
if (extdatalen < 0) {
gnutls_assert();
- gnutls_free(extdata);
return extdatalen;
}
diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c
index ebfb683b04..4f836108fb 100644
--- a/lib/gnutls_hash_int.c
+++ b/lib/gnutls_hash_int.c
@@ -57,7 +57,7 @@ GNUTLS_HASH_HANDLE _gnutls_hash_init(gnutls_mac_algorithm algorithm)
break;
default:
- ret = GNUTLS_HASH_FAILED;
+ ret = GNUTLS_HASH_FAILED; break;
}
if (ret != GNUTLS_HASH_FAILED)
@@ -78,7 +78,7 @@ int _gnutls_hash_get_algo_len(gnutls_mac_algorithm algorithm)
ret = gcry_md_get_algo_dlen(GCRY_MD_MD5);
break;
default:
- ret = 0;
+ ret = 0; break;
}
return ret;
diff --git a/lib/gnutls_mem.c b/lib/gnutls_mem.c
index 9621442830..836287e74a 100644
--- a/lib/gnutls_mem.c
+++ b/lib/gnutls_mem.c
@@ -73,16 +73,11 @@ void *ret;
}
char* _gnutls_strdup( const char* str) {
-size_t siz = strlen( str);
+size_t siz = strlen( str) + 1;
char* ret;
- ret = gnutls_malloc( siz + 1);
- if (ret == NULL)
- return ret;
-
- memcpy( ret, str, siz);
- ret[ siz] = 0;
-
+ ret = gnutls_malloc( siz);
+ if (ret != NULL) memcpy( ret, str, siz);
return ret;
}
diff --git a/lib/gnutls_num.c b/lib/gnutls_num.c
index 7729722c00..b0856ca7ad 100644
--- a/lib/gnutls_num.c
+++ b/lib/gnutls_num.c
@@ -27,9 +27,6 @@
#include <gnutls_num.h>
#include <gnutls_errors.h>
-/* This function will set the uint64 x to zero
- */
-
/* This function will add one to uint64 x.
* Returns 0 on success, or -1 if the uint64 max limit
* has been reached.
diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c
index 5b523fb06e..84554ac522 100644
--- a/lib/gnutls_pk.c
+++ b/lib/gnutls_pk.c
@@ -84,11 +84,13 @@ int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext,
/* using public key */
if (params_len < RSA_PUBLIC_PARAMS) {
gnutls_assert();
+ gnutls_free(edata);
return GNUTLS_E_INTERNAL_ERROR;
}
if ( (ret=_gnutls_get_random(ps, psize, GNUTLS_STRONG_RANDOM)) < 0) {
gnutls_assert();
+ gnutls_free(edata);
return ret;
}
for (i = 0; i < psize; i++) {
@@ -99,6 +101,7 @@ int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext,
*/
if ( (ret=_gnutls_get_random( rnd, 3, GNUTLS_STRONG_RANDOM)) < 0) {
gnutls_assert();
+ gnutls_free(edata);
return ret;
}
/* use non zero values for
@@ -123,6 +126,7 @@ int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext,
if (params_len < RSA_PRIVATE_PARAMS) {
gnutls_assert();
+ gnutls_free(edata);
return GNUTLS_E_INTERNAL_ERROR;
}
@@ -131,6 +135,7 @@ int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext,
break;
default:
gnutls_assert();
+ gnutls_free(edata);
return GNUTLS_E_INTERNAL_ERROR;
}
@@ -282,6 +287,7 @@ int _gnutls_pkcs1_rsa_decrypt(gnutls_datum * plaintext,
break;
default:
gnutls_assert();
+ gnutls_free(edata);
return GNUTLS_E_INTERNAL_ERROR;
}
i++;
@@ -409,7 +415,7 @@ int _gnutls_dsa_sign(gnutls_datum * signature, const gnutls_datum *hash,
}
ret = _gnutls_pk_sign(GCRY_PK_DSA, rs, mdata, params, params_len);
- /* res now holds r,s */
+ /* rs[0], rs[1] now hold r,s */
_gnutls_mpi_release(&mdata);
if (ret < 0) {
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index e58fdd2218..75e64bd4df 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -479,7 +479,7 @@ static int _gnutls_check_recv_type( ContentType recv_type) {
*/
static int _gnutls_check_buffers( gnutls_session session, ContentType type, opaque* data, int sizeofdata) {
if ( (type == GNUTLS_APPLICATION_DATA || type == GNUTLS_HANDSHAKE) && _gnutls_record_buffer_get_size(type, session) > 0) {
- int ret = 0, ret2=0;
+ int ret, ret2;
ret = _gnutls_record_buffer_get(type, session, data, sizeofdata);
if (ret < 0) {
gnutls_assert();
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index 0bbb497519..e8a7c65d25 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -193,7 +193,8 @@ int gnutls_init(gnutls_session * session, gnutls_connection_end con_end)
(*session)->key = gnutls_calloc(1, sizeof(struct GNUTLS_KEY_INT));
if ( (*session)->key == NULL) {
- gnutls_free( *session);
+ cleanup_session:
+ gnutls_free( *session); *session = NULL;
return GNUTLS_E_MEMORY_ERROR;
}
@@ -206,10 +207,14 @@ int gnutls_init(gnutls_session * session, gnutls_connection_end con_end)
gnutls_handshake_set_max_packet_length( (*session), MAX_HANDSHAKE_PACKET_SIZE);
/* Allocate a minimum size for recv_data
- * This is allocated in order to avoid small messages, makeing
+ * This is allocated in order to avoid small messages, making
* the receive procedure slow.
*/
(*session)->internals.record_recv_buffer.data = gnutls_malloc(INITIAL_RECV_BUFFER_SIZE);
+ if ( (*session)->internals.record_recv_buffer.data == NULL) {
+ gnutls_free((*session)->key);
+ goto cleanup_session;
+ }
/* set the socket pointers to -1;
*/
@@ -534,7 +539,7 @@ void gnutls_record_set_cbc_protection(gnutls_session session, int prot)
* are not yet defined in any RFC or even internet draft.
*
* Enabling the private ciphersuites when talking to other than gnutls
- * servers and clients, may cause interoperability problems.
+ * servers and clients may cause interoperability problems.
*
**/
void gnutls_handshake_set_private_extensions(gnutls_session session, int allow)
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index 50b00a7c92..b90c70dfef 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -62,7 +62,7 @@
* _gnutls_x509_cert_verify_peers - This function returns the peer's certificate status
* @session: is a gnutls session
*
- * This function will try to verify the peer's certificate and return it's status (TRUSTED, REVOKED etc.).
+ * This function will try to verify the peer's certificate and return its status (TRUSTED, REVOKED etc.).
* The return value (status) should be one of the gnutls_certificate_status enumerated elements.
* However you must also check the peer's name in order to check if the verified certificate belongs to the
* actual peer. Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent.
diff --git a/lib/io_debug.h b/lib/io_debug.h
index 3b2e9ee4a5..2c3e2ff8ab 100644
--- a/lib/io_debug.h
+++ b/lib/io_debug.h
@@ -18,7 +18,7 @@
/* This debug file was contributed by
* Paul Sheer <psheer@icon.co.za>. Some changes were made by nmav.
- * It's purpose it to debug non blocking behaviour of gnutls. The included
+ * Its purpose is to debug non blocking behaviour of gnutls. The included
* send() and recv() functions return EAGAIN errors in random.
*
*/
diff --git a/lib/x509/compat.c b/lib/x509/compat.c
index a87de7d5eb..f80d590d68 100644
--- a/lib/x509/compat.c
+++ b/lib/x509/compat.c
@@ -501,7 +501,7 @@ int gnutls_x509_extract_certificate_dn_string(char *buf, unsigned int sizeof_buf
* @CRL_list: not used
* @CRL_list_length: not used
*
- * This function will try to verify the given certificate list and return it's status (TRUSTED, EXPIRED etc.).
+ * This function will try to verify the given certificate list and return its status (TRUSTED, EXPIRED etc.).
* The return value (status) should be one or more of the gnutls_certificate_status
* enumerated elements bitwise or'd. Note that expiration and activation dates are not checked
* by this function, you should check them using the appropriate functions.
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 1363dcc744..25715652a1 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -459,7 +459,7 @@ int ret, issuer_params_size, i;
* @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
* @verify: will hold the certificate verification output.
*
- * This function will try to verify the given certificate list and return it's status (TRUSTED, REVOKED etc.).
+ * This function will try to verify the given certificate list and return its status (TRUSTED, REVOKED etc.).
* The return value (status) should be one or more of the gnutls_certificate_status
* enumerated elements bitwise or'd. Note that expiration and activation dates are not checked
* by this function, you should check them using the appropriate functions.
@@ -511,7 +511,7 @@ int gnutls_x509_crt_list_verify( gnutls_x509_crt* cert_list, int cert_list_lengt
* @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
* @verify: will hold the certificate verification output.
*
- * This function will try to verify the given certificate and return it's status.
+ * This function will try to verify the given certificate and return its status.
* See gnutls_x509_crt_list_verify() for a detailed description of
* return values.
*
@@ -577,7 +577,7 @@ int gnutls_x509_crl_check_issuer( gnutls_x509_crl cert,
* @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
* @verify: will hold the crl verification output.
*
- * This function will try to verify the given crl and return it's status.
+ * This function will try to verify the given crl and return its status.
* See gnutls_x509_crt_list_verify() for a detailed description of
* return values.
*
View Lorry Controller Status