diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2009-11-05 23:09:51 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2009-11-05 23:11:15 +0200 |
| commit | 498e2a1ae31441f5d5b92a2765fa28f36bedb4aa (patch) | |
| tree | 2a9c12c9180fbacb20991df18730df5ad5e2812b /src | |
| parent | ed4a6d07ee08f457a7e0cd7edcd956b1f9ad6a49 (diff) | |
| download | gnutls-498e2a1ae31441f5d5b92a2765fa28f36bedb4aa.tar.gz | |
Cleanups and several bug fixes found by Tomas Mraz.
"I've patched the following problems in the code found by review of
gnutls-2.8.5 code done by Steve Grubb.
See the patch attached.
The gnutls_constate.c bug might be potentially serious so I've decided
to mail it to you directly, not to the public mailing list.
The auth_cert.c change is just cleanup of the code.
In gnutls_openssl.c I've just fixed the potential crasher, correct fix
would require using asprintf or precomputed length of the buffer to
allocate a memory.
The certtool.c change is again just a cleanup."
Diffstat (limited to 'src')
| -rw-r--r-- | src/certtool.c | 11 | ||||
| -rw-r--r-- | src/cfg/cfg+.c | 2 | ||||
| -rw-r--r-- | src/cfg/platon/str/strdyn.c | 8 | ||||
| -rw-r--r-- | src/serv.c | 6 |
4 files changed, 14 insertions, 13 deletions
diff --git a/src/certtool.c b/src/certtool.c index 145bcebbab..d41be38b20 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -2176,7 +2176,6 @@ _verify_x509_mem (const void *cert, int cert_size) /* Verify using internal algorithm too. */ { int verify_status; - int comma; ret = gnutls_x509_crt_list_verify (x509_cert_list, x509_ncerts, &x509_cert_list[x509_ncerts - 1], 1, @@ -2193,28 +2192,22 @@ _verify_x509_mem (const void *cert, int cert_size) if (verify_status & GNUTLS_CERT_INVALID) { fprintf (outfile, "Not verified"); - comma = 1; } else { fprintf (outfile, "Verified"); - comma = 1; } if (verify_status & GNUTLS_CERT_SIGNER_NOT_CA) { - if (comma) - fprintf (outfile, ", "); + fprintf (outfile, ", "); fprintf (outfile, "Issuer is not a CA"); - comma = 1; } if (verify_status & GNUTLS_CERT_INSECURE_ALGORITHM) { - if (comma) - fprintf (outfile, ", "); + fprintf (outfile, ", "); fprintf (outfile, "Insecure algorithm"); - comma = 1; } fprintf (outfile, ".\n"); diff --git a/src/cfg/cfg+.c b/src/cfg/cfg+.c index db019114c6..1fe611ec6b 100644 --- a/src/cfg/cfg+.c +++ b/src/cfg/cfg+.c @@ -72,7 +72,7 @@ cfg_get_context(options) for (i = 0; i < CFG_N_PROPS; i++) { con->prop[i] = PLATON_FUNC(strdyn_create_ar)(cfg_default_properties[i]); if (con->prop[i] == NULL) { - /* TODO: possible freeing on failure */ + cfg_free_context(con); return NULL; } } diff --git a/src/cfg/platon/str/strdyn.c b/src/cfg/platon/str/strdyn.c index cc57672b59..34c0247b0d 100644 --- a/src/cfg/platon/str/strdyn.c +++ b/src/cfg/platon/str/strdyn.c @@ -316,15 +316,19 @@ PLATON_FUNC(strdyn_explode_str)(str, sep) s_size = strstr(s, sep) - s; - if ((ar[i] = (char*) malloc((s_size + 1) * sizeof(char))) == NULL) + if ((ar[i] = (char*) malloc((s_size + 1) * sizeof(char))) == NULL) { + PLATON_FUNC(strdyn_free)(ar); return NULL; + } strncpy(ar[i], s, s_size); ar[i][s_size] = '\0'; } - if ((ar[ar_size] = strdup(s)) == NULL) + if ((ar[ar_size] = strdup(s)) == NULL) { + PLATON_FUNC(strdyn_free)(ar); return NULL; + } ar[ar_size + 1] = NULL; diff --git a/src/serv.c b/src/serv.c index a8eb8fa513..7cee7c3836 100644 --- a/src/serv.c +++ b/src/serv.c @@ -500,7 +500,10 @@ peer_print_info (gnutls_session_t session, int *ret_length, http_buffer = malloc (len); if (http_buffer == NULL) - return NULL; + { + free(crtinfo); + return NULL; + } strcpy (http_buffer, HTTP_BEGIN); @@ -617,6 +620,7 @@ peer_print_info (gnutls_session_t session, int *ret_length, strcat (http_buffer, "<hr><PRE>"); strcat (http_buffer, crtinfo); strcat (http_buffer, "\n</PRE>\n"); + free(crtinfo); } strcat (http_buffer, "<hr><P>Your HTTP header was:<PRE>"); |