summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lib/ext/status_request.c68
1 files changed, 16 insertions, 52 deletions
diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c
index 049d852e35..e16b15c379 100644
--- a/lib/ext/status_request.c
+++ b/lib/ext/status_request.c
@@ -1,6 +1,6 @@
/*
- * Copyright (C) 2012-2016 Free Software Foundation, Inc.
- * Copyright (C) 2016 Red Hat, Inc.
+ * Copyright (C) 2012-2017 Free Software Foundation, Inc.
+ * Copyright (C) 2017 Red Hat, Inc.
*
* Author: Simon Josefsson, Nikos Mavrogiannopoulos
*
@@ -67,21 +67,6 @@ typedef struct {
opaque Extensions<0..2^16-1>;
*/
-static void deinit_responder_id(status_request_ext_st *priv)
-{
- unsigned i;
-
- if (priv->responder_id == NULL)
- return;
-
- for (i = 0; i < priv->responder_id_size; i++)
- gnutls_free(priv->responder_id[i].data);
-
- gnutls_free(priv->responder_id);
- priv->responder_id = NULL;
- priv->responder_id_size = 0;
-}
-
static int
client_send(gnutls_session_t session,
@@ -136,9 +121,8 @@ server_recv(gnutls_session_t session,
status_request_ext_st * priv,
const uint8_t * data, size_t size)
{
- size_t i;
ssize_t data_size = size;
- unsigned responder_ids = 0;
+ unsigned rid_bytes = 0;
/* minimum message is type (1) + responder_id_list (2) +
request_extension (2) = 5 */
@@ -157,44 +141,17 @@ server_recv(gnutls_session_t session,
DECR_LEN(data_size, 1);
data++;
- responder_ids = _gnutls_read_uint16(data);
+ rid_bytes = _gnutls_read_uint16(data);
DECR_LEN(data_size, 2);
- data += 2;
+ /*data += 2;*/
- if (data_size <= (ssize_t) (responder_ids * 2))
+ /* sanity check only, we don't use any of the data below */
+
+ if (data_size < (ssize_t)rid_bytes)
return
gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
- deinit_responder_id(priv);
-
- priv->responder_id = gnutls_calloc(1, responder_ids
- * sizeof(*priv->responder_id));
- if (priv->responder_id == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- priv->responder_id_size = responder_ids;
-
- for (i = 0; i < priv->responder_id_size; i++) {
- size_t l;
-
- DECR_LEN(data_size, 2);
-
- l = _gnutls_read_uint16(data);
- data += 2;
-
- DECR_LEN(data_size, l);
-
- priv->responder_id[i].data = gnutls_malloc(l);
- if (priv->responder_id[i].data == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- memcpy(priv->responder_id[i].data, data, l);
- priv->responder_id[i].size = l;
-
- data += l;
- }
-
return 0;
}
@@ -557,11 +514,18 @@ gnutls_certificate_set_ocsp_status_request_file
static void _gnutls_status_request_deinit_data(extension_priv_data_t epriv)
{
status_request_ext_st *priv = epriv;
+ unsigned i;
if (priv == NULL)
return;
- deinit_responder_id(priv);
+ if (priv->responder_id != NULL) {
+ for (i = 0; i < priv->responder_id_size; i++)
+ gnutls_free(priv->responder_id[i].data);
+
+ gnutls_free(priv->responder_id);
+ }
+
gnutls_free(priv->request_extensions.data);
gnutls_free(priv->response.data);
gnutls_free(priv);
View Lorry Controller Status