diff options
-rw-r--r-- | configure.ac | 14 | ||||
m--------- | gnulib | 0 | ||||
-rw-r--r-- | lib/alert.c | 20 | ||||
-rw-r--r-- | lib/str-idna.c | 8 |
4 files changed, 28 insertions, 14 deletions
diff --git a/configure.ac b/configure.ac index e81ff89709..c21660c3f3 100644 --- a/configure.ac +++ b/configure.ac @@ -365,17 +365,17 @@ AC_ARG_WITH(included-unistring, AS_HELP_STRING([--with-included-unistring], if test "$included_unistring" = yes;then ac_have_unistring=no else - AC_LIB_HAVE_LINKFLAGS(unistring,, [#include <uninorm.h>], [u8_normalize(0, 0, 0, 0, 0);]) - - if test "$HAVE_LIBUNISTRING" = "yes";then + AC_SEARCH_LIBS(u8_normalize, unistring, [ included_unistring=no ac_have_unistring=yes - else - AC_MSG_ERROR([[ + AC_SUBST([LIBUNISTRING], [$ac_cv_search_u8_normalize]) + ], [ + ac_cv_libunistring=no + AC_MSG_ERROR([[ *** *** Libunistring was not found. To use the included one, use --with-included-unistring - ]]) - fi + ]]) + ]) fi AM_CONDITIONAL(HAVE_LIBUNISTRING, test "$ac_have_unistring" = "yes") diff --git a/gnulib b/gnulib -Subproject 4652c7bafa60332145f1e05a7de5f48e1bc5622 +Subproject 6c0f109fb98501fc8d65ea2c83501b45a80b00a diff --git a/lib/alert.c b/lib/alert.c index a7770da676..15f5183430 100644 --- a/lib/alert.c +++ b/lib/alert.c @@ -184,7 +184,7 @@ gnutls_alert_send(gnutls_session_t session, gnutls_alert_level_t level, * renegotiation will be performed. * * If there is no mapping to a valid alert the alert to indicate - * internal error is returned. + * internal error (%GNUTLS_A_INTERNAL_ERROR) is returned. * * Returns: the alert code to use for a particular error code. **/ @@ -257,6 +257,8 @@ int gnutls_error_to_alert(int err, int *level) case GNUTLS_E_UNKNOWN_PK_ALGORITHM: case GNUTLS_E_UNWANTED_ALGORITHM: case GNUTLS_E_NO_COMMON_KEY_SHARE: + case GNUTLS_E_ECC_NO_SUPPORTED_CURVES: + case GNUTLS_E_ECC_UNSUPPORTED_CURVE: ret = GNUTLS_A_HANDSHAKE_FAILURE; _level = GNUTLS_AL_FATAL; break; @@ -338,7 +340,7 @@ int gnutls_error_to_alert(int err, int *level) /** * gnutls_alert_send_appropriate: * @session: is a #gnutls_session_t type. - * @err: is an integer + * @err: is an error code returned by another GnuTLS function * * Sends an alert to the peer depending on the error code returned by * a gnutls function. This function will call gnutls_error_to_alert() @@ -347,8 +349,11 @@ int gnutls_error_to_alert(int err, int *level) * This function may also return %GNUTLS_E_AGAIN, or * %GNUTLS_E_INTERRUPTED. * - * If the return value is %GNUTLS_E_INVALID_REQUEST, then no alert has - * been sent to the peer. + * This function historically was always sending an alert to the + * peer, even if @err was inappropriate to respond with an alert + * (e.g., %GNUTLS_E_SUCCESS). Since 3.6.6 this function returns + * success without transmitting any data on error codes that + * should not result to an alert. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise * an error code is returned. @@ -358,10 +363,11 @@ int gnutls_alert_send_appropriate(gnutls_session_t session, int err) int alert; int level; + if (err != GNUTLS_E_REHANDSHAKE && (!gnutls_error_is_fatal(err) || + err == GNUTLS_E_FATAL_ALERT_RECEIVED)) + return gnutls_assert_val(0); + alert = gnutls_error_to_alert(err, &level); - if (alert < 0) { - return alert; - } return gnutls_alert_send(session, (gnutls_alert_level_t)level, alert); } diff --git a/lib/str-idna.c b/lib/str-idna.c index 30a09407c0..4f275aebfb 100644 --- a/lib/str-idna.c +++ b/lib/str-idna.c @@ -81,6 +81,14 @@ int gnutls_idna_map(const char *input, unsigned ilen, gnutls_datum_t *out, unsig idn2_tflags |= IDN2_TRANSITIONAL; #endif + /* This avoids excessive CPU usage with libidn2 < 2.1.1 */ + if (ilen > 2048) { + gnutls_assert(); + _gnutls_debug_log("unable to convert name '%.*s' to IDNA format: %s\n", + (int) ilen, input, idn2_strerror(IDN2_TOO_BIG_DOMAIN)); + return GNUTLS_E_INVALID_UTF8_STRING; + } + if (ilen == 0) { out->data = (uint8_t*)gnutls_strdup(""); out->size = 0; |