diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/auth_srp.c | 13 | ||||
| -rw-r--r-- | lib/auth_srp.h | 2 | ||||
| -rw-r--r-- | lib/auth_srp_passwd.c | 1 | ||||
| -rw-r--r-- | lib/ext_cert_type.c | 22 | ||||
| -rw-r--r-- | lib/ext_cert_type.h | 2 | ||||
| -rw-r--r-- | lib/ext_max_record.c | 19 | ||||
| -rw-r--r-- | lib/ext_max_record.h | 2 | ||||
| -rw-r--r-- | lib/ext_srp.c | 16 | ||||
| -rw-r--r-- | lib/ext_srp.h | 2 | ||||
| -rw-r--r-- | lib/gnutls_extensions.c | 10 | ||||
| -rw-r--r-- | lib/gnutls_srp.c | 22 |
11 files changed, 69 insertions, 42 deletions
diff --git a/lib/auth_srp.c b/lib/auth_srp.c index eb8e217f55..1862ca1fdb 100644 --- a/lib/auth_srp.c +++ b/lib/auth_srp.c @@ -69,8 +69,10 @@ MOD_AUTH_STRUCT srp_auth_struct = { #define V state->gnutls_key->x #define S state->gnutls_key->KEY -/* Send the first key exchange message ( g, n, s) and append the verifier algorithm number */ -int gen_srp_server_hello(GNUTLS_STATE state, opaque ** data) +/* Send the first key exchange message ( g, n, s) and append the verifier algorithm number + * Data is allocated by the called, and should have data_size size. + */ +int gen_srp_server_hello(GNUTLS_STATE state, opaque * data, int data_size) { size_t n_g, n_n, n_s; size_t ret; @@ -128,13 +130,12 @@ int gen_srp_server_hello(GNUTLS_STATE state, opaque ** data) gcry_mpi_set(N, pwd_entry->n); gcry_mpi_set(V, pwd_entry->v); - (*data) = gnutls_malloc(n_n + n_g + pwd_entry->salt_size + 6 + 1); - if ((*data)==NULL) { + if (data_size < n_n + n_g + pwd_entry->salt_size + 6 + 1) { gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + return GNUTLS_E_INVALID_REQUEST; } - data_g = (*data); + data_g = data; /* firstly copy the algorithm used to generate the verifier */ diff --git a/lib/auth_srp.h b/lib/auth_srp.h index 951ca62857..655ba58bb1 100644 --- a/lib/auth_srp.h +++ b/lib/auth_srp.h @@ -23,7 +23,7 @@ typedef struct SRP_SERVER_AUTH_INFO_INT { } *SRP_SERVER_AUTH_INFO; int proc_srp_server_hello(GNUTLS_STATE state, const opaque * data, int data_size); -int gen_srp_server_hello(GNUTLS_STATE state, opaque ** data); +int gen_srp_server_hello(GNUTLS_STATE state, opaque * data, int data_size); typedef struct SRP_SERVER_AUTH_INFO_INT SRP_SERVER_AUTH_INFO_INT; diff --git a/lib/auth_srp_passwd.c b/lib/auth_srp_passwd.c index 97fe1ce207..58f6d98770 100644 --- a/lib/auth_srp_passwd.c +++ b/lib/auth_srp_passwd.c @@ -215,7 +215,6 @@ static int pwd_read_conf( const char* pconf_file, GNUTLS_SRP_PWD_ENTRY* entry, i fd = fopen( pconf_file, "r"); if (fd==NULL) { gnutls_assert(); - gnutls_free(entry); return GNUTLS_E_FILE_ERROR; } diff --git a/lib/ext_cert_type.c b/lib/ext_cert_type.c index 9966c6ed22..5bf5621419 100644 --- a/lib/ext_cert_type.c +++ b/lib/ext_cert_type.c @@ -102,7 +102,7 @@ int _gnutls_cert_type_recv_params( GNUTLS_STATE state, const opaque* data, int d /* returns data_size or a negative number on failure * data is allocated localy */ -int _gnutls_cert_type_send_params( GNUTLS_STATE state, opaque** data) { +int _gnutls_cert_type_send_params( GNUTLS_STATE state, opaque* data, int data_size) { uint16 len, i; /* this function sends the client extension data (dnsname) */ @@ -118,15 +118,16 @@ int _gnutls_cert_type_send_params( GNUTLS_STATE state, opaque** data) { /* We don't use this extension if X.509 certificates * are used. */ - *data=NULL; return 0; } - (*data) = gnutls_malloc(len); - if (*data==NULL) return GNUTLS_E_MEMORY_ERROR; - + if (data_size < len) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + for (i=0;i<len;i++) { - (*data)[i] = _gnutls_cert_type2num( state->gnutls_internals. + data[i] = _gnutls_cert_type2num( state->gnutls_internals. cert_type_priority.algorithm_priority[i]); } return len; @@ -136,17 +137,18 @@ int _gnutls_cert_type_send_params( GNUTLS_STATE state, opaque** data) { if ( state->security_parameters.cert_type != DEFAULT_CERT_TYPE) { len = 1; - (*data) = gnutls_malloc(len); - if (*data==NULL) return GNUTLS_E_MEMORY_ERROR; + if (data_size < len) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - (*data)[0] = _gnutls_cert_type2num( state->security_parameters.cert_type); + data[0] = _gnutls_cert_type2num( state->security_parameters.cert_type); return len; } } - *data = NULL; return 0; } diff --git a/lib/ext_cert_type.h b/lib/ext_cert_type.h index 4d66406801..e8d341b275 100644 --- a/lib/ext_cert_type.h +++ b/lib/ext_cert_type.h @@ -4,4 +4,4 @@ int _gnutls_num2cert_type( int num); int _gnutls_cert_type2num( int record_size); int _gnutls_cert_type_recv_params( GNUTLS_STATE state, const opaque* data, int data_size); -int _gnutls_cert_type_send_params( GNUTLS_STATE state, opaque** data); +int _gnutls_cert_type_send_params( GNUTLS_STATE state, opaque* data, int); diff --git a/lib/ext_max_record.c b/lib/ext_max_record.c index 1ffef22004..96ba5f09ef 100644 --- a/lib/ext_max_record.c +++ b/lib/ext_max_record.c @@ -80,7 +80,7 @@ int _gnutls_max_record_recv_params( GNUTLS_STATE state, const opaque* data, int /* returns data_size or a negative number on failure * data is allocated localy */ -int _gnutls_max_record_send_params( GNUTLS_STATE state, opaque** data) { +int _gnutls_max_record_send_params( GNUTLS_STATE state, opaque* data, int data_size) { uint16 len; /* this function sends the client extension data (dnsname) */ if (state->security_parameters.entity == GNUTLS_CLIENT) { @@ -89,10 +89,12 @@ int _gnutls_max_record_send_params( GNUTLS_STATE state, opaque** data) { gnutls_assert(); len = 1; - (*data) = gnutls_malloc(len); /* hold the size and the type also */ - if (*data==NULL) return GNUTLS_E_MEMORY_ERROR; + if (data_size < len) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - (*data)[0] = _gnutls_mre_record2num( state->gnutls_internals.proposed_record_size); + data[0] = _gnutls_mre_record2num( state->gnutls_internals.proposed_record_size); return len; } @@ -100,17 +102,18 @@ int _gnutls_max_record_send_params( GNUTLS_STATE state, opaque** data) { if (state->security_parameters.max_record_size != DEFAULT_MAX_RECORD_SIZE) { len = 1; - (*data) = gnutls_malloc(len); - if (*data==NULL) return GNUTLS_E_MEMORY_ERROR; + if (data_size < len) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - (*data)[0] = _gnutls_mre_record2num( state->security_parameters.max_record_size); + data[0] = _gnutls_mre_record2num( state->security_parameters.max_record_size); return len; } } - *data = NULL; return 0; } diff --git a/lib/ext_max_record.h b/lib/ext_max_record.h index 47f72485af..c6243304c0 100644 --- a/lib/ext_max_record.h +++ b/lib/ext_max_record.h @@ -4,4 +4,4 @@ int _gnutls_mre_num2record( int num); int _gnutls_mre_record2num( int record_size); int _gnutls_max_record_recv_params( GNUTLS_STATE state, const opaque* data, int data_size); -int _gnutls_max_record_send_params( GNUTLS_STATE state, opaque** data); +int _gnutls_max_record_send_params( GNUTLS_STATE state, opaque* data, int); diff --git a/lib/ext_srp.c b/lib/ext_srp.c index 92d9c6e635..c04d5ced44 100644 --- a/lib/ext_srp.c +++ b/lib/ext_srp.c @@ -64,7 +64,7 @@ int _gnutls_srp_recv_params( GNUTLS_STATE state, const opaque* data, int data_si /* returns data_size or a negative number on failure * data is allocated localy */ -int _gnutls_srp_send_params( GNUTLS_STATE state, opaque** data) { +int _gnutls_srp_send_params( GNUTLS_STATE state, opaque* data, int data_size) { uint8 len; if (_gnutls_kx_priority( state, GNUTLS_KX_SRP) < 0) { @@ -77,17 +77,17 @@ int _gnutls_srp_send_params( GNUTLS_STATE state, opaque** data) { if (state->security_parameters.entity == GNUTLS_CLIENT) { const GNUTLS_SRP_CLIENT_CREDENTIALS cred = _gnutls_get_cred( state->gnutls_key, GNUTLS_CRD_SRP, NULL); - (*data) = NULL; - if (cred==NULL) return 0; if (cred->username!=NULL) { /* send username */ len = strlen(cred->username); - (*data) = gnutls_malloc(len+1); /* hold the size also */ - if (*data==NULL) return GNUTLS_E_MEMORY_ERROR; + if (data_size < len+1) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - (*data)[0] = len; - memcpy( &(*data)[1], cred->username, len); + data[0] = len; + memcpy( &data[1], cred->username, len); return len + 1; } } else { /* SERVER SIDE sending (g,n,s) */ @@ -101,7 +101,7 @@ int _gnutls_srp_send_params( GNUTLS_STATE state, opaque** data) { return 0; /* no data to send */ if (state->gnutls_internals.resumed==RESUME_FALSE) - return gen_srp_server_hello( state, data); + return gen_srp_server_hello( state, data, data_size); else return 0; } diff --git a/lib/ext_srp.h b/lib/ext_srp.h index d0fc3d40f1..ae3158a693 100644 --- a/lib/ext_srp.h +++ b/lib/ext_srp.h @@ -1,6 +1,6 @@ #ifdef ENABLE_SRP int _gnutls_srp_recv_params( GNUTLS_STATE state, const opaque* data, int data_size); -int _gnutls_srp_send_params( GNUTLS_STATE state, opaque** data); +int _gnutls_srp_send_params( GNUTLS_STATE state, opaque* data, int); #endif diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c index b0316bc4eb..5311a25e65 100644 --- a/lib/gnutls_extensions.c +++ b/lib/gnutls_extensions.c @@ -34,7 +34,7 @@ typedef struct { char *name; uint16 type; int (*gnutls_ext_func_recv)( GNUTLS_STATE, const opaque*, int); /* recv data */ - int (*gnutls_ext_func_send)( GNUTLS_STATE, opaque**); /* send data */ + int (*gnutls_ext_func_send)( GNUTLS_STATE, opaque*, int); /* send data */ } gnutls_extension_entry; static gnutls_extension_entry extensions[] = { @@ -176,8 +176,9 @@ static void _gnutls_extension_list_add( GNUTLS_STATE state, uint8 type) { int _gnutls_gen_extensions( GNUTLS_STATE state, opaque** data) { int next, size; uint16 pos=0; -opaque* sdata; -int (*ext_func_send)( GNUTLS_STATE, opaque**); +opaque sdata[1024]; +int sdata_size = sizeof(sdata); +int (*ext_func_send)( GNUTLS_STATE, opaque*, int); (*data) = gnutls_malloc(2); /* allocate size for size */ @@ -193,7 +194,7 @@ int (*ext_func_send)( GNUTLS_STATE, opaque**); next--; ext_func_send = _gnutls_ext_func_send(next); if (ext_func_send == NULL) continue; - size = ext_func_send( state, &sdata); + size = ext_func_send( state, sdata, sdata_size); if (size > 0) { (*data) = gnutls_realloc( (*data), pos+size+4); @@ -212,7 +213,6 @@ int (*ext_func_send)( GNUTLS_STATE, opaque**); memcpy( &(*data)[pos], sdata, size); pos+=size; - gnutls_free(sdata); /* add this extension to the extension list */ diff --git a/lib/gnutls_srp.c b/lib/gnutls_srp.c index 0aa59b958f..41e42dfe53 100644 --- a/lib/gnutls_srp.c +++ b/lib/gnutls_srp.c @@ -403,6 +403,17 @@ int gnutls_srp_allocate_server_sc( GNUTLS_SRP_SERVER_CREDENTIALS *sc) { return 0; } +inline +static int file_exists( const char* file) { +FILE* fd; + + fd = fopen( file, "r"); + if (fd==NULL) return -1; + + fclose(fd); + return 0; +} + /** * gnutls_srp_set_server_cred_file - Used to set the password files, in a GNUTLS_SRP_SERVER_CREDENTIALS structure * @res: is an &GNUTLS_SRP_SERVER_CREDENTIALS structure. @@ -417,6 +428,17 @@ int i; gnutls_assert(); return GNUTLS_E_INVALID_PARAMETERS; } + + /* Check if the files can be opened */ + if (file_exists( password_file)!=0) { + gnutls_assert(); + return GNUTLS_E_FILE_ERROR; + } + + if (file_exists( password_conf_file)!=0) { + gnutls_assert(); + return GNUTLS_E_FILE_ERROR; + } res->password_file = gnutls_realloc( res->password_file, sizeof(char*)*(res->password_files+1)); |