diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/auth_cert.c | 23 | ||||
-rw-r--r-- | lib/auth_cert.h | 2 | ||||
-rw-r--r-- | lib/auth_dh_common.c | 5 | ||||
-rw-r--r-- | lib/auth_rsa_export.c | 4 | ||||
-rw-r--r-- | lib/dh_compat.c | 1 | ||||
-rw-r--r-- | lib/gnutls_algorithms.c | 32 | ||||
-rw-r--r-- | lib/gnutls_anon_cred.c | 4 | ||||
-rw-r--r-- | lib/gnutls_auth.c | 2 | ||||
-rw-r--r-- | lib/gnutls_cert.c | 4 | ||||
-rw-r--r-- | lib/gnutls_compress_int.c | 19 | ||||
-rw-r--r-- | lib/gnutls_dh_primes.c | 2 | ||||
-rw-r--r-- | lib/gnutls_errors.c | 2 | ||||
-rw-r--r-- | lib/gnutls_extensions.c | 2 | ||||
-rw-r--r-- | lib/gnutls_global.c | 34 | ||||
-rw-r--r-- | lib/gnutls_handshake.c | 18 | ||||
-rw-r--r-- | lib/gnutls_hash_int.c | 4 | ||||
-rw-r--r-- | lib/gnutls_mem.c | 11 | ||||
-rw-r--r-- | lib/gnutls_num.c | 3 | ||||
-rw-r--r-- | lib/gnutls_pk.c | 8 | ||||
-rw-r--r-- | lib/gnutls_record.c | 2 | ||||
-rw-r--r-- | lib/gnutls_state.c | 11 | ||||
-rw-r--r-- | lib/gnutls_x509.c | 2 | ||||
-rw-r--r-- | lib/io_debug.h | 2 | ||||
-rw-r--r-- | lib/x509/compat.c | 2 | ||||
-rw-r--r-- | lib/x509/verify.c | 6 |
25 files changed, 100 insertions, 105 deletions
diff --git a/lib/auth_cert.c b/lib/auth_cert.c index 1163c0c326..d0bef0f2cb 100644 --- a/lib/auth_cert.c +++ b/lib/auth_cert.c @@ -1213,7 +1213,7 @@ int _gnutls_gen_cert_server_cert_req(gnutls_session session, if (session->security_parameters.cert_type == GNUTLS_CRT_X509 && session->internals.ignore_rdn_sequence == 0) { _gnutls_write_datum16(pdata, cred->x509_rdn_sequence); - pdata += cred->x509_rdn_sequence.size + 2; + /* pdata += cred->x509_rdn_sequence.size + 2; */ } return size; @@ -1333,10 +1333,9 @@ static int _gnutls_server_find_cert_list_index(gnutls_session session, requested_algo) { uint i, j; - int index = -1; + int index; const gnutls_certificate_credentials cred; int my_certs_length; - int *ij_map = NULL; cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL); @@ -1365,17 +1364,19 @@ static int _gnutls_server_find_cert_list_index(gnutls_session session, if (session->internals.server_cert_callback != NULL && cred->ncerts > 0) { /* use the callback to get certificate */ - gnutls_datum *my_certs = NULL; + gnutls_datum *my_certs; + int *ij_map; + my_certs_length = cred->ncerts; my_certs = - gnutls_malloc(cred->ncerts * sizeof(gnutls_datum)); + gnutls_malloc(my_certs_length * sizeof(gnutls_datum)); if (my_certs == NULL) - goto clear; - my_certs_length = cred->ncerts; + goto out; /* put our certificate's issuer and dn into cdn, idn */ - ij_map = gnutls_malloc(sizeof(int) * cred->ncerts); + ij_map = gnutls_malloc(my_certs_length * sizeof(int)); + if (ij_map == NULL) goto cleanup_certs; j = 0; for (i = 0; i < cred->ncerts; i++) { @@ -1405,11 +1406,13 @@ static int _gnutls_server_find_cert_list_index(gnutls_session session, if (index != -1) index = ij_map[index]; - clear: - gnutls_free(my_certs); gnutls_free(ij_map); + cleanup_certs: + gnutls_free(my_certs); + } + out: /* store the index for future use, in the handshake. * (This will allow not calling this callback again.) */ diff --git a/lib/auth_cert.h b/lib/auth_cert.h index a667aa394e..a9760ab0ec 100644 --- a/lib/auth_cert.h +++ b/lib/auth_cert.h @@ -4,7 +4,7 @@ # include "gnutls_auth.h" # include "x509/x509.h" -/* This structure may be complex but, it's the only way to +/* This structure may be complex, but it's the only way to * support a server that has multiple certificates */ typedef struct { diff --git a/lib/auth_dh_common.c b/lib/auth_dh_common.c index ddb61b7176..287c5c4191 100644 --- a/lib/auth_dh_common.c +++ b/lib/auth_dh_common.c @@ -127,6 +127,7 @@ int _gnutls_gen_dh_common_client_kx(gnutls_session session, opaque ** data) _gnutls_mpi_release(&x); if (session->key->KEY == NULL) { gnutls_assert(); + gnutls_free(*data); *data = NULL; return GNUTLS_E_MEMORY_ERROR; } @@ -134,6 +135,8 @@ int _gnutls_gen_dh_common_client_kx(gnutls_session session, opaque ** data) session->key->client_Y)); if (ret<0) { gnutls_assert(); + failed: + gnutls_free(*data); *data = NULL; return ret; } @@ -147,7 +150,7 @@ int _gnutls_gen_dh_common_client_kx(gnutls_session session, opaque ** data) _gnutls_mpi_release(&session->key->KEY); if (ret < 0) { - return ret; + goto failed; } return n_X + 2; diff --git a/lib/auth_rsa_export.c b/lib/auth_rsa_export.c index 8c4e4ca8a1..66d4f25280 100644 --- a/lib/auth_rsa_export.c +++ b/lib/auth_rsa_export.c @@ -152,7 +152,7 @@ static int gen_rsa_export_server_kx(gnutls_session session, opaque ** data) apr_pkey, &ddata, &signature)) < 0) { gnutls_assert(); - gnutls_free(*data); + gnutls_free(*data); *data = NULL; return ret; } } else { @@ -219,6 +219,7 @@ CERTIFICATE_AUTH_INFO info = _gnutls_get_auth_info( session); if (peer_cert.subject_pk_algorithm != GNUTLS_PK_RSA) { gnutls_assert(); + _gnutls_free_cert( &peer_cert); return 0; } @@ -349,7 +350,6 @@ static int proc_rsa_export_server_kx(gnutls_session session, opaque * data, _gnutls_free_cert( &peer_cert); if (ret < 0) { gnutls_assert(); - return ret; } return ret; diff --git a/lib/dh_compat.c b/lib/dh_compat.c index f1bec80adf..30c25ba428 100644 --- a/lib/dh_compat.c +++ b/lib/dh_compat.c @@ -125,6 +125,7 @@ int gnutls_dh_params_generate(gnutls_datum * prime, prime->data = gnutls_malloc(siz); if (prime->data == NULL) { gnutls_free(generator->data); + generator->data = NULL; generator->size = 0; _gnutls_mpi_release(&tmp_g); _gnutls_mpi_release(&tmp_prime); return GNUTLS_E_MEMORY_ERROR; diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index cb316c51fb..ecbe4c5a65 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -85,7 +85,7 @@ static const gnutls_pk_map pk_mappings[] = { #define GNUTLS_PK_MAP_LOOP(b) \ const gnutls_pk_map *p; \ - for(p = pk_mappings; p->kx_algorithm != 0; p++) { b ; } + for(p = pk_mappings; p->kx_algorithm != 0; p++) { b } #define GNUTLS_PK_MAP_ALG_LOOP(a) \ GNUTLS_PK_MAP_LOOP( if(p->kx_algorithm == kx_algorithm) { a; break; }) @@ -1183,25 +1183,22 @@ _gnutls_supported_ciphersuites(gnutls_session session, GNUTLS_CipherSuite* ciphers; gnutls_protocol_version version; - *_ciphers = NULL; - if (count == 0) { return 0; } - version = gnutls_protocol_get_version( session); - tmp_ciphers = gnutls_alloca(count * sizeof(GNUTLS_CipherSuite)); if ( tmp_ciphers==NULL) return GNUTLS_E_MEMORY_ERROR; ciphers = gnutls_malloc(count * sizeof(GNUTLS_CipherSuite)); - if ( ciphers==NULL) { gnutls_afree( tmp_ciphers); return GNUTLS_E_MEMORY_ERROR; } + version = gnutls_protocol_get_version( session); + for (i = 0; i < count; i++) { memcpy( &tmp_ciphers[i], &cs_algorithms[i].id, sizeof( GNUTLS_CipherSuite)); } @@ -1252,12 +1249,7 @@ _gnutls_supported_ciphersuites(gnutls_session session, } } #endif - if (ret_count == 0) { - gnutls_free(ciphers); - ciphers = NULL; - } - *_ciphers = ciphers; gnutls_afree(tmp_ciphers); /* This function can no longer return 0 cipher suites. @@ -1265,9 +1257,10 @@ _gnutls_supported_ciphersuites(gnutls_session session, */ if (ret_count == 0) { gnutls_assert(); - gnutls_free( ciphers); + gnutls_free(ciphers); return GNUTLS_E_NO_CIPHER_SUITES; } + *_ciphers = ciphers; return ret_count; } @@ -1282,15 +1275,14 @@ _gnutls_supported_ciphersuites(gnutls_session session, int _gnutls_supported_compression_methods(gnutls_session session, uint8 ** comp) { - unsigned int i, j=0; - int tmp; + unsigned int i, j; *comp = gnutls_malloc( sizeof(uint8) * SUPPORTED_COMPRESSION_METHODS); if (*comp == NULL) return GNUTLS_E_MEMORY_ERROR; - for (i = 0; i < SUPPORTED_COMPRESSION_METHODS; i++) { - tmp = _gnutls_compression_get_num(session->internals. + for (i = j = 0; i < SUPPORTED_COMPRESSION_METHODS; i++) { + int tmp = _gnutls_compression_get_num(session->internals. compression_method_priority. priority[i]); @@ -1309,7 +1301,7 @@ _gnutls_supported_compression_methods(gnutls_session session, uint8 ** comp) if (j==0) { gnutls_assert(); - gnutls_free( *comp); + gnutls_free( *comp); *comp = NULL; return GNUTLS_E_NO_COMPRESSION_ALGORITHMS; } return j; @@ -1319,7 +1311,7 @@ _gnutls_supported_compression_methods(gnutls_session session, uint8 ** comp) * gnutls_certificate_type_get_name - Returns a string with the name of the specified certificate type * @type: is a certificate type * - * Returns a string that contains the name + * Returns a string (or NULL) that contains the name * of the specified certificate type. **/ const char *gnutls_certificate_type_get_name( gnutls_certificate_type type) @@ -1339,7 +1331,7 @@ gnutls_pk_algorithm _gnutls_map_pk_get_pk(gnutls_kx_algorithm kx_algorithm) { gnutls_pk_algorithm ret = -1; - GNUTLS_PK_MAP_ALG_LOOP(ret = p->pk_algorithm); + GNUTLS_PK_MAP_ALG_LOOP(ret = p->pk_algorithm) return ret; } @@ -1351,7 +1343,7 @@ gnutls_pk_algorithm _gnutls_map_pk_get_pk(gnutls_kx_algorithm kx_algorithm) enum encipher_type _gnutls_kx_encipher_type(gnutls_kx_algorithm kx_algorithm) { int ret = CIPHER_IGN; - GNUTLS_PK_MAP_ALG_LOOP(ret = p->encipher_type); + GNUTLS_PK_MAP_ALG_LOOP(ret = p->encipher_type) return ret; } diff --git a/lib/gnutls_anon_cred.c b/lib/gnutls_anon_cred.c index 7c3910e7c8..a52c64c737 100644 --- a/lib/gnutls_anon_cred.c +++ b/lib/gnutls_anon_cred.c @@ -19,10 +19,10 @@ * */ -#ifdef ENABLE_ANON - #include "gnutls_int.h" +#ifdef ENABLE_ANON + #include "gnutls_errors.h" #include "auth_anon.h" #include "gnutls_auth_int.h" diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c index 05dddc6199..2c5bef6f9a 100644 --- a/lib/gnutls_auth.c +++ b/lib/gnutls_auth.c @@ -208,7 +208,7 @@ void* _gnutls_get_auth_info( gnutls_session session) { * _gnutls_free_auth_info - Frees the auth info structure * @session: is a &gnutls_session structure. * - * this function frees the auth info structure and sets it to + * This function frees the auth info structure and sets it to * null. It must be called since some structures contain malloced * elements. -*/ diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index c99b67cb25..32ffc4d8d5 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -295,7 +295,7 @@ OPENPGP_VERIFY_KEY_FUNC _E_gnutls_openpgp_verify_key = NULL; * _gnutls_openpgp_cert_verify_peers - This function returns the peer's certificate status * @session: is a gnutls session * - * This function will try to verify the peer's certificate and return it's status (TRUSTED, INVALID etc.). + * This function will try to verify the peer's certificate and return its status (TRUSTED, INVALID etc.). * Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent. * -*/ @@ -353,7 +353,7 @@ int _gnutls_openpgp_cert_verify_peers(gnutls_session session) * gnutls_certificate_verify_peers - This function returns the peer's certificate verification status * @session: is a gnutls session * - * This function will try to verify the peer's certificate and return it's status (trusted, invalid etc.). + * This function will try to verify the peer's certificate and return its status (trusted, invalid etc.). * However you must also check the peer's name in order to check if the verified certificate belongs to the * actual peer. * diff --git a/lib/gnutls_compress_int.c b/lib/gnutls_compress_int.c index e5a96bb192..216b7f328a 100644 --- a/lib/gnutls_compress_int.c +++ b/lib/gnutls_compress_int.c @@ -68,6 +68,8 @@ int err; ret->handle = gnutls_malloc( sizeof( z_stream)); if (ret->handle==NULL) { gnutls_assert(); + cleanup_ret: + gnutls_free(ret); return NULL; } @@ -87,8 +89,7 @@ int err; if (err!=Z_OK) { gnutls_assert(); gnutls_free( ret->handle); - gnutls_free( ret); - return NULL; + goto cleanup_ret; } break; } @@ -101,7 +102,7 @@ int err; if (ret->handle==NULL) { gnutls_assert(); - return NULL; + goto cleanup_ret; } } @@ -164,7 +165,7 @@ int err; if (err!=LZO_E_OK) { gnutls_assert(); - gnutls_free( *compressed); + gnutls_free( *compressed); *compressed = NULL; return GNUTLS_E_COMPRESSION_FAILED; } @@ -194,7 +195,7 @@ int err; if (err!=Z_OK || zhandle->avail_in != 0) { gnutls_assert(); - gnutls_free( *compressed); + gnutls_free( *compressed); *compressed = NULL; return GNUTLS_E_COMPRESSION_FAILED; } @@ -212,7 +213,7 @@ int err; #endif if ((size_t)compressed_size > max_comp_size) { - gnutls_free(*compressed); + gnutls_free(*compressed); *compressed = NULL; return GNUTLS_E_COMPRESSION_FAILED; } @@ -263,7 +264,7 @@ int cur_pos; if (err!=LZO_E_OK) { gnutls_assert(); - gnutls_free( *plain); + gnutls_free( *plain); *plain = NULL; return GNUTLS_E_DECOMPRESSION_FAILED; } @@ -307,7 +308,7 @@ int cur_pos; if (err!=Z_OK) { gnutls_assert(); - gnutls_free( *plain); + gnutls_free( *plain); *plain = NULL; return GNUTLS_E_DECOMPRESSION_FAILED; } @@ -322,7 +323,7 @@ int cur_pos; if ((size_t)plain_size > max_record_size) { gnutls_assert(); - gnutls_free( *plain); + gnutls_free( *plain); *plain = NULL; return GNUTLS_E_DECOMPRESSION_FAILED; } diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c index d5bedaafcb..e0932b16e2 100644 --- a/lib/gnutls_dh_primes.c +++ b/lib/gnutls_dh_primes.c @@ -498,7 +498,7 @@ int gnutls_dh_params_export_raw(gnutls_dh_params params, prime->data = gnutls_malloc(size); if (prime->data == NULL) { - gnutls_free(generator->data); + gnutls_free(generator->data); generator->data = NULL; return GNUTLS_E_MEMORY_ERROR; } prime->size = size; diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c index d570bea753..349bd87fbc 100644 --- a/lib/gnutls_errors.c +++ b/lib/gnutls_errors.c @@ -158,7 +158,7 @@ static gnutls_error_entry error_algorithms[] = { * If a function returns a negative value you may feed that value * to this function to see if it is fatal. Returns 1 for a fatal * error 0 otherwise. However you may want to check the - * error code manualy, since some non-fatal errors to the protocol + * error code manually, since some non-fatal errors to the protocol * may be fatal for you (your program). * * This is only useful if you are dealing with errors from the diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c index 3525addf68..95a3e60863 100644 --- a/lib/gnutls_extensions.c +++ b/lib/gnutls_extensions.c @@ -213,7 +213,7 @@ int (*ext_func_send)( gnutls_session, opaque*, int); _gnutls_extension_list_add( session, next); } else if (size < 0) { gnutls_assert(); - gnutls_free(*data); + gnutls_free(*data); *data = NULL; return size; } diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c index df2642d658..0297e0d7da 100644 --- a/lib/gnutls_global.c +++ b/lib/gnutls_global.c @@ -154,21 +154,19 @@ static int _gnutls_init = 0; * Returns zero on success. * * Note that this function will also initialize libgcrypt, if it has not - * been initialized before. Thus if you want to manualy initialize libgcrypt + * been initialized before. Thus if you want to manually initialize libgcrypt * you must do it before calling this function. This is useful in cases you * want to disable libgcrypt's internal lockings etc. * **/ int gnutls_global_init( void) { - int result; + static int result = 0; + int res; + if (_gnutls_init) goto out; _gnutls_init++; - if (_gnutls_init!=1) { - return 0; - } - if (gcry_control( GCRYCTL_ANY_INITIALIZATION_P) == 0) { /* for gcrypt in order to be able to allocate memory */ gcry_set_allocation_handler(gnutls_malloc, gnutls_secure_malloc, _gnutls_is_secure_memory, gnutls_realloc, gnutls_free); @@ -188,7 +186,7 @@ int gnutls_global_init( void) result = _gnutls_register_rc2_cipher(); if (result < 0) { gnutls_assert(); - return result; + goto out; } /* set default recv/send functions @@ -202,18 +200,21 @@ int gnutls_global_init( void) * version. */ - result=asn1_array2tree( pkix_asn1_tab, &_gnutls_pkix1_asn, NULL); - if (result != ASN1_SUCCESS) { - return _gnutls_asn2err(result); + res=asn1_array2tree( pkix_asn1_tab, &_gnutls_pkix1_asn, NULL); + if (res != ASN1_SUCCESS) { + result = _gnutls_asn2err(res); + goto out; } - result=asn1_array2tree( gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL); - if (result != ASN1_SUCCESS) { + res=asn1_array2tree( gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL); + if (res != ASN1_SUCCESS) { asn1_delete_structure(&_gnutls_pkix1_asn); - return _gnutls_asn2err(result); + result = _gnutls_asn2err(res); + goto out; } - return 0; + out: + return result; } /** @@ -226,9 +227,8 @@ int gnutls_global_init( void) void gnutls_global_deinit( void) { - _gnutls_init--; - - if (_gnutls_init==0) { + if (_gnutls_init==1) { + _gnutls_init--; asn1_delete_structure(&_gnutls_gnutls_asn); asn1_delete_structure(&_gnutls_pkix1_asn); diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 7df65edcfc..c6303a7d5e 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -1006,9 +1006,6 @@ int _gnutls_recv_handshake(gnutls_session session, uint8 ** data, } } - - ret = GNUTLS_E_INTERNAL_ERROR; - if (data != NULL && length32 > 0) *data = dataptr; @@ -1035,6 +1032,7 @@ int _gnutls_recv_handshake(gnutls_session session, uint8 ** data, /* dataptr is freed because the caller does not * need it */ gnutls_free(dataptr); + if (data!=NULL) *data = NULL; break; case GNUTLS_SERVER_HELLO_DONE: if (length32==0) ret = 0; @@ -1417,11 +1415,11 @@ static int _gnutls_copy_comp_methods(gnutls_session session, */ static int _gnutls_send_client_hello(gnutls_session session, int again) { - opaque *data; + opaque *data = NULL; opaque *extdata = NULL; int extdatalen; int pos = 0; - int datalen, ret = 0; + int datalen = 0, ret = 0; opaque random[TLS_RANDOM_SIZE]; gnutls_protocol_version hver; @@ -1431,13 +1429,9 @@ static int _gnutls_send_client_hello(gnutls_session session, int again) session->internals.resumed_security_parameters. session_id_size; - if (SessionID == NULL || session_id_len == 0) { - session_id_len = 0; - SessionID = NULL; - } + if (SessionID == NULL) session_id_len = 0; + else if (session_id_len == 0) SessionID = NULL; - data = NULL; - datalen = 0; if (again == 0) { datalen = 2 + (session_id_len + 1) + TLS_RANDOM_SIZE; @@ -1576,7 +1570,6 @@ static int _gnutls_send_client_hello(gnutls_session session, int again) gnutls_free(extdata); } else if (extdatalen < 0) { gnutls_assert(); - gnutls_free(extdata); gnutls_free(data); return extdatalen; } @@ -1614,7 +1607,6 @@ static int _gnutls_send_server_hello(gnutls_session session, int again) if (extdatalen < 0) { gnutls_assert(); - gnutls_free(extdata); return extdatalen; } diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c index ebfb683b04..4f836108fb 100644 --- a/lib/gnutls_hash_int.c +++ b/lib/gnutls_hash_int.c @@ -57,7 +57,7 @@ GNUTLS_HASH_HANDLE _gnutls_hash_init(gnutls_mac_algorithm algorithm) break; default: - ret = GNUTLS_HASH_FAILED; + ret = GNUTLS_HASH_FAILED; break; } if (ret != GNUTLS_HASH_FAILED) @@ -78,7 +78,7 @@ int _gnutls_hash_get_algo_len(gnutls_mac_algorithm algorithm) ret = gcry_md_get_algo_dlen(GCRY_MD_MD5); break; default: - ret = 0; + ret = 0; break; } return ret; diff --git a/lib/gnutls_mem.c b/lib/gnutls_mem.c index 9621442830..836287e74a 100644 --- a/lib/gnutls_mem.c +++ b/lib/gnutls_mem.c @@ -73,16 +73,11 @@ void *ret; } char* _gnutls_strdup( const char* str) { -size_t siz = strlen( str); +size_t siz = strlen( str) + 1; char* ret; - ret = gnutls_malloc( siz + 1); - if (ret == NULL) - return ret; - - memcpy( ret, str, siz); - ret[ siz] = 0; - + ret = gnutls_malloc( siz); + if (ret != NULL) memcpy( ret, str, siz); return ret; } diff --git a/lib/gnutls_num.c b/lib/gnutls_num.c index 7729722c00..b0856ca7ad 100644 --- a/lib/gnutls_num.c +++ b/lib/gnutls_num.c @@ -27,9 +27,6 @@ #include <gnutls_num.h> #include <gnutls_errors.h> -/* This function will set the uint64 x to zero - */ - /* This function will add one to uint64 x. * Returns 0 on success, or -1 if the uint64 max limit * has been reached. diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c index 5b523fb06e..84554ac522 100644 --- a/lib/gnutls_pk.c +++ b/lib/gnutls_pk.c @@ -84,11 +84,13 @@ int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext, /* using public key */ if (params_len < RSA_PUBLIC_PARAMS) { gnutls_assert(); + gnutls_free(edata); return GNUTLS_E_INTERNAL_ERROR; } if ( (ret=_gnutls_get_random(ps, psize, GNUTLS_STRONG_RANDOM)) < 0) { gnutls_assert(); + gnutls_free(edata); return ret; } for (i = 0; i < psize; i++) { @@ -99,6 +101,7 @@ int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext, */ if ( (ret=_gnutls_get_random( rnd, 3, GNUTLS_STRONG_RANDOM)) < 0) { gnutls_assert(); + gnutls_free(edata); return ret; } /* use non zero values for @@ -123,6 +126,7 @@ int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext, if (params_len < RSA_PRIVATE_PARAMS) { gnutls_assert(); + gnutls_free(edata); return GNUTLS_E_INTERNAL_ERROR; } @@ -131,6 +135,7 @@ int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext, break; default: gnutls_assert(); + gnutls_free(edata); return GNUTLS_E_INTERNAL_ERROR; } @@ -282,6 +287,7 @@ int _gnutls_pkcs1_rsa_decrypt(gnutls_datum * plaintext, break; default: gnutls_assert(); + gnutls_free(edata); return GNUTLS_E_INTERNAL_ERROR; } i++; @@ -409,7 +415,7 @@ int _gnutls_dsa_sign(gnutls_datum * signature, const gnutls_datum *hash, } ret = _gnutls_pk_sign(GCRY_PK_DSA, rs, mdata, params, params_len); - /* res now holds r,s */ + /* rs[0], rs[1] now hold r,s */ _gnutls_mpi_release(&mdata); if (ret < 0) { diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index e58fdd2218..75e64bd4df 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -479,7 +479,7 @@ static int _gnutls_check_recv_type( ContentType recv_type) { */ static int _gnutls_check_buffers( gnutls_session session, ContentType type, opaque* data, int sizeofdata) { if ( (type == GNUTLS_APPLICATION_DATA || type == GNUTLS_HANDSHAKE) && _gnutls_record_buffer_get_size(type, session) > 0) { - int ret = 0, ret2=0; + int ret, ret2; ret = _gnutls_record_buffer_get(type, session, data, sizeofdata); if (ret < 0) { gnutls_assert(); diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index 0bbb497519..e8a7c65d25 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -193,7 +193,8 @@ int gnutls_init(gnutls_session * session, gnutls_connection_end con_end) (*session)->key = gnutls_calloc(1, sizeof(struct GNUTLS_KEY_INT)); if ( (*session)->key == NULL) { - gnutls_free( *session); + cleanup_session: + gnutls_free( *session); *session = NULL; return GNUTLS_E_MEMORY_ERROR; } @@ -206,10 +207,14 @@ int gnutls_init(gnutls_session * session, gnutls_connection_end con_end) gnutls_handshake_set_max_packet_length( (*session), MAX_HANDSHAKE_PACKET_SIZE); /* Allocate a minimum size for recv_data - * This is allocated in order to avoid small messages, makeing + * This is allocated in order to avoid small messages, making * the receive procedure slow. */ (*session)->internals.record_recv_buffer.data = gnutls_malloc(INITIAL_RECV_BUFFER_SIZE); + if ( (*session)->internals.record_recv_buffer.data == NULL) { + gnutls_free((*session)->key); + goto cleanup_session; + } /* set the socket pointers to -1; */ @@ -534,7 +539,7 @@ void gnutls_record_set_cbc_protection(gnutls_session session, int prot) * are not yet defined in any RFC or even internet draft. * * Enabling the private ciphersuites when talking to other than gnutls - * servers and clients, may cause interoperability problems. + * servers and clients may cause interoperability problems. * **/ void gnutls_handshake_set_private_extensions(gnutls_session session, int allow) diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index 50b00a7c92..b90c70dfef 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -62,7 +62,7 @@ * _gnutls_x509_cert_verify_peers - This function returns the peer's certificate status * @session: is a gnutls session * - * This function will try to verify the peer's certificate and return it's status (TRUSTED, REVOKED etc.). + * This function will try to verify the peer's certificate and return its status (TRUSTED, REVOKED etc.). * The return value (status) should be one of the gnutls_certificate_status enumerated elements. * However you must also check the peer's name in order to check if the verified certificate belongs to the * actual peer. Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent. diff --git a/lib/io_debug.h b/lib/io_debug.h index 3b2e9ee4a5..2c3e2ff8ab 100644 --- a/lib/io_debug.h +++ b/lib/io_debug.h @@ -18,7 +18,7 @@ /* This debug file was contributed by * Paul Sheer <psheer@icon.co.za>. Some changes were made by nmav. - * It's purpose it to debug non blocking behaviour of gnutls. The included + * Its purpose is to debug non blocking behaviour of gnutls. The included * send() and recv() functions return EAGAIN errors in random. * */ diff --git a/lib/x509/compat.c b/lib/x509/compat.c index a87de7d5eb..f80d590d68 100644 --- a/lib/x509/compat.c +++ b/lib/x509/compat.c @@ -501,7 +501,7 @@ int gnutls_x509_extract_certificate_dn_string(char *buf, unsigned int sizeof_buf * @CRL_list: not used * @CRL_list_length: not used * - * This function will try to verify the given certificate list and return it's status (TRUSTED, EXPIRED etc.). + * This function will try to verify the given certificate list and return its status (TRUSTED, EXPIRED etc.). * The return value (status) should be one or more of the gnutls_certificate_status * enumerated elements bitwise or'd. Note that expiration and activation dates are not checked * by this function, you should check them using the appropriate functions. diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 1363dcc744..25715652a1 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -459,7 +459,7 @@ int ret, issuer_params_size, i; * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. * @verify: will hold the certificate verification output. * - * This function will try to verify the given certificate list and return it's status (TRUSTED, REVOKED etc.). + * This function will try to verify the given certificate list and return its status (TRUSTED, REVOKED etc.). * The return value (status) should be one or more of the gnutls_certificate_status * enumerated elements bitwise or'd. Note that expiration and activation dates are not checked * by this function, you should check them using the appropriate functions. @@ -511,7 +511,7 @@ int gnutls_x509_crt_list_verify( gnutls_x509_crt* cert_list, int cert_list_lengt * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. * @verify: will hold the certificate verification output. * - * This function will try to verify the given certificate and return it's status. + * This function will try to verify the given certificate and return its status. * See gnutls_x509_crt_list_verify() for a detailed description of * return values. * @@ -577,7 +577,7 @@ int gnutls_x509_crl_check_issuer( gnutls_x509_crl cert, * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. * @verify: will hold the crl verification output. * - * This function will try to verify the given crl and return it's status. + * This function will try to verify the given crl and return its status. * See gnutls_x509_crt_list_verify() for a detailed description of * return values. * |