From 498e2a1ae31441f5d5b92a2765fa28f36bedb4aa Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 5 Nov 2009 23:09:51 +0200 Subject: Cleanups and several bug fixes found by Tomas Mraz. "I've patched the following problems in the code found by review of gnutls-2.8.5 code done by Steve Grubb. See the patch attached. The gnutls_constate.c bug might be potentially serious so I've decided to mail it to you directly, not to the public mailing list. The auth_cert.c change is just cleanup of the code. In gnutls_openssl.c I've just fixed the potential crasher, correct fix would require using asprintf or precomputed length of the buffer to allocate a memory. The certtool.c change is again just a cleanup." --- src/certtool.c | 11 ++--------- src/cfg/cfg+.c | 2 +- src/cfg/platon/str/strdyn.c | 8 ++++++-- src/serv.c | 6 +++++- 4 files changed, 14 insertions(+), 13 deletions(-) (limited to 'src') diff --git a/src/certtool.c b/src/certtool.c index 145bcebbab..d41be38b20 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -2176,7 +2176,6 @@ _verify_x509_mem (const void *cert, int cert_size) /* Verify using internal algorithm too. */ { int verify_status; - int comma; ret = gnutls_x509_crt_list_verify (x509_cert_list, x509_ncerts, &x509_cert_list[x509_ncerts - 1], 1, @@ -2193,28 +2192,22 @@ _verify_x509_mem (const void *cert, int cert_size) if (verify_status & GNUTLS_CERT_INVALID) { fprintf (outfile, "Not verified"); - comma = 1; } else { fprintf (outfile, "Verified"); - comma = 1; } if (verify_status & GNUTLS_CERT_SIGNER_NOT_CA) { - if (comma) - fprintf (outfile, ", "); + fprintf (outfile, ", "); fprintf (outfile, "Issuer is not a CA"); - comma = 1; } if (verify_status & GNUTLS_CERT_INSECURE_ALGORITHM) { - if (comma) - fprintf (outfile, ", "); + fprintf (outfile, ", "); fprintf (outfile, "Insecure algorithm"); - comma = 1; } fprintf (outfile, ".\n"); diff --git a/src/cfg/cfg+.c b/src/cfg/cfg+.c index db019114c6..1fe611ec6b 100644 --- a/src/cfg/cfg+.c +++ b/src/cfg/cfg+.c @@ -72,7 +72,7 @@ cfg_get_context(options) for (i = 0; i < CFG_N_PROPS; i++) { con->prop[i] = PLATON_FUNC(strdyn_create_ar)(cfg_default_properties[i]); if (con->prop[i] == NULL) { - /* TODO: possible freeing on failure */ + cfg_free_context(con); return NULL; } } diff --git a/src/cfg/platon/str/strdyn.c b/src/cfg/platon/str/strdyn.c index cc57672b59..34c0247b0d 100644 --- a/src/cfg/platon/str/strdyn.c +++ b/src/cfg/platon/str/strdyn.c @@ -316,15 +316,19 @@ PLATON_FUNC(strdyn_explode_str)(str, sep) s_size = strstr(s, sep) - s; - if ((ar[i] = (char*) malloc((s_size + 1) * sizeof(char))) == NULL) + if ((ar[i] = (char*) malloc((s_size + 1) * sizeof(char))) == NULL) { + PLATON_FUNC(strdyn_free)(ar); return NULL; + } strncpy(ar[i], s, s_size); ar[i][s_size] = '\0'; } - if ((ar[ar_size] = strdup(s)) == NULL) + if ((ar[ar_size] = strdup(s)) == NULL) { + PLATON_FUNC(strdyn_free)(ar); return NULL; + } ar[ar_size + 1] = NULL; diff --git a/src/serv.c b/src/serv.c index a8eb8fa513..7cee7c3836 100644 --- a/src/serv.c +++ b/src/serv.c @@ -500,7 +500,10 @@ peer_print_info (gnutls_session_t session, int *ret_length, http_buffer = malloc (len); if (http_buffer == NULL) - return NULL; + { + free(crtinfo); + return NULL; + } strcpy (http_buffer, HTTP_BEGIN); @@ -617,6 +620,7 @@ peer_print_info (gnutls_session_t session, int *ret_length, strcat (http_buffer, "
");
       strcat (http_buffer, crtinfo);
       strcat (http_buffer, "\n
\n"); + free(crtinfo); } strcat (http_buffer, "

Your HTTP header was:

");
-- 
cgit v1.2.1