From 2a06fe63e619fcd82df2d697a8ecb965f260a38f Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Mon, 25 Feb 2019 15:08:40 -0500
Subject: [PATCH] Use iterator for CRL (Issue #5532)

---
 CHANGES.md        |  2 +-
 cups/tls-gnutls.c | 20 +++++++++++---------
 2 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index e814b4165..d5c7dcd3f 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -31,7 +31,7 @@ Changes in CUPS v2.3b8
 - Added a USB quirks rule for Xerox printers (Issue #5523)
 - The scheduler's self-signed certificate did not include all of the alternate
   names for the server when using GNU TLS (Issue #5525)
-- Fixed a compiler warning with newer versions of GCC (Issue #5533)
+- Fixed compiler warnings with newer versions of GCC (Issue #5532, Issue #5533)
 - Localization updates (Issue #5461, Issues #5471, Issue #5481, Issue #5486,
   Issue #5489, Issue #5491, Issue #5492, Issue #5493, Issue #5494, Issue #5495,
   Issue #5497, Issue #5499, Issue #5500, Issue #5501, Issue #5504)
diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c
index 4adf4db0b..0784d58f3 100644
--- a/cups/tls-gnutls.c
+++ b/cups/tls-gnutls.c
@@ -398,8 +398,8 @@ httpCredentialsAreValidForName(
 
     if (result)
     {
-      int		i,		/* Looping var */
-			count;		/* Number of revoked certificates */
+      gnutls_x509_crl_iter_t iter = NULL;
+					/* Iterator */
       unsigned char	cserial[1024],	/* Certificate serial number */
 			rserial[1024];	/* Revoked serial number */
       size_t		cserial_size,	/* Size of cert serial number */
@@ -407,22 +407,24 @@ httpCredentialsAreValidForName(
 
       _cupsMutexLock(&tls_mutex);
 
-      count = gnutls_x509_crl_get_crt_count(tls_crl);
-
-      if (count > 0)
+      if (gnutls_x509_crl_get_crt_count(tls_crl) > 0)
       {
         cserial_size = sizeof(cserial);
         gnutls_x509_crt_get_serial(cert, cserial, &cserial_size);
 
-        for (i = 0; i < count; i ++)
-	{
-	  rserial_size = sizeof(rserial);
-          if (!gnutls_x509_crl_get_crt_serial(tls_crl, (unsigned)i, rserial, &rserial_size, NULL) && cserial_size == rserial_size && !memcmp(cserial, rserial, rserial_size))
+	rserial_size = sizeof(rserial);
+
+        while (!gnutls_x509_crl_iter_crt_serial(tls_crl, &iter, rserial, &rserial_size, NULL))
+        {
+          if (cserial_size == rserial_size && !memcmp(cserial, rserial, rserial_size))
 	  {
 	    result = 0;
 	    break;
 	  }
+
+	  rserial_size = sizeof(rserial);
 	}
+	gnutls_x509_crl_iter_deinit(iter);
       }
 
       _cupsMutexUnlock(&tls_mutex);
-- 
2.39.2