]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
priorities: reset the profile flags when appending new flags
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Mon, 19 Dec 2016 20:35:53 +0000 (21:35 +0100)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Tue, 20 Dec 2016 08:26:17 +0000 (09:26 +0100)
That is, to avoid causing issues to applications calling gnutls_*priority_set()
multiple times with different parameters. In that case if multiple profiles are
used the outcome could be undefined. Now, the last call will prevail.

lib/auto-verify.c
lib/gnutls_int.h
lib/priority.c

index 1cf5f55dfaa56a4919d12791e65903905f48433d..179fb1066f79532c0df590be1ffeb667a8af3930 100644 (file)
@@ -91,8 +91,9 @@ void gnutls_session_set_verify_cert(gnutls_session_t session,
                session->internals.vc_elements = 0;
        }
 
-       if (flags)
-               session->internals.additional_verify_flags |= flags;
+       if (flags) {
+               ADD_PROFILE_VFLAGS(session, flags);
+       }
 
        gnutls_session_set_verify_function(session, auto_verify_cb);
 }
index f9160fc7ca1e2c947dee07ba2b1fe4e8500895ea..a7d39d24953b6f2c559f80e42a3cd1c914c854de 100644 (file)
@@ -1030,6 +1030,16 @@ typedef struct {
        unsigned vc_status;
        unsigned int additional_verify_flags; /* may be set by priorities or the vc functions */
 
+       /* we append the verify flags because these can be set,
+        * either by this function or by gnutls_session_set_verify_cert().
+        * However, we ensure that a single profile is set. */
+#define ADD_PROFILE_VFLAGS(session, vflags) do { \
+       if ((session->internals.additional_verify_flags & GNUTLS_VFLAGS_PROFILE_MASK) && \
+           (vflags & GNUTLS_VFLAGS_PROFILE_MASK)) \
+               session->internals.additional_verify_flags &= ~GNUTLS_VFLAGS_PROFILE_MASK; \
+       session->internals.additional_verify_flags |= vflags; \
+       } while(0)
+
        /* the SHA256 hash of the peer's certificate */
        uint8_t cert_hash[32];
        bool cert_hash_set;
index 15de4b68834586e9c0ed82e9c7abae34b97952d9..94454f4981efee96ed1654a2c417f3ab936fff68 100644 (file)
@@ -575,7 +575,7 @@ gnutls_priority_set(gnutls_session_t session, gnutls_priority_t priority)
            session->internals.priorities.compression.algorithms == 0)
                return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET);
 
-       session->internals.additional_verify_flags |= priority->additional_verify_flags;
+       ADD_PROFILE_VFLAGS(session, priority->additional_verify_flags);
 
        return 0;
 }