]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
tlsfeature: impose a maximum number of supported TLS features
authorNikos Mavrogiannopoulos <nmav@redhat.com>
Wed, 1 Jun 2016 08:02:56 +0000 (10:02 +0200)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Tue, 14 Jun 2016 12:43:59 +0000 (14:43 +0200)
This avoids many allocations and simplifies handling of the features.
The currently set maximum number of TLS features aligns with the
maximum number of supported TLS extensions.

lib/x509/tls_features.c
lib/x509/x509_ext.c
lib/x509/x509_int.h

index 1b0e09690835b7201af4aa0dd252aa58abaa5a86..8a35b6fd78a7d99245a211de3e308cb81776c3a3 100644 (file)
@@ -64,7 +64,6 @@ int gnutls_x509_tlsfeatures_init(gnutls_x509_tlsfeatures_t *f)
  **/
 void gnutls_x509_tlsfeatures_deinit(gnutls_x509_tlsfeatures_t f)
 {
-       gnutls_free(f->features);
        gnutls_free(f);
 }
 
@@ -93,7 +92,7 @@ int gnutls_x509_tlsfeatures_get(gnutls_x509_tlsfeatures_t f, unsigned idx, unsig
                return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
        }
 
-       *feature = f->features[idx].feature;
+       *feature = f->feature[idx];
        return 0;
 }
 
@@ -246,14 +245,14 @@ unsigned gnutls_x509_tlsfeatures_check_crt(gnutls_x509_tlsfeatures_t feat,
        for (i=0;i<feat->size;i++) {
                found = 0;
                for (j=0;j<cfeat->size;j++) {
-                       if (feat->features[i].feature == cfeat->features[j].feature) {
+                       if (feat->feature[i] == cfeat->feature[j]) {
                                found = 1;
                                break;
                        }
                }
 
                if (found == 0) {
-                       _gnutls_debug_log("feature %d was not found in cert\n", (int)feat->features[i].feature);
+                       _gnutls_debug_log("feature %d was not found in cert\n", (int)feat->feature[i]);
                        uret = 0;
                        goto cleanup;
                }
index 3450c8b466bfcfa1babf0143c53eba9d93b22dd2..f3c6342ad64f905a436fb3106bc6619771ad291f 100644 (file)
@@ -3155,7 +3155,6 @@ static int parse_tlsfeatures(ASN1_TYPE c2, gnutls_x509_tlsfeatures_t f, unsigned
 {
        char nptr[ASN1_MAX_NAME_SIZE];
        int result;
-       void * tmp;
        unsigned i, indx, j;
        unsigned int feature;
 
@@ -3181,9 +3180,14 @@ static int parse_tlsfeatures(ASN1_TYPE c2, gnutls_x509_tlsfeatures_t f, unsigned
                        return GNUTLS_E_CERTIFICATE_ERROR;
                }
 
+               if (f->size >= sizeof(f->feature)/sizeof(f->feature[0])) {
+                       gnutls_assert();
+                       return GNUTLS_E_INTERNAL_ERROR;
+               }
+
                /* skip duplicates */
                for (j=0;j<f->size;j++) {
-                       if (f->features[j].feature == feature) {
+                       if (f->feature[j] == feature) {
                                skip = 1;
                                break;
                        }
@@ -3191,13 +3195,7 @@ static int parse_tlsfeatures(ASN1_TYPE c2, gnutls_x509_tlsfeatures_t f, unsigned
 
                if (!skip) {
                        indx = f->size;
-                       tmp = gnutls_realloc(f->features, (f->size + 1) * sizeof(f->features[0]));
-                       if (tmp == NULL) {
-                               return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-                       }
-                       f->features = tmp;
-
-                       f->features[indx].feature = feature;
+                       f->feature[indx] = feature;
                        f->size++;
                }
        }
@@ -3301,7 +3299,7 @@ int gnutls_x509_ext_export_tlsfeatures(gnutls_x509_tlsfeatures_t f,
                        goto cleanup;
                }
 
-               ret = _gnutls_x509_write_uint32(c2, "?LAST", f->features[i].feature);
+               ret = _gnutls_x509_write_uint32(c2, "?LAST", f->feature[i]);
                if (ret != GNUTLS_E_SUCCESS) {
                        gnutls_assert();
                        goto cleanup;
@@ -3336,24 +3334,18 @@ int gnutls_x509_ext_export_tlsfeatures(gnutls_x509_tlsfeatures_t f,
  **/
 int gnutls_x509_tlsfeatures_add(gnutls_x509_tlsfeatures_t f, unsigned int feature)
 {
-       void * tmp;
-
        if (f == NULL) {
                gnutls_assert();
                return GNUTLS_E_INVALID_REQUEST;
        }
 
-       if (feature > UINT16_MAX) {
-               gnutls_assert();
-               return GNUTLS_E_INTERNAL_ERROR;
-       }
+       if (feature > UINT16_MAX)
+               return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 
-       tmp = gnutls_realloc(f->features, (f->size + 1) * sizeof(f->features[0]));
-       if (tmp == NULL) {
-               return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-       }
-       f->features = tmp;
-       f->features[f->size++].feature = feature;
+       if (f->size >= sizeof(f->feature)/sizeof(f->feature[0]))
+               return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+       f->feature[f->size++] = feature;
 
        return 0;
 }
index e2e1b5e5cb8a1d922bfffbf44455895073ac89eb..eece7bcc428bf546339ca9447974f89e1e37a04a 100644 (file)
@@ -485,9 +485,7 @@ int _gnutls_x509_name_constraints_merge(gnutls_x509_name_constraints_t nc,
 void _gnutls_x509_policies_erase(gnutls_x509_policies_t policies, unsigned int seq);
 
 struct gnutls_x509_tlsfeatures_st {
-       struct {
-               uint16_t feature;
-       } *features;
+       uint16_t feature[MAX_EXT_TYPES];
        unsigned int size;
 };