From: Alan T. DeKok Date: Wed, 27 May 2015 15:01:28 +0000 (-0400) Subject: Use correct data types for TLS fields X-Git-Tag: release_3_0_9~317 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5bd39b3e9f964371bce60f200e8f62d7cc954eac;p=thirdparty%2Ffreeradius-server.git Use correct data types for TLS fields --- diff --git a/src/include/tls-h b/src/include/tls-h index 75dceab19eb..c1a2ee766c5 100644 --- a/src/include/tls-h +++ b/src/include/tls-h @@ -88,20 +88,21 @@ typedef enum { * or configure TLS not to exceed MAX_RECORD_SIZE. */ typedef struct _record_t { - unsigned char data[MAX_RECORD_SIZE]; - unsigned int used; + uint8_t data[MAX_RECORD_SIZE]; + size_t used; } record_t; typedef struct _tls_info_t { - unsigned char origin; - unsigned char content_type; - unsigned char handshake_type; - unsigned char alert_level; - unsigned char alert_description; + int origin; + int content_type; + uint8_t handshake_type; + uint8_t alert_level; + uint8_t alert_description; + bool initialized; + char info_description[256]; size_t record_len; int version; - char initialized; } tls_info_t; /* diff --git a/src/main/cb.c b/src/main/cb.c index 9aa6bc9fc00..2f38f772bf5 100644 --- a/src/main/cb.c +++ b/src/main/cb.c @@ -76,9 +76,10 @@ void cbtls_info(SSL const *s, int where, int ret) * Fill in our 'info' with TLS data. */ void cbtls_msg(int write_p, int msg_version, int content_type, - void const *buf, size_t len, + void const *inbuf, size_t len, SSL *ssl UNUSED, void *arg) { + uint8_t const *buf = inbuf; tls_session_t *state = (tls_session_t *)arg; /* @@ -87,19 +88,19 @@ void cbtls_msg(int write_p, int msg_version, int content_type, */ if (!state) return; - state->info.origin = (unsigned char)write_p; - state->info.content_type = (unsigned char)content_type; + state->info.origin = write_p; + state->info.content_type = content_type; state->info.record_len = len; state->info.version = msg_version; - state->info.initialized = 1; + state->info.initialized = true; if (content_type == SSL3_RT_ALERT) { - state->info.alert_level = ((unsigned char const *)buf)[0]; - state->info.alert_description = ((unsigned char const *)buf)[1]; + state->info.alert_level = buf[0]; + state->info.alert_description = buf[1]; state->info.handshake_type = 0x00; } else if (content_type == SSL3_RT_HANDSHAKE) { - state->info.handshake_type = ((unsigned char const *)buf)[0]; + state->info.handshake_type = buf[0]; state->info.alert_level = 0x00; state->info.alert_description = 0x00; diff --git a/src/main/tls.c b/src/main/tls.c index 4cae7c69387..f55539ff614 100644 --- a/src/main/tls.c +++ b/src/main/tls.c @@ -507,7 +507,7 @@ int tls_handshake_recv(REQUEST *request, tls_session_t *ssn) err = BIO_write(ssn->into_ssl, ssn->dirty_in.data, ssn->dirty_in.used); if (err != (int) ssn->dirty_in.used) { - RDEBUG("Failed writing %d to SSL BIO: %d", ssn->dirty_in.used, + RDEBUG("Failed writing %zd bytes to SSL BIO: %d", ssn->dirty_in.used, err); record_init(&ssn->dirty_in); return 0; @@ -3013,7 +3013,7 @@ fr_tls_status_t tls_application_data(tls_session_t *ssn, ssn->dirty_in.used); if (err != (int) ssn->dirty_in.used) { record_init(&ssn->dirty_in); - RDEBUG("Failed writing %d to SSL BIO: %d", ssn->dirty_in.used, err); + RDEBUG("Failed writing %zd bytes to SSL BIO: %d", ssn->dirty_in.used, err); return FR_TLS_FAIL; } @@ -3089,7 +3089,7 @@ fr_tls_status_t tls_ack_handler(tls_session_t *ssn, REQUEST *request) RERROR("FAIL: Unexpected ACK received. Could not obtain session information"); return FR_TLS_INVALID; } - if (ssn->info.initialized == 0) { + if (!ssn->info.initialized) { RDEBUG("No SSL info available. Waiting for more SSL data"); return FR_TLS_REQUEST; } diff --git a/src/main/tls_listen.c b/src/main/tls_listen.c index 37a543b8c6d..4cb2a7581d3 100644 --- a/src/main/tls_listen.c +++ b/src/main/tls_listen.c @@ -275,7 +275,7 @@ static int tls_socket_recv(rad_listen_t *listener) */ if ((sock->ssn->clean_out.used < 20) || (((sock->ssn->clean_out.data[2] << 8) | sock->ssn->clean_out.data[3]) != (int) sock->ssn->clean_out.used)) { - RDEBUG("Received bad packet: Length %d contents %d", + RDEBUG("Received bad packet: Length %zd contents %d", sock->ssn->clean_out.used, (sock->ssn->clean_out.data[2] << 8) | sock->ssn->clean_out.data[3]); goto do_close;