From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Mon, 25 Feb 2019 20:09:04 +0000 (-0500)
Subject: Use iterator for CRL (Issue #5532)
X-Git-Tag: v2.2.11~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=74dece9c5aef620ab8dda429ec66137f867053d7;p=thirdparty%2Fcups.git

Use iterator for CRL (Issue #5532)
---

diff --git a/CHANGES.md b/CHANGES.md
index 9aa1d5b2af..808a851554 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -27,7 +27,7 @@ Changes in CUPS v2.2.11
 - Added a USB quirks rule for Xerox printers (Issue #5523)
 - The scheduler's self-signed certificate did not include all of the alternate
   names for the server when using GNU TLS (Issue #5525)
-- Fixed a compiler warning with newer versions of GCC (Issue #5533)
+- Fixed compiler warnings with newer versions of GCC (Issue #5532, Issue #5533)
 - Media size matching now uses a tolerance of 0.5mm (rdar://33822024)
 - The lpadmin command would hang with a bad PPD file (rdar://41495016)
 - Fixed a potential crash bug in cups-driverd (rdar://46625579)
diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c
index 4a626e7430..1dc1b2a1f9 100644
--- a/cups/tls-gnutls.c
+++ b/cups/tls-gnutls.c
@@ -403,8 +403,8 @@ httpCredentialsAreValidForName(
 
     if (result)
     {
-      int		i,		/* Looping var */
-			count;		/* Number of revoked certificates */
+      gnutls_x509_crl_iter_t iter = NULL;
+					/* Iterator */
       unsigned char	cserial[1024],	/* Certificate serial number */
 			rserial[1024];	/* Revoked serial number */
       size_t		cserial_size,	/* Size of cert serial number */
@@ -412,22 +412,24 @@ httpCredentialsAreValidForName(
 
       _cupsMutexLock(&tls_mutex);
 
-      count = gnutls_x509_crl_get_crt_count(tls_crl);
-
-      if (count > 0)
+      if (gnutls_x509_crl_get_crt_count(tls_crl) > 0)
       {
         cserial_size = sizeof(cserial);
         gnutls_x509_crt_get_serial(cert, cserial, &cserial_size);
 
-        for (i = 0; i < count; i ++)
-	{
-	  rserial_size = sizeof(rserial);
-          if (!gnutls_x509_crl_get_crt_serial(tls_crl, (unsigned)i, rserial, &rserial_size, NULL) && cserial_size == rserial_size && !memcmp(cserial, rserial, rserial_size))
+	rserial_size = sizeof(rserial);
+
+        while (!gnutls_x509_crl_iter_crt_serial(tls_crl, &iter, rserial, &rserial_size, NULL))
+        {
+          if (cserial_size == rserial_size && !memcmp(cserial, rserial, rserial_size))
 	  {
 	    result = 0;
 	    break;
 	  }
+
+	  rserial_size = sizeof(rserial);
 	}
+	gnutls_x509_crl_iter_deinit(iter);
       }
 
       _cupsMutexUnlock(&tls_mutex);