From: Nikos Mavrogiannopoulos Date: Mon, 18 Apr 2016 14:24:34 +0000 (+0200) Subject: tools: avoid relying on static buffers for service name X-Git-Tag: gnutls_3_5_0~128 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=981d9fd34f9d5ce08e748ad33429489bb13ed90f;p=thirdparty%2Fgnutls.git tools: avoid relying on static buffers for service name --- diff --git a/src/cli-debug.c b/src/cli-debug.c index 31e03c31d0..0c2e31226f 100644 --- a/src/cli-debug.c +++ b/src/cli-debug.c @@ -192,7 +192,7 @@ int main(int argc, char **argv) gnutls_session_t state; char portname[6]; socket_st hd; - const char *app_proto = NULL; + char app_proto[32] = ""; cmd_parser(argc, argv); @@ -236,11 +236,11 @@ int main(int argc, char **argv) #endif if (HAVE_OPT(APP_PROTO)) { - app_proto = OPT_ARG(APP_PROTO); + snprintf(app_proto, sizeof(app_proto), "%s", OPT_ARG(APP_PROTO)); } if (app_proto == NULL) { - app_proto = port_to_service(portname, "tcp"); + snprintf(app_proto, sizeof(app_proto), "%s", port_to_service(portname, "tcp")); } sockets_init(); diff --git a/src/cli.c b/src/cli.c index a316594d6a..8d74afed01 100644 --- a/src/cli.c +++ b/src/cli.c @@ -73,7 +73,7 @@ int resume, starttls, insecure, ranges, rehandshake, udp, mtu, inline_commands; const char *hostname = NULL; -const char *service = NULL; +char service[32]=""; int record_max_size; int fingerprint; int crlf; @@ -1533,12 +1533,12 @@ static void cmd_parser(int argc, char **argv) mtu = OPT_VALUE_MTU; if (HAVE_OPT(PORT)) { - service = OPT_ARG(PORT); + snprintf(service, sizeof(service), "%s", OPT_ARG(PORT)); } else { if (HAVE_OPT(STARTTLS_PROTO)) - service = starttls_proto_to_service(OPT_ARG(STARTTLS_PROTO)); + snprintf(service, sizeof(service), "%s", starttls_proto_to_service(OPT_ARG(STARTTLS_PROTO))); else - service = "443"; + strcpy(service, "443"); } record_max_size = OPT_VALUE_RECORDSIZE; diff --git a/src/danetool-args.def b/src/danetool-args.def index b31e298a26..74b1d00de9 100644 --- a/src/danetool-args.def +++ b/src/danetool-args.def @@ -215,9 +215,13 @@ To read a server's DANE TLSA entry, use: $ danetool --check www.example.com --proto tcp --port 443 @end example -To verify a server's DANE TLSA entry, use: +To verify an HTTPS server's DANE TLSA entry, use: @example $ danetool --check www.example.com --proto tcp --port 443 --load-certificate chain.pem + +To verify an SMTP server's DANE TLSA entry, use: +@example +$ danetool --check www.example.com --proto tcp --starttls-proto=smtp --load-certificate chain.pem @end example _EOT_; }; diff --git a/src/danetool.c b/src/danetool.c index bea7bcf741..b05c49b78c 100644 --- a/src/danetool.c +++ b/src/danetool.c @@ -90,7 +90,7 @@ static void cmd_parser(int argc, char **argv) int ret, privkey_op = 0; common_info_st cinfo; const char *proto = "tcp"; - const char *service = "443"; + char service[32] = "443"; optionProcess(&danetoolOptions, argc, argv); @@ -159,10 +159,10 @@ static void cmd_parser(int argc, char **argv) cinfo.cert = OPT_ARG(LOAD_CERTIFICATE); if (HAVE_OPT(PORT)) { - service = OPT_ARG(PORT); + snprintf(service, sizeof(service), "%s", OPT_ARG(PORT)); } else { if (HAVE_OPT(STARTTLS_PROTO)) - service = starttls_proto_to_service(OPT_ARG(STARTTLS_PROTO)); + snprintf(service, sizeof(service), "%s", starttls_proto_to_service(OPT_ARG(STARTTLS_PROTO))); } if (HAVE_OPT(PROTO))