]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
explicit tests for non-null version
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Mon, 10 Jun 2013 07:16:58 +0000 (09:16 +0200)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Mon, 10 Jun 2013 07:22:12 +0000 (09:22 +0200)
lib/auth/cert.c
lib/auth/srp_rsa.c
lib/ext/signature.c
lib/gnutls_cipher.c
lib/gnutls_constate.c
lib/gnutls_handshake.c
lib/gnutls_sig.c

index 589acf5621c414d08bd47ead2c2826d43c9be4e4..9a5f5590c578f7cdd0eb9312dbb4ab8a25110281 100644 (file)
@@ -1458,6 +1458,9 @@ _gnutls_proc_cert_cert_req (gnutls_session_t session, uint8_t * data,
   int pk_algos_length;
   const version_entry_st* ver = get_version (session);
 
+  if (unlikely(ver == NULL))
+    return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
   cred = (gnutls_certificate_credentials_t)
     _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
   if (cred == NULL)
@@ -1564,6 +1567,9 @@ _gnutls_gen_cert_client_crt_vrfy (gnutls_session_t session,
   gnutls_sign_algorithm_t sign_algo;
   const version_entry_st* ver = get_version (session);
 
+  if (unlikely(ver == NULL))
+    return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
   /* find the appropriate certificate */
   if ((ret =
        _gnutls_get_selected_cert (session, &apr_cert_list,
@@ -1638,7 +1644,7 @@ _gnutls_proc_cert_client_crt_vrfy (gnutls_session_t session,
   gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_UNKNOWN;
   const version_entry_st* ver = get_version (session);
 
-  if (info == NULL || info->ncerts == 0)
+  if (unlikely(info == NULL || info->ncerts == 0 || ver == NULL))
     {
       gnutls_assert ();
       /* we need this in order to get peer's certificate */
@@ -1710,6 +1716,9 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session,
   uint8_t tmp_data[CERTTYPE_SIZE];
   const version_entry_st* ver = get_version (session);
 
+  if (unlikely(ver == NULL))
+    return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
   /* Now we need to generate the RDN sequence. This is
    * already in the CERTIFICATE_CRED structure, to improve
    * performance.
@@ -2207,9 +2216,12 @@ gnutls_privkey_t apr_pkey;
 int apr_cert_list_length;
 gnutls_datum_t signature = { NULL, 0 }, ddata;
 gnutls_sign_algorithm_t sign_algo;
-const version_entry_st*  ver = get_version (session);
+const version_entry_st* ver = get_version (session);
 int ret;
 
+  if (unlikely(ver == NULL))
+    return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
   ddata.data = plain;
   ddata.size = plain_size;
 
@@ -2296,7 +2308,7 @@ _gnutls_proc_dhe_signature (gnutls_session_t session, uint8_t * data,
   gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_UNKNOWN;
   const version_entry_st* ver = get_version (session);
 
-  if (info == NULL || info->ncerts == 0)
+  if (unlikely(info == NULL || info->ncerts == 0 || ver == NULL))
     {
       gnutls_assert ();
       /* we need this in order to get peer's certificate */
index 1e84d9df390281e1b802390e7b25806f0b9dad38..97b5e918f5793473e7f2273644a6d99398183466 100644 (file)
@@ -89,6 +89,9 @@ gen_srp_cert_server_kx (gnutls_session_t session, gnutls_buffer_st* data)
   gnutls_sign_algorithm_t sign_algo;
   const version_entry_st* ver = get_version (session);
 
+  if (unlikely(ver == NULL))
+    return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
   ret = _gnutls_gen_srp_server_kx (session, data);
 
   if (ret < 0)
@@ -182,6 +185,9 @@ proc_srp_cert_server_kx (gnutls_session_t session, uint8_t * data,
   gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_UNKNOWN;
   const version_entry_st* ver = get_version (session);
 
+  if (unlikely(ver == NULL))
+    return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
   ret = _gnutls_proc_srp_server_kx (session, data, _data_size);
   if (ret < 0)
     return ret;
index 1d2fb9c518b70c55bc0f3fd99fcbd86626ccdfea..69ce76f1d4d6000d62703349be119ac7c396f2ba 100644 (file)
@@ -214,6 +214,9 @@ _gnutls_signature_algorithm_send_params (gnutls_session_t session,
   int ret;
   size_t init_length = extdata->length;
   const version_entry_st* ver = get_version (session);
+  
+  if (unlikely(ver == NULL))
+    return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
 
   /* this function sends the client extension data */
   if (session->security_parameters.entity == GNUTLS_CLIENT
@@ -252,7 +255,10 @@ _gnutls_session_get_sign_algo (gnutls_session_t session, gnutls_pcert_st* cert)
   sig_ext_st *priv;
   extension_priv_data_t epriv;
   unsigned int cert_algo;
-  
+
+  if (unlikely(ver == NULL))
+    return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
   cert_algo = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL);
 
   ret =
@@ -299,6 +305,9 @@ _gnutls_session_sign_algo_enabled (gnutls_session_t session,
   sig_ext_st *priv;
   extension_priv_data_t epriv;
 
+  if (unlikely(ver == NULL))
+    return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
   ret =
     _gnutls_ext_get_session_data (session,
                                   GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
@@ -412,6 +421,9 @@ gnutls_sign_algorithm_get_requested (gnutls_session_t session,
   extension_priv_data_t epriv;
   int ret;
 
+  if (unlikely(ver == NULL))
+    return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
   ret =
     _gnutls_ext_get_session_data (session,
                                   GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
index f218b49aeafa417923de35615fdfeba11f72afc3..198cb34d1560fc3f23feeedc5a99c8802922f23d 100644 (file)
@@ -325,6 +325,9 @@ compressed_to_ciphertext (gnutls_session_t session,
   uint8_t nonce[MAX_CIPHER_BLOCK_SIZE];
   unsigned iv_size;
 
+  if (unlikely(ver == NULL))
+    return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
   iv_size = _gnutls_cipher_get_iv_size(params->cipher);
 
   _gnutls_hard_log("ENC[%p]: cipher: %s, MAC: %s, Epoch: %u\n",
@@ -455,6 +458,9 @@ compressed_to_ciphertext_new (gnutls_session_t session,
   uint8_t nonce[MAX_CIPHER_BLOCK_SIZE];
   unsigned iv_size;
 
+  if (unlikely(ver == NULL))
+    return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
   iv_size = _gnutls_cipher_get_iv_size(params->cipher);
 
   _gnutls_hard_log("ENC[%p]: cipher: %s, MAC: %s, Epoch: %u\n",
@@ -636,7 +642,10 @@ ciphertext_to_compressed (gnutls_session_t session,
   unsigned int tag_size = _gnutls_auth_cipher_tag_len (&params->read.cipher_state);
   unsigned int explicit_iv = _gnutls_version_has_explicit_iv (ver);
   unsigned iv_size;
-  
+
+  if (unlikely(ver == NULL))
+    return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
   iv_size = _gnutls_cipher_get_iv_size(params->cipher);
   blocksize = _gnutls_cipher_get_block_size (params->cipher);
 
@@ -825,7 +834,10 @@ ciphertext_to_compressed_new (gnutls_session_t restrict session,
   unsigned int tag_size = _gnutls_auth_cipher_tag_len (&params->read.cipher_state);
   unsigned int explicit_iv = _gnutls_version_has_explicit_iv (ver);
   unsigned iv_size;
-  
+
+  if (unlikely(ver == NULL))
+    return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
   iv_size = _gnutls_cipher_get_iv_size(params->cipher);
   blocksize = _gnutls_cipher_get_block_size (params->cipher);
 
index ca6d4088d563c24531e9834946cc7ffccf5f4a83..717cacf716afec89df3ea2eb66eb310a1c64d827 100644 (file)
@@ -305,6 +305,9 @@ _gnutls_epoch_set_keys (gnutls_session_t session, uint16_t epoch)
   record_parameters_st *params;
   int ret;
   const version_entry_st* ver = get_version (session);
+  
+  if (unlikely(ver == NULL))
+    return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
 
   ret = _gnutls_epoch_get (session, epoch, &params);
   if (ret < 0)
index 1f3e4f7e4a6fe4a6da88b891a52cb2f93dabd8f3..ab04e7be8ad038b09ae44feff5e540bcba325c0b 100644 (file)
@@ -667,6 +667,9 @@ _gnutls_send_finished (gnutls_session_t session, int again)
       data = _mbuffer_get_udata_ptr (bufel);
 
       vers = get_version(session);
+      if (unlikely(vers == NULL))
+        return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
       if (vers->id == GNUTLS_SSL3)
         {
           ret =
@@ -732,6 +735,9 @@ _gnutls_recv_finished (gnutls_session_t session)
   int vrfy_size;
   const version_entry_st* vers = get_version (session);
 
+  if (unlikely(vers == NULL))
+    return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
   ret =
     _gnutls_recv_handshake (session, GNUTLS_HANDSHAKE_FINISHED, 
                             0, &buf);
@@ -1260,6 +1266,9 @@ _gnutls_handshake_hash_add_recvd (gnutls_session_t session,
   int ret;
   const version_entry_st* vers = get_version (session);
 
+  if (unlikely(vers == NULL))
+    return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
   if ((vers->id != GNUTLS_DTLS0_9 &&
        recv_type == GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST) ||
       recv_type == GNUTLS_HANDSHAKE_HELLO_REQUEST)
@@ -1297,6 +1306,9 @@ _gnutls_handshake_hash_add_sent (gnutls_session_t session,
   int ret;
   const version_entry_st* vers = get_version (session);
 
+  if (unlikely(vers == NULL))
+    return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
   /* We don't check for GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST because it
    * is not sent via that channel.
    */
@@ -2079,6 +2091,9 @@ _gnutls_send_server_hello (gnutls_session_t session, int again)
       data = _mbuffer_get_udata_ptr (bufel);
 
       vers = get_version(session);
+      if (unlikely(vers == NULL))
+        return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
       data[pos++] = vers->major;
       data[pos++] = vers->minor;
 
@@ -2784,7 +2799,9 @@ send_change_cipher_spec (gnutls_session_t session, int again)
         return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
 
       vers = get_version (session);
-      
+      if (unlikely(vers == NULL))
+        return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
       if (vers->id == GNUTLS_DTLS0_9)
         _mbuffer_set_uhead_size(bufel, 3);
       else
@@ -2910,7 +2927,9 @@ _gnutls_recv_handshake_final (gnutls_session_t session, int init)
         }
 
       vers = get_version (session);
-      
+      if (unlikely(vers == NULL))
+        return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
       if (vers->id == GNUTLS_DTLS0_9)
         ccs_len = 3;
 
index 8a0e229f97f069beaa71e5f635f42fd9dffe98d4..d9afa677aa18ee9dabd96d46eb33faebe9a29225 100644 (file)
@@ -463,6 +463,8 @@ _gnutls_handshake_verify_crt_vrfy (gnutls_session_t session,
   _gnutls_handshake_log ("HSK[%p]: verify cert vrfy: using %s\n",
                     session, gnutls_sign_algorithm_get_name (sign_algo));
 
+  if (unlikely(ver == NULL))
+    return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
 
   if (_gnutls_version_has_selectable_sighash(ver))
     return _gnutls_handshake_verify_crt_vrfy12 (session, cert, signature,
@@ -609,6 +611,9 @@ _gnutls_handshake_sign_crt_vrfy (gnutls_session_t session,
   const version_entry_st* ver = get_version (session);
   gnutls_pk_algorithm_t pk = gnutls_privkey_get_pk_algorithm(pkey, NULL);
 
+  if (unlikely(ver == NULL))
+    return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
   if (_gnutls_version_has_selectable_sighash(ver))
     return _gnutls_handshake_sign_crt_vrfy12 (session, cert, pkey,
                                               signature);