]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
simplified _gnutls_selected_cert_supported_kx().
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Fri, 3 Jun 2011 12:27:10 +0000 (14:27 +0200)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Fri, 3 Jun 2011 12:27:10 +0000 (14:27 +0200)
lib/auth/cert.h
lib/gnutls_cert.c
lib/gnutls_handshake.c

index efcdd85e7db9b786537970620522b66b8b1caa9c..b0199615f69cbc79f263e5faec0a568822fd5bec 100644 (file)
@@ -166,7 +166,7 @@ int certificate_credentials_append_pkey (gnutls_certificate_credentials_t res,
                                          gnutls_privkey_t pkey);
 
 int _gnutls_selected_cert_supported_kx (struct gnutls_session_int *session,
-                                        gnutls_kx_algorithm_t ** alg,
+                                        gnutls_kx_algorithm_t * alg,
                                         int *alg_size);
 
 #endif
index f726c7da1c82497a956d0113dffa9a39085ffd48..9cb66859043b33cc84cdcfe51fa0c83aaae2a677 100644 (file)
@@ -247,19 +247,17 @@ int ret;
  */
 int
 _gnutls_selected_cert_supported_kx (gnutls_session_t session,
-                                    gnutls_kx_algorithm_t ** alg,
+                                    gnutls_kx_algorithm_t * alg,
                                     int *alg_size)
 {
   gnutls_kx_algorithm_t kx;
   gnutls_pk_algorithm_t pk, cert_pk;
-  gnutls_kx_algorithm_t kxlist[MAX_ALGOS];
   gnutls_pcert_st *cert;
   int i;
 
   if (session->internals.selected_cert_list_length == 0)
     {
       *alg_size = 0;
-      *alg = NULL;
       return 0;
     }
 
@@ -275,8 +273,11 @@ _gnutls_selected_cert_supported_kx (gnutls_session_t session,
           /* then check key usage */
           if (_gnutls_check_key_usage (cert, kx) == 0)
             {
-              kxlist[i] = kx;
+              alg[i] = kx;
               i++;
+              
+              if (i > *alg_size)
+                return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
             }
         }
     }
@@ -287,14 +288,8 @@ _gnutls_selected_cert_supported_kx (gnutls_session_t session,
       return GNUTLS_E_INVALID_REQUEST;
     }
 
-  *alg = gnutls_calloc (i, sizeof (gnutls_kx_algorithm_t));
-  if (*alg == NULL)
-    return GNUTLS_E_MEMORY_ERROR;
-
   *alg_size = i;
 
-  memcpy (*alg, kxlist, i * sizeof (gnutls_kx_algorithm_t));
-
   return 0;
 }
 
index ff8a3d877403b4665f10e0e4127f3fe2d8f44ba3..bb2932f81113af46ac509b1784dcdfc435e7f47f 100644 (file)
@@ -3073,8 +3073,8 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session,
   gnutls_certificate_credentials_t cert_cred;
   gnutls_kx_algorithm_t kx;
   int server = session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0;
-  gnutls_kx_algorithm_t *alg = NULL;
-  int alg_size = 0;
+  gnutls_kx_algorithm_t alg[MAX_ALGOS];
+  int alg_size = MAX_ALGOS;
 
   /* if we should use a specific certificate, 
    * we should remove all algorithms that are not supported
@@ -3106,7 +3106,7 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session,
    * supported by the X509 certificate parameters.
    */
   if ((ret =
-       _gnutls_selected_cert_supported_kx (session, &alg, &alg_size)) < 0)
+       _gnutls_selected_cert_supported_kx (session, alg, &alg_size)) < 0)
     {
       gnutls_assert ();
       return ret;
@@ -3116,7 +3116,6 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session,
   if (newSuite == NULL)
     {
       gnutls_assert ();
-      gnutls_free (alg);
       return GNUTLS_E_MEMORY_ERROR;
     }
 
@@ -3189,7 +3188,6 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session,
         }
     }
 
-  gnutls_free (alg);
   gnutls_free (*cipherSuites);
   *cipherSuites = newSuite;