From: Nikos Mavrogiannopoulos Date: Fri, 21 Sep 2012 23:45:33 +0000 (+0200) Subject: several cleanups X-Git-Tag: gnutls_3_1_2~18 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6aca5dd7b7adb29d94114cbc0d575cb83a181ddd;p=thirdparty%2Fgnutls.git several cleanups --- diff --git a/lib/auth/cert.c b/lib/auth/cert.c index f8f55beb3a..0e9e0d9825 100644 --- a/lib/auth/cert.c +++ b/lib/auth/cert.c @@ -1209,16 +1209,15 @@ cleanup: #ifdef ENABLE_OPENPGP static int _gnutls_proc_openpgp_server_crt (gnutls_session_t session, - uint8_t * data, size_t data_size) + uint8_t * data, size_t data_size) { int size, ret, len; uint8_t *p = data; cert_auth_info_t info; gnutls_certificate_credentials_t cred; ssize_t dsize = data_size; - int x, key_type; + int key_type; gnutls_pcert_st *peer_certificate_list = NULL; - int peer_certificate_list_size = 0; gnutls_datum_t tmp, akey = { NULL, 0 }; uint8_t subkey_id[GNUTLS_OPENPGP_KEYID_SIZE]; unsigned int subkey_id_set = 0; @@ -1285,8 +1284,8 @@ _gnutls_proc_openpgp_server_crt (gnutls_session_t session, } /* read the actual key or fingerprint */ - if (key_type == PGP_KEY_FINGERPRINT - || key_type == PGP_KEY_FINGERPRINT_SUBKEY) + if (key_type == PGP_KEY_FINGERPRINT || + key_type == PGP_KEY_FINGERPRINT_SUBKEY) { /* the fingerprint */ DECR_LEN (dsize, 1); @@ -1311,8 +1310,6 @@ _gnutls_proc_openpgp_server_crt (gnutls_session_t session, return ret; } tmp = akey; - peer_certificate_list_size++; - } else if (key_type == PGP_KEY || key_type == PGP_KEY_SUBKEY) { /* the whole key */ @@ -1330,7 +1327,6 @@ _gnutls_proc_openpgp_server_crt (gnutls_session_t session, } DECR_LEN (dsize, len); - peer_certificate_list_size++; tmp.size = len; tmp.data = p; @@ -1344,16 +1340,9 @@ _gnutls_proc_openpgp_server_crt (gnutls_session_t session, /* ok we now have the peer's key in tmp datum */ - - if (peer_certificate_list_size == 0) - { - gnutls_assert (); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } - peer_certificate_list = gnutls_calloc (1, - sizeof (gnutls_pcert_st) * (peer_certificate_list_size)); + sizeof (gnutls_pcert_st)); if (peer_certificate_list == NULL) { gnutls_assert (); @@ -1376,7 +1365,7 @@ _gnutls_proc_openpgp_server_crt (gnutls_session_t session, ret = _gnutls_copy_certificate_auth_info (info, peer_certificate_list, - peer_certificate_list_size, + 1, subkey_id_set, (subkey_id_set != 0) ? subkey_id : NULL); @@ -1399,7 +1388,7 @@ _gnutls_proc_openpgp_server_crt (gnutls_session_t session, cleanup: _gnutls_free_datum (&akey); - CLEAR_CERTS; + gnutls_pcert_deinit(&peer_certificate_list[0]); gnutls_free (peer_certificate_list); return ret; @@ -1586,7 +1575,6 @@ _gnutls_gen_cert_client_crt_vrfy (gnutls_session_t session, gnutls_privkey_t apr_pkey; int apr_cert_list_length; gnutls_datum_t signature = { NULL, 0 }; - int total_data; gnutls_sign_algorithm_t sign_algo; gnutls_protocol_t ver = gnutls_protocol_get_version (session); @@ -1616,14 +1604,6 @@ _gnutls_gen_cert_client_crt_vrfy (gnutls_session_t session, return 0; } - total_data = signature.size + 2; - - /* add hash and signature algorithms */ - if (_gnutls_version_has_selectable_sighash (ver)) - { - total_data += 2; - } - if (_gnutls_version_has_selectable_sighash (ver)) { const sign_algorithm_st *aid; @@ -1740,7 +1720,7 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session, gnutls_buffer_st * data) { gnutls_certificate_credentials_t cred; - int size, ret; + int ret; uint8_t tmp_data[CERTTYPE_SIZE]; gnutls_protocol_t ver = gnutls_protocol_get_version (session); @@ -1757,18 +1737,6 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session, return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } - size = CERTTYPE_SIZE + 2; /* 2 for gnutls_certificate_type_t + 2 for size of rdn_seq - */ - - if (session->security_parameters.cert_type == GNUTLS_CRT_X509 && - session->internals.ignore_rdn_sequence == 0) - size += cred->x509_rdn_sequence.size; - - if (_gnutls_version_has_selectable_sighash (ver)) - /* Need two bytes to announce the number of supported hash - functions (see below). */ - size += MAX_SIGN_ALGO_SIZE; - tmp_data[0] = CERTTYPE_SIZE - 1; tmp_data[1] = RSA_SIGN; tmp_data[2] = DSA_SIGN; @@ -1790,9 +1758,6 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session, return ret; } - /* recalculate size */ - size -= MAX_SIGN_ALGO_SIZE + ret; - ret = _gnutls_buffer_append_data (data, p, ret); if (ret < 0) return gnutls_assert_val (ret); diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c index 56faee44da..dda96fa8d7 100644 --- a/lib/auth/dh_common.c +++ b/lib/auth/dh_common.c @@ -228,7 +228,6 @@ _gnutls_proc_dh_common_server_kx (gnutls_session_t session, DECR_LEN (data_size, n_Y); data_Y = &data[i]; - i += n_Y; _n_Y = n_Y; _n_g = n_g; @@ -297,26 +296,27 @@ _gnutls_dh_common_print_server_kx (gnutls_session_t session, ret = _gnutls_buffer_append_mpi(data, 16, p, 0); if (ret < 0) { - ret = gnutls_assert_val(ret); + gnutls_assert(); goto cleanup; } ret = _gnutls_buffer_append_mpi(data, 16, g, 0); if (ret < 0) { - ret = gnutls_assert_val(ret); + gnutls_assert(); goto cleanup; } ret = _gnutls_buffer_append_mpi(data, 16, Y, 0); if (ret < 0) { - ret = gnutls_assert_val(ret); + gnutls_assert(); goto cleanup; } - + + ret = data->length; cleanup: _gnutls_mpi_release (&Y); - return data->length; + return ret; } diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c index f728503b89..0be2653aca 100644 --- a/lib/auth/rsa.c +++ b/lib/auth/rsa.c @@ -130,7 +130,7 @@ _gnutls_get_public_rsa_params (gnutls_session_t session, cleanup: gnutls_pcert_deinit (&peer_cert); - return 0; + return ret; } static int diff --git a/lib/auth/rsa_export.c b/lib/auth/rsa_export.c index df78deaae6..d547e39d45 100644 --- a/lib/auth/rsa_export.c +++ b/lib/auth/rsa_export.c @@ -409,7 +409,6 @@ proc_rsa_export_server_kx (gnutls_session_t session, DECR_LEN (data_size, n_e); data_e = &data[i]; - i += n_e; _n_e = n_e; _n_m = n_m; diff --git a/lib/auth/srp_passwd.c b/lib/auth/srp_passwd.c index c00a6bb5c8..18a96ab119 100644 --- a/lib/auth/srp_passwd.c +++ b/lib/auth/srp_passwd.c @@ -45,7 +45,7 @@ static int _randomize_pwd_entry (SRP_PWD_ENTRY * entry); * string(username):base64(v):base64(salt):int(index) */ static int -pwd_put_values (SRP_PWD_ENTRY * entry, char *str) +parse_tpasswd_values (SRP_PWD_ENTRY * entry, char *str) { char *p; int len, ret; @@ -135,7 +135,7 @@ pwd_put_values (SRP_PWD_ENTRY * entry, char *str) * int(index):base64(n):int(g) */ static int -pwd_put_values2 (SRP_PWD_ENTRY * entry, char *str) +parse_tpasswd_conf_values (SRP_PWD_ENTRY * entry, char *str) { char *p; int len; @@ -228,7 +228,7 @@ pwd_read_conf (const char *pconf_file, SRP_PWD_ENTRY * entry, int idx) } if (strncmp (indexstr, line, MAX (i, len)) == 0) { - if ((idx = pwd_put_values2 (entry, line)) >= 0) + if ((idx = parse_tpasswd_conf_values (entry, line)) >= 0) { ret = 0; goto cleanup; @@ -257,7 +257,7 @@ _gnutls_srp_pwd_read_entry (gnutls_session_t state, char *username, char line[2 * 1024]; unsigned i, len; int ret; - int idx, last_idx; + int idx; SRP_PWD_ENTRY *entry = NULL; *_entry = gnutls_calloc (1, sizeof (SRP_PWD_ENTRY)); @@ -334,8 +334,6 @@ _gnutls_srp_pwd_read_entry (gnutls_session_t state, char *username, goto cleanup; } - last_idx = 1; /* a default value */ - len = strlen (username); while (fgets (line, sizeof (line), fd) != NULL) { @@ -348,13 +346,11 @@ _gnutls_srp_pwd_read_entry (gnutls_session_t state, char *username, if (strncmp (username, line, MAX (i, len)) == 0) { - if ((idx = pwd_put_values (entry, line)) >= 0) + if ((idx = parse_tpasswd_values (entry, line)) >= 0) { /* Keep the last index in memory, so we can retrieve fake parameters (g,n) * when the user does not exist. */ - /* XXX: last_idx will not be read as both if block branches return. */ - last_idx = idx; if (pwd_read_conf (cred->password_conf_file, entry, idx) == 0) { goto found; @@ -378,7 +374,7 @@ _gnutls_srp_pwd_read_entry (gnutls_session_t state, char *username, /* user was not found. Fake him. Actually read the g,n values from * the last index found and randomize the entry. */ - if (pwd_read_conf (cred->password_conf_file, entry, last_idx) == 0) + if (pwd_read_conf (cred->password_conf_file, entry, 1) == 0) { ret = _randomize_pwd_entry (entry); if (ret < 0) @@ -390,11 +386,12 @@ _gnutls_srp_pwd_read_entry (gnutls_session_t state, char *username, goto found; } + ret = GNUTLS_E_SRP_PWD_ERROR; cleanup: gnutls_assert (); if (fd) fclose(fd); _gnutls_srp_entry_free (entry); - return GNUTLS_E_SRP_PWD_ERROR; + return ret; found: if (fd) fclose(fd); diff --git a/lib/crypto-backend.c b/lib/crypto-backend.c index 6d08155583..93fb799d45 100644 --- a/lib/crypto-backend.c +++ b/lib/crypto-backend.c @@ -52,6 +52,9 @@ _algo_register (algo_list * al, int algorithm, int priority, const void *s) { algo_list *cl; algo_list *last_cl = al; + + if (al == NULL) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); /* look if there is any cipher with lowest priority. In that case do not add. */ diff --git a/lib/ext/heartbeat.c b/lib/ext/heartbeat.c index d71e694dd5..8e1c5ce901 100644 --- a/lib/ext/heartbeat.c +++ b/lib/ext/heartbeat.c @@ -471,7 +471,7 @@ _gnutls_heartbeat_send_params (gnutls_session_t session, if (epriv.num & GNUTLS_HB_PEER_ALLOWED_TO_SEND) p = 1; - else if (epriv.num & GNUTLS_HB_PEER_NOT_ALLOWED_TO_SEND) + else /*if (epriv.num & GNUTLS_HB_PEER_NOT_ALLOWED_TO_SEND)*/ p = 2; _gnutls_debug_log ("HB: sending parameter %u\n", (unsigned)p); diff --git a/lib/ext/safe_renegotiation.c b/lib/ext/safe_renegotiation.c index 1d6b67c90a..98629ef62a 100644 --- a/lib/ext/safe_renegotiation.c +++ b/lib/ext/safe_renegotiation.c @@ -271,8 +271,6 @@ _gnutls_ext_sr_send_cs (gnutls_session_t session) } epriv.ptr = priv; } - else - priv = epriv.ptr; if (set != 0) _gnutls_ext_set_session_data (session, diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c index c4aa4bca21..942675267c 100644 --- a/lib/gnutls_constate.c +++ b/lib/gnutls_constate.c @@ -248,8 +248,6 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st * params, (&server_write->IV, &key_block[pos], IV_size) < 0) return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); - pos += IV_size; - } else if (IV_size > 0 && export_flag != 0) { diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 1eb5d6b454..10c6ecb10e 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -1122,7 +1122,7 @@ _gnutls_send_handshake (gnutls_session_t session, mbuffer_st * bufel, /* Fragment length */ _gnutls_write_uint24 (i_datasize, &data[pos]); - pos += 3; + /* pos += 3; */ } _gnutls_handshake_log ("HSK[%p]: %s was queued [%ld bytes]\n", @@ -1885,7 +1885,7 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) { data[pos++] = session->internals.dtls.cookie_len; memcpy(&data[pos], &session->internals.dtls.cookie, session->internals.dtls.cookie_len); - pos += session->internals.dtls.cookie_len; + /* pos += session->internals.dtls.cookie_len; */ } /* Copy the ciphersuites. @@ -1976,8 +1976,6 @@ _gnutls_send_server_hello (gnutls_session_t session, int again) uint8_t session_id_len = session->security_parameters.session_id_size; char buf[2 * TLS_MAX_SESSION_ID_SIZE + 1]; - datalen = 0; - _gnutls_buffer_init(&extdata); if (again == 0) @@ -2031,7 +2029,6 @@ _gnutls_send_server_hello (gnutls_session_t session, int again) if (extdata.length > 0) { - datalen += extdata.length; memcpy (&data[pos], extdata.data, extdata.length); } } @@ -2145,8 +2142,6 @@ _gnutls_recv_hello_verify_request (gnutls_session_t session, session->internals.dtls.cookie_len = cookie_len; memcpy (session->internals.dtls.cookie, &data[pos], cookie_len); - pos += cookie_len; - if (len != 0) { gnutls_assert (); diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c index 58c41398bd..c145562826 100644 --- a/lib/gnutls_pubkey.c +++ b/lib/gnutls_pubkey.c @@ -1580,7 +1580,7 @@ unsigned int sig_hash_size; { if (_gnutls_version_has_selectable_sighash (ver) && sign != GNUTLS_SIGN_UNKNOWN) { - hash_algo = _gnutls_dsa_q_to_hash (pubkey->pk_algorithm, &pubkey->params, &hash_size); + _gnutls_dsa_q_to_hash (pubkey->pk_algorithm, &pubkey->params, &hash_size); sig_hash_size = _gnutls_hash_get_algo_len(gnutls_sign_get_hash_algorithm(sign)); if (sig_hash_size < hash_size) diff --git a/lib/gnutls_session_pack.c b/lib/gnutls_session_pack.c index 9982622f83..16bdc23a4f 100644 --- a/lib/gnutls_session_pack.c +++ b/lib/gnutls_session_pack.c @@ -103,7 +103,7 @@ _gnutls_session_pack (gnutls_session_t session, if (ret < 0) { gnutls_assert (); - return ret; + goto fail; } break; #endif @@ -113,7 +113,7 @@ _gnutls_session_pack (gnutls_session_t session, if (ret < 0) { gnutls_assert (); - return ret; + goto fail; } break; #endif @@ -123,7 +123,7 @@ _gnutls_session_pack (gnutls_session_t session, if (ret < 0) { gnutls_assert (); - return ret; + goto fail; } break; #endif @@ -132,7 +132,7 @@ _gnutls_session_pack (gnutls_session_t session, if (ret < 0) { gnutls_assert (); - return ret; + goto fail; } break; default: @@ -147,20 +147,20 @@ _gnutls_session_pack (gnutls_session_t session, if (ret < 0) { gnutls_assert (); - _gnutls_buffer_clear (&sb); - return ret; + goto fail; } ret = _gnutls_ext_pack (session, &sb); if (ret < 0) { gnutls_assert (); - _gnutls_buffer_clear (&sb); - return ret; + goto fail; } - ret = _gnutls_buffer_to_datum (&sb, packed_session); + return _gnutls_buffer_to_datum (&sb, packed_session); +fail: + _gnutls_buffer_clear (&sb); return ret; } @@ -363,10 +363,7 @@ unpack_certificate_auth_info (gnutls_session_t session, gnutls_buffer_st * ps) info = _gnutls_get_auth_info (session); if (info == NULL) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); BUFFER_POP_NUM (ps, info->dh.secret_bits); @@ -433,9 +430,13 @@ pack_srp_auth_info (gnutls_session_t session, gnutls_buffer_st * ps) int len, ret; int size_offset; size_t cur_size; + const char* username = NULL; if (info && info->username) - len = strlen (info->username) + 1; /* include the terminating null */ + { + username = info->username; + len = strlen (info->username) + 1; /* include the terminating null */ + } else len = 0; @@ -443,7 +444,7 @@ pack_srp_auth_info (gnutls_session_t session, gnutls_buffer_st * ps) BUFFER_APPEND_NUM (ps, 0); cur_size = ps->length; - BUFFER_APPEND_PFX4 (ps, info->username, len); + BUFFER_APPEND_PFX4 (ps, username, len); /* write the real size */ _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset); @@ -466,7 +467,6 @@ unpack_srp_auth_info (gnutls_session_t session, gnutls_buffer_st * ps) return GNUTLS_E_INTERNAL_ERROR; } - ret = _gnutls_auth_info_set (session, GNUTLS_CRD_SRP, sizeof (srp_server_auth_info_st), 1); @@ -478,12 +478,11 @@ unpack_srp_auth_info (gnutls_session_t session, gnutls_buffer_st * ps) info = _gnutls_get_auth_info (session); if (info == NULL) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); BUFFER_POP (ps, info->username, username_size); + if (username_size == 0) + info->username[0] = 0; ret = 0; @@ -518,15 +517,15 @@ pack_anon_auth_info (gnutls_session_t session, gnutls_buffer_st * ps) size_offset = ps->length; BUFFER_APPEND_NUM (ps, 0); cur_size = ps->length; - + if (info) { BUFFER_APPEND_NUM (ps, info->dh.secret_bits); BUFFER_APPEND_PFX4 (ps, info->dh.prime.data, info->dh.prime.size); BUFFER_APPEND_PFX4 (ps, info->dh.generator.data, - info->dh.generator.size); + info->dh.generator.size); BUFFER_APPEND_PFX4 (ps, info->dh.public_key.data, - info->dh.public_key.size); + info->dh.public_key.size); } /* write the real size */ @@ -561,10 +560,7 @@ unpack_anon_auth_info (gnutls_session_t session, gnutls_buffer_st * ps) info = _gnutls_get_auth_info (session); if (info == NULL) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); BUFFER_POP_NUM (ps, info->dh.secret_bits); @@ -614,13 +610,15 @@ pack_psk_auth_info (gnutls_session_t session, gnutls_buffer_st * ps) size_t cur_size; info = _gnutls_get_auth_info (session); + if (info == NULL) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); - if (info && info->username) + if (info->username) username_len = strlen (info->username) + 1; /* include the terminating null */ else username_len = 0; - if (info && info->hint) + if (info->hint) hint_len = strlen (info->hint) + 1; /* include the terminating null */ else hint_len = 0; @@ -661,10 +659,7 @@ unpack_psk_auth_info (gnutls_session_t session, gnutls_buffer_st * ps) info = _gnutls_get_auth_info (session); if (info == NULL) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); BUFFER_POP_NUM (ps, username_size); if (username_size > sizeof (info->username)) diff --git a/lib/gnutls_str.c b/lib/gnutls_str.c index 5c40b9ca57..34a8a19829 100644 --- a/lib/gnutls_str.c +++ b/lib/gnutls_str.c @@ -254,8 +254,9 @@ _gnutls_buffer_pop_datum (gnutls_buffer_st * str, gnutls_datum_t * data, return; } -/* converts the buffer to a datum if possible. After this call the buffer - * is at an usable state and might not be used or deinitialized */ +/* converts the buffer to a datum if possible. After this call + * (failed or not) the buffer should be considered deinitialized. + */ int _gnutls_buffer_to_datum (gnutls_buffer_st * str, gnutls_datum_t * data) { @@ -264,6 +265,7 @@ _gnutls_buffer_to_datum (gnutls_buffer_st * str, gnutls_datum_t * data) { data->data = NULL; data->size = 0; + _gnutls_buffer_clear (str); return 0; } @@ -273,6 +275,7 @@ _gnutls_buffer_to_datum (gnutls_buffer_st * str, gnutls_datum_t * data) if (data->data == NULL) { gnutls_assert (); + _gnutls_buffer_clear (str); return GNUTLS_E_MEMORY_ERROR; } memcpy (data->data, str->data, str->length); @@ -283,6 +286,7 @@ _gnutls_buffer_to_datum (gnutls_buffer_st * str, gnutls_datum_t * data) { data->data = str->data; data->size = str->length; + _gnutls_buffer_init(str); } return 0; diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index ac9426d337..3806a76a68 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -621,10 +621,9 @@ read_cas_url (gnutls_certificate_credentials_t res, const char *url) ret = gnutls_x509_crt_list_import_pkcs11 (xcrt_list, pcrt_list_size, pcrt_list, 0); - if (xcrt_list == NULL) + if (ret < 0) { gnutls_assert (); - ret = GNUTLS_E_MEMORY_ERROR; goto cleanup; } diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index 876927800a..30129bb14f 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -150,6 +150,7 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, gnutls_datum_t * o _ecc_params_to_pubkey(pub, &ecc_pub); _ecc_params_to_privkey(priv, &ecc_priv); + sz = ECC_BUF_SIZE; if (ecc_projective_check_point(&ecc_pub.pubkey, pub->params[ECC_B], pub->params[ECC_PRIME]) != 0) { @@ -157,7 +158,6 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, gnutls_datum_t * o goto ecc_cleanup; } - sz = ECC_BUF_SIZE; out->data = gnutls_malloc(sz); if (out->data == NULL) { diff --git a/lib/opencdk/armor.c b/lib/opencdk/armor.c index fbfab152e7..1d2a645201 100644 --- a/lib/opencdk/armor.c +++ b/lib/opencdk/armor.c @@ -526,10 +526,9 @@ cdk_armor_encode_buffer (const byte * inbuf, size_t inlen, return 0; } - pos = 0; memset (outbuf, 0, outlen); - memcpy (outbuf + pos, "-----", 5); - pos += 5; + memcpy (outbuf, "-----", 5); + pos = 5; memcpy (outbuf + pos, head, strlen (head)); pos += strlen (head); memcpy (outbuf + pos, "-----", 5); diff --git a/lib/opencdk/keydb.c b/lib/opencdk/keydb.c index b74feda2dc..646904dbe3 100644 --- a/lib/opencdk/keydb.c +++ b/lib/opencdk/keydb.c @@ -1198,7 +1198,7 @@ _cdk_keydb_get_sk_byusage (cdk_keydb_hd_t hd, const char *name, return CDK_Unusable_Key; } node = find_selfsig_node (knode, pk_node->pkt->pkt.secret_key->pk); - if (sk->pk->uid && node) + if (sk && sk->pk && sk->pk->uid && node) _cdk_copy_signature (&sk->pk->uid->selfsig, node->pkt->pkt.signature); /* We only release the outer packet. */ @@ -1275,7 +1275,7 @@ _cdk_keydb_get_pk_byusage (cdk_keydb_hd_t hd, const char *name, return CDK_Unusable_Key; } node = find_selfsig_node (knode, pk_node->pkt->pkt.public_key); - if (pk->uid && node) + if (pk && pk->uid && node) _cdk_copy_signature (&pk->uid->selfsig, node->pkt->pkt.signature); cdk_kbnode_release (knode); diff --git a/lib/opencdk/literal.c b/lib/opencdk/literal.c index eb16188f5a..7b0ec0da28 100644 --- a/lib/opencdk/literal.c +++ b/lib/opencdk/literal.c @@ -215,7 +215,6 @@ literal_encode (void *data, FILE * in, FILE * out) pt->buf = si; pkt->old_ctb = 1; pkt->pkttype = CDK_PKT_LITERAL; - pkt->pkt.literal = pt; rc = _cdk_pkt_write_fp (out, pkt); cdk_pkt_release (pkt); diff --git a/lib/opencdk/stream.c b/lib/opencdk/stream.c index 7c620959c9..bfc96abdb4 100644 --- a/lib/opencdk/stream.c +++ b/lib/opencdk/stream.c @@ -1042,7 +1042,7 @@ cdk_stream_write (cdk_stream_t s, const void *buf, size_t count) return EOF; } - if (!buf && !count) + if (!buf || !count) return stream_flush (s); if (s->cache.on) diff --git a/lib/opencdk/write-packet.c b/lib/opencdk/write-packet.c index 0937c77927..77b9db1409 100644 --- a/lib/opencdk/write-packet.c +++ b/lib/opencdk/write-packet.c @@ -146,9 +146,9 @@ pkt_encode_len (cdk_stream_t out, size_t pktlen) { cdk_error_t rc; - assert (out); + if (!out) + return CDK_Inv_Value; - rc = 0; if (!pktlen) { /* Block mode, partial bodies, with 'DEF_BLOCKSIZE' from main.h */ @@ -179,7 +179,8 @@ write_head_new (cdk_stream_t out, size_t size, int type) { cdk_error_t rc; - assert (out); + if (!out) + return CDK_Inv_Value; if (type < 0 || type > 63) return CDK_Inv_Packet; @@ -196,7 +197,8 @@ write_head_old (cdk_stream_t out, size_t size, int type) cdk_error_t rc; int ctb; - assert (out); + if (!out) + return CDK_Inv_Value; if (type < 0 || type > 16) return CDK_Inv_Packet; @@ -257,8 +259,8 @@ write_pubkey_enc (cdk_stream_t out, cdk_pkt_pubkey_enc_t pke, int old_ctb) size_t size; int rc, nenc; - assert (out); - assert (pke); + if (!out || !pke) + return CDK_Inv_Value; if (pke->version < 2 || pke->version > 3) return CDK_Inv_Packet; @@ -292,8 +294,8 @@ write_mdc (cdk_stream_t out, cdk_pkt_mdc_t mdc) { cdk_error_t rc; - assert (mdc); - assert (out); + if (!out || !mdc) + return CDK_Inv_Value; if (DEBUG_PKT) _gnutls_write_log ("write_mdc:\n"); @@ -363,8 +365,8 @@ write_signature (cdk_stream_t out, cdk_pkt_signature_t sig, int old_ctb) size_t nbytes, size, nsig; cdk_error_t rc; - assert (out); - assert (sig); + if (!out || !sig) + return CDK_Inv_Value; if (!KEY_CAN_SIGN (sig->pubkey_algo)) return CDK_Inv_Algo; @@ -429,8 +431,8 @@ write_public_key (cdk_stream_t out, cdk_pkt_pubkey_t pk, size_t npkey = 0, size = 6; cdk_error_t rc; - assert (out); - assert (pk); + if (!out || !pk) + return CDK_Inv_Value; if (pk->version < 2 || pk->version > 4) return CDK_Inv_Packet; @@ -506,8 +508,8 @@ write_secret_key (cdk_stream_t out, cdk_pkt_seckey_t sk, int pkttype, s2k_mode; cdk_error_t rc; - assert (out); - assert (sk); + if (!out || !sk) + return CDK_Inv_Value; if (!sk->pk) return CDK_Inv_Value; @@ -626,8 +628,8 @@ write_compressed (cdk_stream_t out, cdk_pkt_compressed_t cd) { cdk_error_t rc; - assert (out); - assert (cd); + if (!out || !cd) + return CDK_Inv_Value; if (DEBUG_PKT) _gnutls_write_log ("packet: write_compressed\n"); @@ -647,8 +649,8 @@ write_literal (cdk_stream_t out, cdk_pkt_literal_t pt, int old_ctb) size_t size; cdk_error_t rc; - assert (out); - assert (pt); + if (!out || !pt) + return CDK_Inv_Value; /* We consider a packet without a body as an invalid packet. At least one octet must be present. */ @@ -694,8 +696,8 @@ write_onepass_sig (cdk_stream_t out, cdk_pkt_onepass_sig_t sig) { cdk_error_t rc; - assert (out); - assert (sig); + if (!out || !sig) + return CDK_Inv_Value; if (sig->version != 3) return CDK_Inv_Packet; diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 35be7dfa2c..48dcd035ed 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -997,8 +997,6 @@ _pkcs11_traverse_tokens (find_func_t find_func, void *input, { struct token_info tinfo; - ret = GNUTLS_E_PKCS11_ERROR; - if (pkcs11_get_token_info (module, providers[x].slots[z], &tinfo.tinfo) != CKR_OK) { diff --git a/lib/x509/ocsp_output.c b/lib/x509/ocsp_output.c index cca931d3e2..6b60872a14 100644 --- a/lib/x509/ocsp_output.c +++ b/lib/x509/ocsp_output.c @@ -571,8 +571,13 @@ print_resp (gnutls_buffer_st * str, gnutls_ocsp_resp_t resp, { ret = gnutls_x509_crt_export (certs[i], GNUTLS_X509_FMT_PEM, out.data, &s); - out.size = s; - addf (str, "%.*s", out.size, out.data); + if (ret < 0) + addf (str, "error: crt_export: %s\n", gnutls_strerror (ret)); + else + { + out.size = s; + addf (str, "%.*s", out.size, out.data); + } gnutls_free (out.data); } } diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index ebbf954240..d06fea4a85 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -1788,7 +1788,7 @@ done: gnutls_x509_crt_deinit(_extra_certs[i]); gnutls_free(_extra_certs); } - if (_chain_len && chain != NULL) + if (_chain_len && _chain != NULL) { for (i = 0; i < _chain_len; i++) gnutls_x509_crt_deinit(_chain[i]);