From: Nikos Mavrogiannopoulos Date: Wed, 15 May 2013 22:27:13 +0000 (+0200) Subject: several updates X-Git-Tag: gnutls_3_2_1~49 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c8cbff43fdd6dceb2ae9e7586782752fc29f62fc;p=thirdparty%2Fgnutls.git several updates --- diff --git a/lib/gnutls_str.c b/lib/gnutls_str.c index d678d9998a..f5ca099c60 100644 --- a/lib/gnutls_str.c +++ b/lib/gnutls_str.c @@ -301,6 +301,11 @@ _gnutls_buffer_pop_data (gnutls_buffer_st * str, void *data, gnutls_datum_t tdata; _gnutls_buffer_pop_datum (str, &tdata, *req_size); + if (tdata->data == NULL) + { + *req_size = 0; + return; + } *req_size = tdata.size; memcpy (data, tdata.data, tdata.size); diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index 780d33fb3f..09e3234f42 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -183,7 +183,7 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, gnutls_datum_t * o ecc_cleanup: ecc_point_clear(&ecc_pub); ecc_scalar_clear(&ecc_priv); - + if (ret < 0) goto cleanup; break; } default: diff --git a/lib/opencdk/keydb.c b/lib/opencdk/keydb.c index 86708c14db..fd43982c66 100644 --- a/lib/opencdk/keydb.c +++ b/lib/opencdk/keydb.c @@ -268,8 +268,6 @@ keydb_idx_search (cdk_stream_t inp, u32 * keyid, const byte * fpr, *r_off = idx->offset; break; } - cdk_free (idx); - idx = NULL; } cdk_free (idx); return *r_off != 0xFFFFFFFF ? 0 : CDK_EOF; @@ -818,6 +816,9 @@ keydb_pos_from_cache (cdk_keydb_hd_t hd, cdk_keydb_search_t ks, void cdk_keydb_search_release (cdk_keydb_search_t st) { + if (st == NULL) + return; + keydb_cache_free (st->cache); if (st->idx) @@ -2211,13 +2212,27 @@ _cdk_keydb_check_userid (cdk_keydb_hd_t hd, u32 * keyid, const char *id) } check = 0; - cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_KEYID, keyid); + rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_KEYID, keyid); + if (rc) + { + cdk_kbnode_release (knode); + gnutls_assert (); + return rc; + } + if (unode && find_by_keyid (unode, st)) check++; cdk_keydb_search_release (st); cdk_kbnode_release (unode); - cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_EXACT, (char *) id); + rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_EXACT, (char *) id); + if (rc) + { + cdk_kbnode_release (knode); + gnutls_assert (); + return rc; + } + if (knode && find_by_pattern (knode, st)) check++; cdk_keydb_search_release (st); diff --git a/lib/opencdk/sig-check.c b/lib/opencdk/sig-check.c index e2543ee196..78f27421ac 100644 --- a/lib/opencdk/sig-check.c +++ b/lib/opencdk/sig-check.c @@ -498,7 +498,7 @@ cdk_pk_check_sigs (cdk_kbnode_t key, cdk_keydb_hd_t keydb, int *r_status) u32 keyid; int key_status, is_selfsig = 0; struct verify_uid *uid_list = NULL; - char *uid_name; + char *uid_name = NULL; if (!key || !r_status) { diff --git a/lib/x509/common.c b/lib/x509/common.c index 6dc5b1494a..ee8478dc99 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -969,7 +969,7 @@ _gnutls_x509_decode_string (unsigned int etype, { int ret; const uint8_t *str; - unsigned int str_size; + unsigned int str_size, len; gnutls_datum_t td; ret = asn1_decode_simple_der (etype, der, der_size, &str, &str_size); @@ -1003,7 +1003,12 @@ _gnutls_x509_decode_string (unsigned int etype, /* Refuse to deal with strings containing NULs. */ if (etype != ASN1_ETYPE_OCTET_STRING) { - if (strlen ((void*)output->data) != (size_t)output->size) + if (output->data) + len = strlen ((void*)output->data); + else + len = 0; + + if (len != (size_t)output->size) { _gnutls_free_datum(output); ret = gnutls_assert_val(GNUTLS_E_ASN1_DER_ERROR); diff --git a/lib/x509/verify-high2.c b/lib/x509/verify-high2.c index 623a402855..7408e54f39 100644 --- a/lib/x509/verify-high2.c +++ b/lib/x509/verify-high2.c @@ -227,7 +227,7 @@ cleanup: for (i=0;i now) + if (gnutls_x509_crl_get_this_update (crl) > now && verify) *verify |= GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE; - if (gnutls_x509_crl_get_next_update (crl) < now) + if (gnutls_x509_crl_get_next_update (crl) < now && verify) *verify |= GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED; cleanup: - if (*verify) *verify |= GNUTLS_CERT_INVALID; + if (verify) *verify |= GNUTLS_CERT_INVALID; _gnutls_free_datum (&crl_signed_data); _gnutls_free_datum (&crl_signature); diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 75806e7a79..f8d378285d 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -1299,7 +1299,8 @@ _gnutls_parse_general_name (ASN1_TYPE src, const char *src_name, } /* null terminate it */ - ((char *) name)[*name_size] = 0; + if (name) + ((char *) name)[*name_size] = 0; } } diff --git a/lib/xssl.c b/lib/xssl.c index 61555591d8..0c897d492b 100644 --- a/lib/xssl.c +++ b/lib/xssl.c @@ -192,6 +192,7 @@ xssl_cred_t cred; gnutls_certificate_set_pin_function(cred->xcred, aux[i].i1.pin_fn, aux[i].i2.udata); } + else ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); if (ret < 0) { @@ -239,6 +240,7 @@ xssl_cred_t cred; goto fail1; } memcpy(cred->tofu_file, aux[i].i1.file, len+1); + ret = 0; } else ret = GNUTLS_E_INVALID_REQUEST; diff --git a/libdane/dane.c b/libdane/dane.c index b8869d9e2b..50671c755f 100644 --- a/libdane/dane.c +++ b/libdane/dane.c @@ -403,6 +403,7 @@ int ret; cleanup: free(out->data); + out->data = NULL; clean_certs: if (pub) gnutls_pubkey_deinit(pub);