From: Nikos Mavrogiannopoulos Date: Sun, 23 Nov 2014 18:43:01 +0000 (+0100) Subject: sanitize URLs at the proper place X-Git-Tag: gnutls_3_4_0~567 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fdbd7d831cf4385cf0dfd20d53140735eac753a6;p=thirdparty%2Fgnutls.git sanitize URLs at the proper place --- diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c index 1cfab27f94..ba89c2db76 100644 --- a/lib/gnutls_privkey.c +++ b/lib/gnutls_privkey.c @@ -1241,32 +1241,50 @@ gnutls_privkey_import_url(gnutls_privkey_t key, const char *url, unsigned int flags) { unsigned i; + char *xurl = NULL; + int ret; + + xurl = _gnutls_sanitize_url(url, 1); + if (xurl == NULL) + return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); - if (strncmp(url, PKCS11_URL, PKCS11_URL_SIZE) == 0) + if (strncmp(url, PKCS11_URL, PKCS11_URL_SIZE) == 0) { #ifdef ENABLE_PKCS11 - return gnutls_privkey_import_pkcs11_url(key, url); + ret = gnutls_privkey_import_pkcs11_url(key, xurl); #else - return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); + ret = gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); #endif + goto cleanup; + } - if (strncmp(url, TPMKEY_URL, TPMKEY_URL_SIZE) == 0) + if (strncmp(xurl, TPMKEY_URL, TPMKEY_URL_SIZE) == 0) { #ifdef HAVE_TROUSERS - return gnutls_privkey_import_tpm_url(key, url, NULL, NULL, 0); + ret = gnutls_privkey_import_tpm_url(key, xurl, NULL, NULL, 0); #else - return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); + ret = gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); #endif + goto cleanup; + } - if (strncmp(url, SYSTEM_URL, SYSTEM_URL_SIZE) == 0) - return _gnutls_privkey_import_system_url(key, url); + if (strncmp(xurl, SYSTEM_URL, SYSTEM_URL_SIZE) == 0) { + ret = _gnutls_privkey_import_system_url(key, xurl); + goto cleanup; + } for (i=0;i<_gnutls_custom_urls_size;i++) { if (strncmp(url, _gnutls_custom_urls[i].name, _gnutls_custom_urls[i].name_size) == 0) { - if (_gnutls_custom_urls[i].import_key) - return _gnutls_custom_urls[i].import_key(key, url, flags); + if (_gnutls_custom_urls[i].import_key) { + ret = _gnutls_custom_urls[i].import_key(key, xurl, flags); + goto cleanup; + } + break; } } - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + cleanup: + gnutls_free(xurl); + return ret; } /** diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index 30d9334f3f..cf1d9b4ce2 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -657,15 +657,10 @@ read_key_mem(gnutls_certificate_credentials_t res, /* Reads a private key from a token. */ static int -read_key_url(gnutls_certificate_credentials_t res, const char *_url) +read_key_url(gnutls_certificate_credentials_t res, const char *url) { int ret; gnutls_privkey_t pkey = NULL; - char *url; - - url = _gnutls_sanitize_url(_url, 1); - if (url == NULL) - return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); /* allocate space for the pkey list */ @@ -691,11 +686,9 @@ read_key_url(gnutls_certificate_credentials_t res, const char *_url) goto cleanup; } - gnutls_free(url); return 0; cleanup: - gnutls_free(url); if (pkey) gnutls_privkey_deinit(pkey); @@ -707,7 +700,7 @@ read_key_url(gnutls_certificate_credentials_t res, const char *_url) /* Reads a certificate key from a token. */ static int -read_cert_url(gnutls_certificate_credentials_t res, const char *_url) +read_cert_url(gnutls_certificate_credentials_t res, const char *url) { int ret; gnutls_x509_crt_t crt = NULL; @@ -715,11 +708,6 @@ read_cert_url(gnutls_certificate_credentials_t res, const char *_url) gnutls_str_array_t names; gnutls_datum_t t = {NULL, 0}; unsigned i, count = 0; - char *url; - - url = _gnutls_sanitize_url(_url, 0); - if (url == NULL) - return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); _gnutls_str_array_init(&names); @@ -801,12 +789,10 @@ read_cert_url(gnutls_certificate_credentials_t res, const char *_url) if (crt != NULL) gnutls_x509_crt_deinit(crt); - gnutls_free(url); return 0; cleanup: if (crt != NULL) gnutls_x509_crt_deinit(crt); - gnutls_free(url); gnutls_free(t.data); _gnutls_str_array_clear(&names); gnutls_free(ccert);