return 0;
}
+static int
+name_constraints_node_add_new(gnutls_x509_name_constraints_t nc,
+ struct name_constraints_node_list_st *list,
+ unsigned type, const unsigned char *data,
+ unsigned int size)
+{
+ struct name_constraints_node_st *node;
+ int ret;
+ node = name_constraints_node_new(nc, type, data, size);
+ if (node == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ ret = name_constraints_node_list_add(list, node);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ return GNUTLS_E_SUCCESS;
+}
+
+static int
+name_constraints_node_add_copy(gnutls_x509_name_constraints_t nc,
+ struct name_constraints_node_list_st *dest,
+ const struct name_constraints_node_st *src)
+{
+ if (!src)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ return name_constraints_node_add_new(nc, dest, src->type,
+ src->name.data, src->name.size);
+}
+
// for documentation see the implementation
static int name_constraints_intersect_nodes(
gnutls_x509_name_constraints_t nc,
unsigned indx;
gnutls_datum_t tmp = { NULL, 0 };
unsigned int type;
- struct name_constraints_node_st *node;
for (indx = 1;; indx++) {
snprintf(tmpstr, sizeof(tmpstr), "%s.?%u.base", vstr, indx);
goto cleanup;
}
- node = name_constraints_node_new(nc, type, tmp.data, tmp.size);
+ ret = name_constraints_node_add_new(nc, nodes, type, tmp.data,
+ tmp.size);
_gnutls_free_datum(&tmp);
- if (node == NULL) {
- gnutls_assert();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- ret = name_constraints_node_list_add(nodes, node);
if (ret < 0) {
gnutls_assert();
goto cleanup;
// Beware: also copies nodes other than DNS, email, IP,
// since their counterpart may have been moved in phase 1.
if (!used) {
- tmp = name_constraints_node_new(
- nc, t2->type, t2->name.data, t2->name.size);
- if (tmp == NULL) {
- gnutls_assert();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
- ret = name_constraints_node_list_add(permitted, tmp);
+ ret = name_constraints_node_add_copy(nc, permitted, t2);
if (ret < 0) {
gnutls_assert();
goto cleanup;
switch (type) {
case GNUTLS_SAN_IPADDRESS:
// add universal restricted range for IPv4
- tmp = name_constraints_node_new(
- nc, GNUTLS_SAN_IPADDRESS, universal_ip, 8);
- if (tmp == NULL) {
- gnutls_assert();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
- ret = name_constraints_node_list_add(excluded, tmp);
+ ret = name_constraints_node_add_new(
+ nc, excluded, GNUTLS_SAN_IPADDRESS,
+ universal_ip, 8);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
// add universal restricted range for IPv6
- tmp = name_constraints_node_new(
- nc, GNUTLS_SAN_IPADDRESS, universal_ip, 32);
- if (tmp == NULL) {
- gnutls_assert();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
- ret = name_constraints_node_list_add(excluded, tmp);
+ ret = name_constraints_node_add_new(
+ nc, excluded, GNUTLS_SAN_IPADDRESS,
+ universal_ip, 32);
if (ret < 0) {
gnutls_assert();
goto cleanup;
break;
case GNUTLS_SAN_DNSNAME:
case GNUTLS_SAN_RFC822NAME:
- tmp = name_constraints_node_new(nc, type, NULL, 0);
- if (tmp == NULL) {
- gnutls_assert();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
- ret = name_constraints_node_list_add(excluded, tmp);
+ ret = name_constraints_node_add_new(nc, excluded, type,
+ NULL, 0);
if (ret < 0) {
gnutls_assert();
goto cleanup;
struct name_constraints_node_list_st *nodes,
const struct name_constraints_node_list_st *nodes2)
{
- for (size_t i = 0; i < nodes2->size; i++) {
- const struct name_constraints_node_st *node = nodes2->data[i];
- struct name_constraints_node_st *tmp;
- int ret;
+ int ret;
- tmp = name_constraints_node_new(nc, node->type, node->name.data,
- node->name.size);
- if (tmp == NULL) {
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- }
- ret = name_constraints_node_list_add(nodes, tmp);
+ for (size_t i = 0; i < nodes2->size; i++) {
+ ret = name_constraints_node_add_copy(nc, nodes,
+ nodes2->data[i]);
if (ret < 0) {
- name_constraints_node_free(tmp);
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ return gnutls_assert_val(ret);
}
}
gnutls_x509_subject_alt_name_t type,
const gnutls_datum_t *name, unsigned permitted)
{
- struct name_constraints_node_st *tmp;
struct name_constraints_node_list_st *nodes;
int ret;
nodes = permitted ? &nc->permitted : &nc->excluded;
- tmp = name_constraints_node_new(nc, type, name->data, name->size);
- if (tmp == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- ret = name_constraints_node_list_add(nodes, tmp);
- if (ret < 0) {
- name_constraints_node_free(tmp);
+ ret = name_constraints_node_add_new(nc, nodes, type, name->data,
+ name->size);
+ if (ret < 0)
return gnutls_assert_val(ret);
- }
return 0;
}
projects / thirdparty / gnutls.git / commitdiff
