[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_5-8-g5b15e16
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_5-8-g5b15e16 |
|
Date: |
Sun, 25 Nov 2012 16:57:46 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=5b15e1660703398e1f799ff5cf795d4b0809ef72
The branch, master has been updated
via 5b15e1660703398e1f799ff5cf795d4b0809ef72 (commit)
via e7c3df901ae77080c4c445cbab1e2efc58e04ad0 (commit)
via 9be61b784a901c6cf434ee94b790acbed0f4a401 (commit)
from a2c16b9539c9dc6b0aa58b8bcc526b4293e670f6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5b15e1660703398e1f799ff5cf795d4b0809ef72
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Nov 25 16:23:04 2012 +0100
LDAP string escaping was made stricter (rfc4514 conforming)
commit e7c3df901ae77080c4c445cbab1e2efc58e04ad0
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Nov 25 16:22:24 2012 +0100
removed unneeded types.
commit 9be61b784a901c6cf434ee94b790acbed0f4a401
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Nov 25 15:24:47 2012 +0100
UniversalString (UTF-32) is handled as non-printable for now.
-----------------------------------------------------------------------
Summary of changes:
lib/pkix.asn | 23 -------------
lib/pkix_asn1_tab.c | 16 ---------
lib/x509/common.c | 16 +++++----
lib/x509/dn.c | 90 +++++++++++++++++++++++++++++++-------------------
4 files changed, 65 insertions(+), 80 deletions(-)
diff --git a/lib/pkix.asn b/lib/pkix.asn
index cc788b7..c468dce 100644
--- a/lib/pkix.asn
+++ b/lib/pkix.asn
@@ -126,29 +126,6 @@ AccessDescription ::= SEQUENCE {
-- EXPLICIT
-- --------------------------------------
--- UNIVERSAL Types defined in '93 and '98 ASN.1
--- but required by this specification
-
-NumericString ::= [UNIVERSAL 18] IMPLICIT OCTET STRING
-
-IA5String ::= [UNIVERSAL 22] IMPLICIT OCTET STRING
-
-TeletexString ::= [UNIVERSAL 20] IMPLICIT OCTET STRING
-
-PrintableString ::= [UNIVERSAL 19] IMPLICIT OCTET STRING
-
-UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING
- -- UniversalString is defined in ASN.1:1993
-
-BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING
- -- BMPString is the subtype of UniversalString and models
- -- the Basic Multilingual Plane of ISO/IEC/ITU 10646-1
-
-UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
- -- The content of this type conforms to RFC 2279.
-
-VisibleString ::= [UNIVERSAL 26] IMPLICIT OCTET STRING
-
-- attribute data types --
Attribute ::= SEQUENCE {
diff --git a/lib/pkix_asn1_tab.c b/lib/pkix_asn1_tab.c
index afa6a77..daa5e4c 100644
--- a/lib/pkix_asn1_tab.c
+++ b/lib/pkix_asn1_tab.c
@@ -103,22 +103,6 @@ const asn1_static_node pkix_asn1_tab[] = {
{ "AccessDescription", 1610612741, NULL },
{ "accessMethod", 1073741836, NULL },
{ "accessLocation", 2, "GeneralName"},
- { "NumericString", 1610620935, NULL },
- { NULL, 4360, "18"},
- { "IA5String", 1610620935, NULL },
- { NULL, 4360, "22"},
- { "TeletexString", 1610620935, NULL },
- { NULL, 4360, "20"},
- { "PrintableString", 1610620935, NULL },
- { NULL, 4360, "19"},
- { "UniversalString", 1610620935, NULL },
- { NULL, 4360, "28"},
- { "BMPString", 1610620935, NULL },
- { NULL, 4360, "30"},
- { "UTF8String", 1610620935, NULL },
- { NULL, 4360, "12"},
- { "VisibleString", 1610620935, NULL },
- { NULL, 4360, "26"},
{ "Attribute", 1610612741, NULL },
{ "type", 1073741826, "AttributeType"},
{ "values", 536870927, NULL },
diff --git a/lib/x509/common.c b/lib/x509/common.c
index b97fc06..594ad0f 100644
--- a/lib/x509/common.c
+++ b/lib/x509/common.c
@@ -223,7 +223,7 @@ size_t size;
printable = 1;
}
}
- else
+ else if (etype != ASN1_ETYPE_UNIVERSAL_STRING) /* supported but not
printable */
return GNUTLS_E_INVALID_REQUEST;
if (printable == 0)
@@ -258,7 +258,7 @@ decode_complex_string (const struct oid_to_string* oentry,
void *value,
int len = -1, result;
ASN1_TYPE tmpasn = ASN1_TYPE_EMPTY;
char asn1_err[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = "";
- int etype = ASN1_ETYPE_INVALID;
+ unsigned int etype;
gnutls_datum_t td;
if (oentry->asn_desc == NULL)
@@ -297,14 +297,16 @@ decode_complex_string (const struct oid_to_string*
oentry, void *value,
str[len] = 0;
- /* Note that we do not support strings other than
- * UTF-8 (thus ASCII as well).
- */
+ /* We set the etype on the strings that may need
+ * some conversion to UTF-8. The INVALID flag indicates
+ * no conversion needed */
if (strcmp (str, "teletexString") == 0)
etype = ASN1_ETYPE_TELETEX_STRING;
-
- if (strcmp (str, "bmpString") == 0)
+ else if (strcmp (str, "bmpString") == 0)
etype = ASN1_ETYPE_BMP_STRING;
+ else if (strcmp (str, "universalString") == 0)
+ etype = ASN1_ETYPE_UNIVERSAL_STRING;
+ else etype = ASN1_ETYPE_INVALID;
_gnutls_str_cpy (tmpname, sizeof (tmpname), str);
diff --git a/lib/x509/dn.c b/lib/x509/dn.c
index 5d2cce4..1bee855 100644
--- a/lib/x509/dn.c
+++ b/lib/x509/dn.c
@@ -35,30 +35,53 @@
/* Escapes a string following the rules from RFC4514.
*/
-static char *
-str_escape (char *str, char *buffer, unsigned int buffer_size)
+static int
+str_escape (const gnutls_datum_t* str, gnutls_datum_t * escaped)
{
- int str_length, j, i;
-
- if (str == NULL || buffer == NULL)
- return NULL;
-
- str_length = MIN (strlen (str), buffer_size - 1);
-
- for (i = j = 0; i < str_length; i++)
+ unsigned int j, i;
+ uint8_t *buffer = NULL;
+ int ret;
+
+ if (str == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ /* the string will be at most twice the original */
+ buffer = gnutls_malloc(str->size*2+2);
+ if (buffer == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ for (i = j = 0; i < str->size; i++)
{
- if (str[i] == ',' || str[i] == '+' || str[i] == '"'
- || str[i] == '\\' || str[i] == '<' || str[i] == '>'
- || str[i] == ';')
- buffer[j++] = '\\';
+ if (str->data[i] == 0)
+ {
+ /* this is handled earlier */
+ ret = gnutls_assert_val(GNUTLS_E_ASN1_DER_ERROR);
+ goto cleanup;
+ }
- buffer[j++] = str[i];
+ if (str->data[i] == ',' || str->data[i] == '+' || str->data[i] == '"'
+ || str->data[i] == '\\' || str->data[i] == '<' || str->data[i] == '>'
+ || str->data[i] == ';' || str->data[i] == 0)
+ buffer[j++] = '\\';
+ else if (i==0 && str->data[i] == '#')
+ buffer[j++] = '\\';
+ else if (i==0 && str->data[i] == ' ')
+ buffer[j++] = '\\';
+ else if (i==(str->size-1) && str->data[i] == ' ')
+ buffer[j++] = '\\';
+
+ buffer[j++] = str->data[i];
}
/* null terminate the string */
buffer[j] = 0;
+ escaped->data = buffer;
+ escaped->size = j;
- return buffer;
+ return 0;
+cleanup:
+ gnutls_free(buffer);
+ return ret;
}
/* Parses an X509 DN in the asn1_struct, and puts the output into
@@ -78,12 +101,10 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
char tmpbuffer2[ASN1_MAX_NAME_SIZE];
char tmpbuffer3[ASN1_MAX_NAME_SIZE];
uint8_t value[MAX_STRING_LEN], *value2 = NULL;
- gnutls_datum_t td;
- char *escaped = NULL;
+ gnutls_datum_t td, escaped = {NULL, 0};
const char *ldap_desc;
char oid[MAX_OID_SIZE];
int len;
- size_t sizeof_escaped;
if (sizeof_buf == NULL)
{
@@ -205,6 +226,10 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
gnutls_assert(); \
goto cleanup; \
}
+#define DATA_APPEND(x,y) if ((result=_gnutls_buffer_append_data( &out_str,
x,y)) < 0) { \
+ gnutls_assert(); \
+ goto cleanup; \
+}
/* The encodings of adjoining RelativeDistinguishedNames are
separated
* by a comma character (',' ASCII 44).
*/
@@ -227,16 +252,6 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
ldap_desc = gnutls_x509_dn_oid_name (oid,
GNUTLS_X509_DN_OID_RETURN_OID);
- /* leading #, hex encoded value and terminating NULL */
- sizeof_escaped = 2 * len + 2;
-
- escaped = gnutls_malloc (sizeof_escaped);
- if (escaped == NULL)
- {
- gnutls_assert ();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
STR_APPEND (ldap_desc);
STR_APPEND ("=");
@@ -248,14 +263,21 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
gnutls_assert ();
_gnutls_debug_log
("Cannot parse OID: '%s' with value '%s'\n",
- oid, _gnutls_bin2hex (value2, len, escaped, sizeof_escaped,
+ oid, _gnutls_bin2hex (value2, len, tmpbuffer3,
sizeof(tmpbuffer3),
NULL));
goto cleanup;
}
- STR_APPEND (str_escape ((char*)td.data, escaped, sizeof_escaped));
+
+ result = str_escape(&td, &escaped);
+ if (result < 0)
+ {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ DATA_APPEND (escaped.data, escaped.size);
_gnutls_free_datum (&td);
- gnutls_free (escaped);
- escaped = NULL;
+ _gnutls_free_datum (&escaped);
gnutls_free (value2);
value2 = NULL;
@@ -285,7 +307,7 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
cleanup:
gnutls_free (value2);
- gnutls_free (escaped);
+ _gnutls_free_datum (&escaped);
_gnutls_buffer_clear (&out_str);
return result;
}
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_1_5-8-g5b15e16,
Nikos Mavrogiannopoulos <=