[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnutls-dev] [PATCH] Certificate selection fixes
From: |
Ludovic Courtès |
Subject: |
[gnutls-dev] [PATCH] Certificate selection fixes |
Date: |
Wed, 01 Aug 2007 23:25:02 +0200 |
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.1 (gnu/linux) |
Hi!
Glad to see new messages on this list. :-)
The attached patch fixes sloppy checks and error codes in the
certification selection routines.
Thanks,
Ludovic.
>From 97c8871b6b851b736a6a7d1235e1cb61651e4e99 Mon Sep 17 00:00:00 2001
From: =?utf-8?q?Ludovic=20Court=C3=A8s?= <address@hidden>
Date: Wed, 1 Aug 2007 23:18:58 +0200
Subject: [PATCH] Fixed erroneous checks and sloppy return values in certificate
selection.
* lib/auth_cert.c (_gnutls_get_selected_cert): Dereference
APR_CERT_LIST_LENGTH, APR_PKEY and APR_CERT_LIST when validating their
value.
(_gnutls_server_select_cert): When IDX < 0, set RET to
`GNUTLS_E_INSUFFICIENT_CREDENTIALS'.
---
lib/auth_cert.c | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index f91c71c..f0cb427 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -1483,8 +1483,8 @@ _gnutls_get_selected_cert (gnutls_session_t session,
*apr_pkey = session->internals.selected_key;
*apr_cert_list_length = session->internals.selected_cert_list_length;
- if (apr_cert_list_length == 0 || apr_pkey == NULL ||
- apr_cert_list == NULL)
+ if (*apr_cert_list_length == 0 || *apr_pkey == NULL ||
+ *apr_cert_list == NULL)
{
gnutls_assert ();
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
@@ -1763,6 +1763,9 @@ _gnutls_server_select_cert (gnutls_session_t session,
cred->cert_list_length[idx],
&cred->pkey[idx], 0);
}
+ else
+ /* Certificate does not support REQUESTED_ALGO. */
+ ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS;
return ret;
}
--
1.5.2.4
- [gnutls-dev] [PATCH] Certificate selection fixes,
Ludovic Courtès <=