[gnutls-dev] [PATCH] Certificate selection fixes

[Ludovic Courtès]

Hi!

Glad to see new messages on this list.  :-)

The attached patch fixes sloppy checks and error codes in the
certification selection routines.

Thanks,
Ludovic.

>From 97c8871b6b851b736a6a7d1235e1cb61651e4e99 Mon Sep 17 00:00:00 2001
From: =?utf-8?q?Ludovic=20Court=C3=A8s?= <address@hidden>
Date: Wed, 1 Aug 2007 23:18:58 +0200
Subject: [PATCH] Fixed erroneous checks and sloppy return values in certificate 
selection.

* lib/auth_cert.c (_gnutls_get_selected_cert): Dereference
  APR_CERT_LIST_LENGTH, APR_PKEY and APR_CERT_LIST when validating their
  value.
  (_gnutls_server_select_cert): When IDX < 0, set RET to
  `GNUTLS_E_INSUFFICIENT_CREDENTIALS'.
---
 lib/auth_cert.c |    7 +++++--
 1 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index f91c71c..f0cb427 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -1483,8 +1483,8 @@ _gnutls_get_selected_cert (gnutls_session_t session,
       *apr_pkey = session->internals.selected_key;
       *apr_cert_list_length = session->internals.selected_cert_list_length;
 
-      if (apr_cert_list_length == 0 || apr_pkey == NULL ||
-         apr_cert_list == NULL)
+      if (*apr_cert_list_length == 0 || *apr_pkey == NULL ||
+         *apr_cert_list == NULL)
        {
          gnutls_assert ();
          return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
@@ -1763,6 +1763,9 @@ _gnutls_server_select_cert (gnutls_session_t session,
                                  cred->cert_list_length[idx],
                                  &cred->pkey[idx], 0);
     }
+  else
+    /* Certificate does not support REQUESTED_ALGO.  */
+    ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS;
 
   return ret;
 }
-- 
1.5.2.4