diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2019-07-10 08:31:48 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2019-07-10 08:31:48 +0000 |
| commit | 869f629ad1108be3ba86b4d88a35d5a990ae9cdb (patch) | |
| tree | 4a5ebc4ea3d84248f1eca5a1bed18418d93bee0b | |
| parent | 4171be91af3e5f06cdf6d26143ceaadc5699c985 (diff) | |
| parent | e64327a7f78ee183c0766631be171c2d8cd4f042 (diff) | |
| download | gnutls-869f629ad1108be3ba86b4d88a35d5a990ae9cdb.tar.gz | |
Merge branch 'tmp-mark-infinite-loops' into 'master'
lib: mark infinite loops explicitly
See merge request gnutls/gnutls!1043
| -rw-r--r-- | lib/x509/name_constraints.c | 38 | ||||
| -rw-r--r-- | lib/x509/x509_ext.c | 21 |
2 files changed, 24 insertions, 35 deletions
diff --git a/lib/x509/name_constraints.c b/lib/x509/name_constraints.c index d5ce52ee70..dba2fd4b9f 100644 --- a/lib/x509/name_constraints.c +++ b/lib/x509/name_constraints.c @@ -116,7 +116,7 @@ int _gnutls_extract_name_constraints(ASN1_TYPE c2, const char *vstr, { int ret; char tmpstr[128]; - unsigned indx = 0; + unsigned indx; gnutls_datum_t tmp = { NULL, 0 }; unsigned int type; struct name_constraints_node_st *nc, *prev; @@ -127,8 +127,7 @@ int _gnutls_extract_name_constraints(ASN1_TYPE c2, const char *vstr, prev = prev->next; } - do { - indx++; + for (indx=1;;indx++) { snprintf(tmpstr, sizeof(tmpstr), "%s.?%u.base", vstr, indx); ret = @@ -164,7 +163,7 @@ int _gnutls_extract_name_constraints(ASN1_TYPE c2, const char *vstr, } tmp.data = NULL; - } while (ret >= 0); + } if (ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { gnutls_assert(); @@ -1071,13 +1070,12 @@ static unsigned check_unsupported_constraint2(gnutls_x509_crt_t cert, unsigned san_type; int ret; - idx = 0; found_one = 0; - do { + for (idx=0;;idx++) { name_size = sizeof(name); ret = gnutls_x509_crt_get_subject_alt_name2(cert, - idx++, name, &name_size, &san_type, NULL); + idx, name, &name_size, &san_type, NULL); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; else if (ret < 0) @@ -1088,7 +1086,7 @@ static unsigned check_unsupported_constraint2(gnutls_x509_crt_t cert, found_one = 1; break; - } while(ret >= 0); + } if (found_one != 0) return check_unsupported_constraint(nc, type); @@ -1129,11 +1127,11 @@ unsigned found_one; return 1; /* shortcut; no constraints to check */ if (type == GNUTLS_SAN_RFC822NAME) { - idx = found_one = 0; - do { + found_one = 0; + for (idx=0;;idx++) { name_size = sizeof(name); ret = gnutls_x509_crt_get_subject_alt_name2(cert, - idx++, name, &name_size, &san_type, NULL); + idx, name, &name_size, &san_type, NULL); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; else if (ret < 0) @@ -1149,7 +1147,7 @@ unsigned found_one; &n); if (t == 0) return gnutls_assert_val(t); - } while(ret >= 0); + } /* there is at least a single e-mail. That means that the EMAIL field will * not be used for verifying the identity of the holder. */ @@ -1190,11 +1188,11 @@ unsigned found_one; return gnutls_assert_val(1); } } else if (type == GNUTLS_SAN_DNSNAME) { - idx = found_one = 0; - do { + found_one = 0; + for (idx=0;;idx++) { name_size = sizeof(name); ret = gnutls_x509_crt_get_subject_alt_name2(cert, - idx++, name, &name_size, &san_type, NULL); + idx, name, &name_size, &san_type, NULL); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; else if (ret < 0) @@ -1210,7 +1208,7 @@ unsigned found_one; &n); if (t == 0) return gnutls_assert_val(t); - } while(ret >= 0); + } /* there is at least a single DNS name. That means that the CN will * not be used for verifying the identity of the holder. */ @@ -1256,11 +1254,11 @@ unsigned found_one; return gnutls_assert_val(1); } } else if (type == GNUTLS_SAN_IPADDRESS) { - idx = found_one = 0; - do { + found_one = 0; + for (idx=0;;idx++) { name_size = sizeof(name); ret = gnutls_x509_crt_get_subject_alt_name2(cert, - idx++, name, &name_size, &san_type, NULL); + idx, name, &name_size, &san_type, NULL); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; else if (ret < 0) @@ -1275,7 +1273,7 @@ unsigned found_one; t = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, &n); if (t == 0) return gnutls_assert_val(t); - } while(ret >= 0); + } /* there is at least a single IP address. */ diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c index aa09ef85f1..6aeb159dba 100644 --- a/lib/x509/x509_ext.c +++ b/lib/x509/x509_ext.c @@ -236,8 +236,7 @@ int gnutls_x509_ext_import_subject_alt_names(const gnutls_datum_t * ext, goto cleanup; } - i = 0; - do { + for (i=0;;i++) { san.data = NULL; san.size = 0; othername_oid.data = NULL; @@ -264,9 +263,7 @@ int gnutls_x509_ext_import_subject_alt_names(const gnutls_datum_t * ext, (char *)othername_oid.data, 1); if (ret < 0) break; - - i++; - } while (ret >= 0); + } sans->size = i; if (ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { @@ -916,8 +913,7 @@ int gnutls_x509_ext_import_authority_key_id(const gnutls_datum_t * ext, } /* Read authorityCertIssuer */ - i = 0; - do { + for (i=0;;i++) { san.data = NULL; san.size = 0; othername_oid.data = NULL; @@ -944,9 +940,7 @@ int gnutls_x509_ext_import_authority_key_id(const gnutls_datum_t * ext, (char *)othername_oid.data, 1); if (ret < 0) break; - - i++; - } while (ret >= 0); + } aki->cert_issuer.size = i; if (ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE @@ -2444,8 +2438,7 @@ int gnutls_x509_ext_import_crl_dist_points(const gnutls_datum_t * ext, snprintf(name, sizeof(name), "?%u.distributionPoint.fullName", (unsigned)i + 1); - j = 0; - do { + for (j=0;;j++) { san.data = NULL; san.size = 0; @@ -2464,9 +2457,7 @@ int gnutls_x509_ext_import_crl_dist_points(const gnutls_datum_t * ext, if (ret < 0) break; san.data = NULL; /* it is now in cdp */ - - j++; - } while (ret >= 0); + } i++; } while (ret >= 0); |