diff options
-rw-r--r-- | lib/auth_anon.c | 19 | ||||
-rw-r--r-- | lib/auth_srp.c | 9 | ||||
-rw-r--r-- | lib/gnutls_record.c | 2 | ||||
-rw-r--r-- | lib/gnutls_session_pack.c | 30 | ||||
-rw-r--r-- | src/cli.c | 5 |
5 files changed, 26 insertions, 39 deletions
diff --git a/lib/auth_anon.c b/lib/auth_anon.c index 54fee1a93e..ba88ca3c78 100644 --- a/lib/auth_anon.c +++ b/lib/auth_anon.c @@ -212,10 +212,6 @@ int proc_anon_server_kx( GNUTLS_STATE state, opaque* data, int data_size) { DECR_LEN( data_size, n_g); data_g = &data[i]; i += n_g; - if (i > data_size) { - gnutls_assert(); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } DECR_LEN( data_size, 2); n_Y = READuint16( &data[i]); @@ -224,10 +220,7 @@ int proc_anon_server_kx( GNUTLS_STATE state, opaque* data, int data_size) { DECR_LEN( data_size, n_Y); data_Y = &data[i]; i += n_Y; - if (i > data_size) { - gnutls_assert(); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } + _n_Y = n_Y; _n_g = n_g; _n_p = n_p; @@ -247,10 +240,18 @@ int proc_anon_server_kx( GNUTLS_STATE state, opaque* data, int data_size) { } /* set auth_info */ - state->gnutls_key->auth_info = gnutls_malloc(sizeof(ANON_CLIENT_AUTH_INFO)); + if (state->gnutls_key->auth_info==NULL) + state->gnutls_key->auth_info = gnutls_malloc(sizeof(ANON_CLIENT_AUTH_INFO)); + else + if (gnutls_auth_get_type( state) != state->gnutls_key->auth_info_type) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + if (state->gnutls_key->auth_info==NULL) return GNUTLS_E_MEMORY_ERROR; ((ANON_CLIENT_AUTH_INFO)state->gnutls_key->auth_info)->dh_bits = gcry_mpi_get_nbits(state->gnutls_key->client_p); state->gnutls_key->auth_info_size = sizeof(ANON_CLIENT_AUTH_INFO_INT); + state->gnutls_key->auth_info_type = GNUTLS_ANON; /* We should check signature in non-anonymous KX * this is anonymous however diff --git a/lib/auth_srp.c b/lib/auth_srp.c index 61f077baf9..0e67f5aad0 100644 --- a/lib/auth_srp.c +++ b/lib/auth_srp.c @@ -346,10 +346,6 @@ int proc_srp_server_hello(GNUTLS_STATE state, const opaque * data, int data_size DECR_LEN( data_size, n_n); data_n = &data[i]; i += n_n; - if (i > data_size) { - gnutls_assert(); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } DECR_LEN( data_size, 2); n_s = READuint16( &data[i]); @@ -358,10 +354,7 @@ int proc_srp_server_hello(GNUTLS_STATE state, const opaque * data, int data_size DECR_LEN( data_size, n_s); data_s = &data[i]; i += n_s; - if (i > data_size) { - gnutls_assert(); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } + _n_s = n_s; _n_g = n_g; _n_n = n_n; diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index 0fdff071e7..3f8c0315b7 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -559,7 +559,6 @@ ssize_t gnutls_send_int( GNUTLS_STATE state, ContentType type, HandshakeType hty } if (state->gnutls_internals.valid_connection == VALID_FALSE || state->gnutls_internals.may_write != 0) { - gnutls_assert(); return GNUTLS_E_INVALID_SESSION; } @@ -716,7 +715,6 @@ ssize_t gnutls_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType hty ret = 0; if (sizeofdata == 0 || data == NULL) { - gnutls_assert(); return GNUTLS_E_INVALID_PARAMETERS; } diff --git a/lib/gnutls_session_pack.c b/lib/gnutls_session_pack.c index da5cfad1d9..c7f0b25589 100644 --- a/lib/gnutls_session_pack.c +++ b/lib/gnutls_session_pack.c @@ -84,12 +84,11 @@ int _gnutls_session_pack(GNUTLS_STATE state, gnutls_datum * packed_session) if (info == NULL && state->gnutls_key->auth_info_size!=0) return GNUTLS_E_INVALID_PARAMETERS; - pack_size = state->gnutls_key->auth_info_size; packed_session->size = - PACK_HEADER_SIZE + pack_size + sizeof(uint32); + PACK_HEADER_SIZE + state->gnutls_key->auth_info_size + sizeof(uint32); packed_session->data[0] = GNUTLS_ANON; - WRITEuint32(pack_size, + WRITEuint32(state->gnutls_key->auth_info_size, &packed_session-> data[PACK_HEADER_SIZE]); @@ -97,7 +96,7 @@ int _gnutls_session_pack(GNUTLS_STATE state, gnutls_datum * packed_session) memcpy(&packed_session-> data[PACK_HEADER_SIZE + sizeof(uint32)], info, state->gnutls_key->auth_info_size); - + } break; case GNUTLS_X509PKI:{ @@ -196,9 +195,8 @@ int _gnutls_session_unpack(GNUTLS_STATE state, } state->gnutls_key->auth_info = - gnutls_calloc(1, - sizeof - (SRP_SERVER_AUTH_INFO_INT)); + gnutls_malloc( pack_size); + if (state->gnutls_key->auth_info == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; @@ -210,7 +208,7 @@ int _gnutls_session_unpack(GNUTLS_STATE state, memcpy(state->gnutls_key->auth_info, &packed_session->data[PACK_HEADER_SIZE + sizeof(uint32)], - sizeof(SRP_SERVER_AUTH_INFO_INT)); + pack_size); } break; case GNUTLS_ANON:{ @@ -226,19 +224,17 @@ int _gnutls_session_unpack(GNUTLS_STATE state, } state->gnutls_key->auth_info = - gnutls_calloc(1, - sizeof - (ANON_CLIENT_AUTH_INFO_INT)); + gnutls_malloc( pack_size); + if (state->gnutls_key->auth_info == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } - state->gnutls_key->auth_info_size = - sizeof(ANON_CLIENT_AUTH_INFO_INT); + state->gnutls_key->auth_info_size = pack_size; memcpy(state->gnutls_key->auth_info, - &packed_session->data[PACK_HEADER_SIZE], - sizeof(ANON_CLIENT_AUTH_INFO_INT)); + &packed_session->data[PACK_HEADER_SIZE + sizeof(uint32)], + pack_size); } break; case GNUTLS_X509PKI:{ @@ -254,8 +250,8 @@ int _gnutls_session_unpack(GNUTLS_STATE state, } state->gnutls_key->auth_info = - gnutls_calloc(1, - sizeof(X509PKI_AUTH_INFO_INT)); + gnutls_malloc( sizeof(X509PKI_AUTH_INFO_INT)); + if (state->gnutls_key->auth_info == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; @@ -69,7 +69,7 @@ int cert_list_size = 0; case GNUTLS_ANON: printf("- Anonymous DH using prime of %d bits\n", gnutls_anon_client_get_dh_bits( state)); - + break; case GNUTLS_X509PKI: cert_list = gnutls_x509pki_client_get_peer_certificate_list( state, &cert_list_size); status = gnutls_x509pki_client_get_peer_certificate_status( state); @@ -149,8 +149,7 @@ static int cert_callback( GNUTLS_STATE state, const gnutls_datum *client_certs, } const int protocol_priority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 }; -//const int kx_priority[] = { GNUTLS_KX_X509PKI_RSA, GNUTLS_KX_X509PKI_DHE_RSA, GNUTLS_KX_SRP, GNUTLS_KX_ANON_DH, 0 }; -const int kx_priority[] = { GNUTLS_KX_SRP, GNUTLS_KX_ANON_DH, 0 }; +const int kx_priority[] = { GNUTLS_KX_X509PKI_RSA, GNUTLS_KX_X509PKI_DHE_RSA, GNUTLS_KX_SRP, GNUTLS_KX_ANON_DH, 0 }; const int cipher_priority[] = { GNUTLS_CIPHER_RIJNDAEL_CBC, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0}; const int comp_priority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 }; const int mac_priority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 }; |