diff options
-rw-r--r-- | lib/gnutls_str.c | 5 | ||||
-rw-r--r-- | lib/nettle/pk.c | 2 | ||||
-rw-r--r-- | lib/opencdk/keydb.c | 23 | ||||
-rw-r--r-- | lib/opencdk/sig-check.c | 2 | ||||
-rw-r--r-- | lib/x509/common.c | 9 | ||||
-rw-r--r-- | lib/x509/verify-high2.c | 2 | ||||
-rw-r--r-- | lib/x509/verify.c | 6 | ||||
-rw-r--r-- | lib/x509/x509.c | 3 | ||||
-rw-r--r-- | lib/xssl.c | 2 | ||||
-rw-r--r-- | libdane/dane.c | 1 |
10 files changed, 42 insertions, 13 deletions
diff --git a/lib/gnutls_str.c b/lib/gnutls_str.c index d678d9998a..f5ca099c60 100644 --- a/lib/gnutls_str.c +++ b/lib/gnutls_str.c @@ -301,6 +301,11 @@ _gnutls_buffer_pop_data (gnutls_buffer_st * str, void *data, gnutls_datum_t tdata; _gnutls_buffer_pop_datum (str, &tdata, *req_size); + if (tdata->data == NULL) + { + *req_size = 0; + return; + } *req_size = tdata.size; memcpy (data, tdata.data, tdata.size); diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index 780d33fb3f..09e3234f42 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -183,7 +183,7 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, gnutls_datum_t * o ecc_cleanup: ecc_point_clear(&ecc_pub); ecc_scalar_clear(&ecc_priv); - + if (ret < 0) goto cleanup; break; } default: diff --git a/lib/opencdk/keydb.c b/lib/opencdk/keydb.c index 86708c14db..fd43982c66 100644 --- a/lib/opencdk/keydb.c +++ b/lib/opencdk/keydb.c @@ -268,8 +268,6 @@ keydb_idx_search (cdk_stream_t inp, u32 * keyid, const byte * fpr, *r_off = idx->offset; break; } - cdk_free (idx); - idx = NULL; } cdk_free (idx); return *r_off != 0xFFFFFFFF ? 0 : CDK_EOF; @@ -818,6 +816,9 @@ keydb_pos_from_cache (cdk_keydb_hd_t hd, cdk_keydb_search_t ks, void cdk_keydb_search_release (cdk_keydb_search_t st) { + if (st == NULL) + return; + keydb_cache_free (st->cache); if (st->idx) @@ -2211,13 +2212,27 @@ _cdk_keydb_check_userid (cdk_keydb_hd_t hd, u32 * keyid, const char *id) } check = 0; - cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_KEYID, keyid); + rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_KEYID, keyid); + if (rc) + { + cdk_kbnode_release (knode); + gnutls_assert (); + return rc; + } + if (unode && find_by_keyid (unode, st)) check++; cdk_keydb_search_release (st); cdk_kbnode_release (unode); - cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_EXACT, (char *) id); + rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_EXACT, (char *) id); + if (rc) + { + cdk_kbnode_release (knode); + gnutls_assert (); + return rc; + } + if (knode && find_by_pattern (knode, st)) check++; cdk_keydb_search_release (st); diff --git a/lib/opencdk/sig-check.c b/lib/opencdk/sig-check.c index e2543ee196..78f27421ac 100644 --- a/lib/opencdk/sig-check.c +++ b/lib/opencdk/sig-check.c @@ -498,7 +498,7 @@ cdk_pk_check_sigs (cdk_kbnode_t key, cdk_keydb_hd_t keydb, int *r_status) u32 keyid; int key_status, is_selfsig = 0; struct verify_uid *uid_list = NULL; - char *uid_name; + char *uid_name = NULL; if (!key || !r_status) { diff --git a/lib/x509/common.c b/lib/x509/common.c index 6dc5b1494a..ee8478dc99 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -969,7 +969,7 @@ _gnutls_x509_decode_string (unsigned int etype, { int ret; const uint8_t *str; - unsigned int str_size; + unsigned int str_size, len; gnutls_datum_t td; ret = asn1_decode_simple_der (etype, der, der_size, &str, &str_size); @@ -1003,7 +1003,12 @@ _gnutls_x509_decode_string (unsigned int etype, /* Refuse to deal with strings containing NULs. */ if (etype != ASN1_ETYPE_OCTET_STRING) { - if (strlen ((void*)output->data) != (size_t)output->size) + if (output->data) + len = strlen ((void*)output->data); + else + len = 0; + + if (len != (size_t)output->size) { _gnutls_free_datum(output); ret = gnutls_assert_val(GNUTLS_E_ASN1_DER_ERROR); diff --git a/lib/x509/verify-high2.c b/lib/x509/verify-high2.c index 623a402855..7408e54f39 100644 --- a/lib/x509/verify-high2.c +++ b/lib/x509/verify-high2.c @@ -227,7 +227,7 @@ cleanup: for (i=0;i<pcrt_list_size;i++) { gnutls_pkcs11_obj_deinit(pcrt_list[i]); - gnutls_x509_crt_deinit(xcrt_list[i]); + if (xcrt_list) gnutls_x509_crt_deinit(xcrt_list[i]); } gnutls_free(pcrt_list); gnutls_free(xcrt_list); diff --git a/lib/x509/verify.c b/lib/x509/verify.c index e146878abf..cb8289e36b 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -1004,15 +1004,15 @@ gnutls_x509_crl_verify (gnutls_x509_crl_t crl, } } - if (gnutls_x509_crl_get_this_update (crl) > now) + if (gnutls_x509_crl_get_this_update (crl) > now && verify) *verify |= GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE; - if (gnutls_x509_crl_get_next_update (crl) < now) + if (gnutls_x509_crl_get_next_update (crl) < now && verify) *verify |= GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED; cleanup: - if (*verify) *verify |= GNUTLS_CERT_INVALID; + if (verify) *verify |= GNUTLS_CERT_INVALID; _gnutls_free_datum (&crl_signed_data); _gnutls_free_datum (&crl_signature); diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 75806e7a79..f8d378285d 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -1299,7 +1299,8 @@ _gnutls_parse_general_name (ASN1_TYPE src, const char *src_name, } /* null terminate it */ - ((char *) name)[*name_size] = 0; + if (name) + ((char *) name)[*name_size] = 0; } } diff --git a/lib/xssl.c b/lib/xssl.c index 61555591d8..0c897d492b 100644 --- a/lib/xssl.c +++ b/lib/xssl.c @@ -192,6 +192,7 @@ xssl_cred_t cred; gnutls_certificate_set_pin_function(cred->xcred, aux[i].i1.pin_fn, aux[i].i2.udata); } + else ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); if (ret < 0) { @@ -239,6 +240,7 @@ xssl_cred_t cred; goto fail1; } memcpy(cred->tofu_file, aux[i].i1.file, len+1); + ret = 0; } else ret = GNUTLS_E_INVALID_REQUEST; diff --git a/libdane/dane.c b/libdane/dane.c index b8869d9e2b..50671c755f 100644 --- a/libdane/dane.c +++ b/libdane/dane.c @@ -403,6 +403,7 @@ int ret; cleanup: free(out->data); + out->data = NULL; clean_certs: if (pub) gnutls_pubkey_deinit(pub); |