diff options
author | joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845> | 2011-05-03 12:07:08 +0000 |
---|---|---|
committer | joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845> | 2011-05-03 12:07:08 +0000 |
commit | ccfdafa311337e176bb1b92dd8755af6777f4780 (patch) | |
tree | 7495d85a27f5c5d201d856d3f3ccf3329e10dde2 | |
parent | 4c893a3d3cc65464e6068903722c7c11ad139bc8 (diff) | |
download | neon-ccfdafa311337e176bb1b92dd8755af6777f4780.tar.gz |
Merge r1836, r1837, r1838 from trunk:
* src/ne_gnutls.c (ne__ssl_init): Fix for GnuTLS with Nettle.
* src/ne_auth.c (get_cnonce): Likewise.
Submitted by: Arfrever Frehtes Taifersar Arahesis <arfrever.fta gmail.com>
* src/ne_auth.c
(ah_post_send): Clear SSPI context only after successful authentication.
Submitted by: Ivan Zhakov <ivan visualsvn.com>
Fix some errors flagged by a Coverity scan:
* src/ne_auth.c (verify_negotiate_response): Check for NULL pointer.
* src/ne_gnutls.c (check_certificate): Initiatialize 'failures'.
(pkcs12_parse): Check for _crt_init failure.
* src/ne_session.c (ne__ssl_set_verify_err): Pass size-1 to strncat.
git-svn-id: http://svn.webdav.org/repos/projects/neon/branches/0.29.x@1839 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
-rw-r--r-- | src/ne_auth.c | 15 | ||||
-rw-r--r-- | src/ne_gnutls.c | 11 | ||||
-rw-r--r-- | src/ne_session.c | 4 |
3 files changed, 23 insertions, 7 deletions
diff --git a/src/ne_auth.c b/src/ne_auth.c index 32f2698..df640d5 100644 --- a/src/ne_auth.c +++ b/src/ne_auth.c @@ -46,7 +46,12 @@ #ifdef HAVE_OPENSSL #include <openssl/rand.h> #elif defined(HAVE_GNUTLS) +#include <gnutls/gnutls.h> +#if LIBGNUTLS_VERSION_NUMBER < 0x020b00 #include <gcrypt.h> +#else +#include <gnutls/crypto.h> +#endif #endif #include <errno.h> @@ -316,7 +321,11 @@ static char *get_cnonce(void) #ifdef HAVE_GNUTLS if (1) { +#if LIBGNUTLS_VERSION_NUMBER < 0x020b00 gcry_create_nonce(data, sizeof data); +#else + gnutls_rnd(GNUTLS_RND_NONCE, data, sizeof data); +#endif ne_md5_process_bytes(data, sizeof data, hash); } else @@ -567,7 +576,7 @@ static int verify_negotiate_response(struct auth_request *req, auth_session *ses int ret; ne_buffer *errmsg = NULL; - if (strncmp(hdr, "Negotiate", ptr - duphdr) != 0) { + if (!ptr || strncmp(hdr, "Negotiate", ptr - duphdr) != 0) { ne_set_error(sess->sess, _("Negotiate response verification failed: " "invalid response header token")); ne_free(duphdr); @@ -1542,8 +1551,8 @@ static int ah_post_send(ne_request *req, void *cookie, const ne_status *status) } #ifdef HAVE_SSPI - /* Whatever happens: clear the SSPI context if it exists. */ - if (sess->sspi_context) { + /* Clear the SSPI context after successfull authentication. */ + if ((status->klass == 2 || status->klass == 3) && sess->sspi_context) { ne_sspi_clear_context(sess->sspi_context); } #endif diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c index ef12e2d..eec5655 100644 --- a/src/ne_gnutls.c +++ b/src/ne_gnutls.c @@ -38,11 +38,15 @@ #ifdef NE_HAVE_TS_SSL #include <errno.h> #include <pthread.h> +#if LIBGNUTLS_VERSION_NUMBER < 0x020b01 #include <gcrypt.h> GCRY_THREAD_OPTION_PTHREAD_IMPL; +#endif #else +#if LIBGNUTLS_VERSION_NUMBER < 0x020b01 #include <gcrypt.h> #endif +#endif #ifdef HAVE_ICONV #include <iconv.h> @@ -854,7 +858,7 @@ static int check_chain_expiry(ne_ssl_certificate *chain) static int check_certificate(ne_session *sess, gnutls_session sock, ne_ssl_certificate *chain) { - int ret, failures; + int ret, failures = 0; ne_uri server; unsigned int status; @@ -1083,7 +1087,8 @@ static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey, * really need to match up keyids. */ if (*x5) break; - gnutls_x509_crt_init(x5); + ret = gnutls_x509_crt_init(x5); + if (ret < 0) continue; ret = gnutls_pkcs12_bag_get_data(bag, j, &data); if (ret < 0) continue; @@ -1371,10 +1376,12 @@ int ne_ssl_cert_digest(const ne_ssl_certificate *cert, char *digest) int ne__ssl_init(void) { +#if LIBGNUTLS_VERSION_NUMBER < 0x020b01 #ifdef NE_HAVE_TS_SSL gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); #endif gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0); +#endif return gnutls_global_init(); } diff --git a/src/ne_session.c b/src/ne_session.c index 1502140..d9a8ed3 100644 --- a/src/ne_session.c +++ b/src/ne_session.c @@ -565,8 +565,8 @@ void ne__ssl_set_verify_err(ne_session *sess, int failures) for (n = 0; reasons[n].bit; n++) { if (failures & reasons[n].bit) { - if (flag) strncat(sess->error, ", ", sizeof sess->error); - strncat(sess->error, _(reasons[n].str), sizeof sess->error); + if (flag) strncat(sess->error, ", ", sizeof sess->error - 1); + strncat(sess->error, _(reasons[n].str), sizeof sess->error - 1); flag = 1; } } |