emacs-diffs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Emacs-diffs] [emacs] 02/02: Get rid of arbitrary gnutls length limit

From: Lars Ingebrigtsen
Subject: [Emacs-diffs] [emacs] 02/02: Get rid of arbitrary gnutls length limit
Date: Tue, 18 Nov 2014 01:57:34 +0000 
branch: nsm
commit 8795acdd019f2a40bfebdf3f69e436746373cefc
Author: Lars Magne Ingebrigtsen <address@hidden>
Date:   Tue Nov 18 02:57:23 2014 +0100

    Get rid of arbitrary gnutls length limit
---
 src/gnutls.c |   17 ++++++++++++-----
 1 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/src/gnutls.c b/src/gnutls.c
index a6b7044..6b7a45d 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -62,8 +62,6 @@ static void gnutls_log_function2 (int, const char*, const 
char*);
 static void gnutls_audit_log_function (gnutls_session_t, const char *);
 #endif
 
-#define GNUTLS_MAX_HASH_SIZE 64
-
 static enum
   {
     CERTIFICATE_NOT_MATCHING = 2,
@@ -870,8 +868,8 @@ The return value is a property list.  */)
   (Lisp_Object proc)
 {
   int ret;
-  unsigned char buffer[GNUTLS_MAX_HASH_SIZE];
-  size_t size = sizeof (buffer);
+  unsigned char *buffer;
+  size_t size = 0;
   Lisp_Object hash, warnings = Qnil, result = Qnil;
   unsigned int verification;
 
@@ -882,11 +880,20 @@ The return value is a property list.  */)
 
   /* First get the fingerprint of the certificate. */
   ret = fn_gnutls_x509_crt_get_fingerprint (XPROCESS 
(proc)->gnutls_certificate,
+                                           GNUTLS_DIG_SHA1, NULL, &size);
+  if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
+    return gnutls_make_error (ret);
+
+  buffer = malloc (size);
+  ret = fn_gnutls_x509_crt_get_fingerprint (XPROCESS 
(proc)->gnutls_certificate,
                                            GNUTLS_DIG_SHA1, buffer, &size);
-  if (ret < GNUTLS_E_SUCCESS)
+  if (ret < GNUTLS_E_SUCCESS) {
+    free (buffer);
     return gnutls_make_error (ret);
+  }
 
   hash = gnutls_hex_string (buffer, size, "sha1:");
+  free (buffer);
 
   /* Then collect any warnings already computed by the handshake. */
   verification = XPROCESS (proc)->gnutls_peer_verification;
reply via email to
[Prev in Thread] Current Thread [Next in Thread]