[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_99_1-27-g62ecc17
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_99_1-27-g62ecc17 |
|
Date: |
Tue, 10 May 2011 13:13:26 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=62ecc17e3a81370ae101e02666e40d67dc4fb819
The branch, master has been updated
via 62ecc17e3a81370ae101e02666e40d67dc4fb819 (commit)
via 6c43108b73301062e2678a176a700a452568b1f0 (commit)
via 3df051196838f4f43f2350c637bb3fae3001ddaf (commit)
from 018e34f2919c54a5653e6e70801f537046d828c1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 62ecc17e3a81370ae101e02666e40d67dc4fb819
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue May 10 15:13:13 2011 +0200
updated
commit 6c43108b73301062e2678a176a700a452568b1f0
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue May 10 12:19:09 2011 +0200
Correctly import and export pkcs11-urls with ID field set.
commit 3df051196838f4f43f2350c637bb3fae3001ddaf
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue May 10 10:59:45 2011 +0200
eliminated last instances of strcpy() and strcat() to keep pendantics happy.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 3 +
lib/gnutls_str.c | 11 +++--
lib/gnutls_str.h | 2 +-
lib/nettle/egd.c | 5 +-
lib/opencdk/literal.c | 11 +++--
lib/opencdk/misc.c | 18 +++++----
lib/opencdk/read-packet.c | 15 +++++--
lib/pkcs11.c | 93 ++++++++++++++++++++------------------------
lib/x509/common.c | 4 +-
lib/x509_b64.c | 22 ++++------
lib/x509_b64.h | 6 +--
11 files changed, 93 insertions(+), 97 deletions(-)
diff --git a/NEWS b/NEWS
index f5bdcfe..32e5a38 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,9 @@ See the end for copying conditions.
* Version 2.99.2 (unreleased)
+** libgnutls: PKCS #11 URLs conform to the latest draft
+being http://tools.ietf.org/html/draft-pechanec-pkcs11uri-04.
+
** certtool: Can now load private keys and public keys from PKCS #11 tokens
via URLs.
diff --git a/lib/gnutls_str.c b/lib/gnutls_str.c
index f599f9a..dd7a1c5 100644
--- a/lib/gnutls_str.c
+++ b/lib/gnutls_str.c
@@ -353,7 +353,7 @@ _gnutls_buffer_delete_data (gnutls_buffer_st * dest, int
pos, size_t str_size)
int
-_gnutls_buffer_escape (gnutls_buffer_st * dest,
+_gnutls_buffer_escape (gnutls_buffer_st * dest, int all,
const char *const invalid_chars)
{
int rv = -1;
@@ -363,8 +363,8 @@ _gnutls_buffer_escape (gnutls_buffer_st * dest,
while (pos < dest->length)
{
- if (dest->data[pos] == '\\' || strchr (invalid_chars, dest->data[pos])
- || !isgraph (dest->data[pos]))
+ if (all != 0 || (dest->data[pos] == '\\' || strchr (invalid_chars,
dest->data[pos])
+ || !c_isgraph (dest->data[pos])))
{
snprintf (t, sizeof (t), "%%%.2X", (unsigned int) dest->data[pos]);
@@ -376,9 +376,10 @@ _gnutls_buffer_escape (gnutls_buffer_st * dest,
rv = -1;
goto cleanup;
}
-
+ pos+=3;
}
- pos++;
+ else
+ pos++;
}
rv = 0;
diff --git a/lib/gnutls_str.h b/lib/gnutls_str.h
index 9217955..3fb2305 100644
--- a/lib/gnutls_str.h
+++ b/lib/gnutls_str.h
@@ -74,7 +74,7 @@ int _gnutls_buffer_pop_datum_prefix (gnutls_buffer_st * buf,
gnutls_datum_t * data);
int _gnutls_buffer_to_datum (gnutls_buffer_st * str, gnutls_datum_t * data);
-int _gnutls_buffer_escape (gnutls_buffer_st * dest,
+int _gnutls_buffer_escape (gnutls_buffer_st * dest, int all,
const char *const invalid_chars);
int _gnutls_buffer_unescape (gnutls_buffer_st * dest);
diff --git a/lib/nettle/egd.c b/lib/nettle/egd.c
index b1886d4..b7c051a 100644
--- a/lib/nettle/egd.c
+++ b/lib/nettle/egd.c
@@ -30,7 +30,8 @@
#include <sys/socket.h>
#include <sys/un.h>
#include "egd.h"
-
+#include <gnutls_int.h>
+#include <gnutls_str.h>
#include <gnutls_errors.h>
#ifndef offsetof
@@ -142,7 +143,7 @@ _rndegd_connect_socket (void)
memset (&addr, 0, sizeof addr);
addr.sun_family = AF_LOCAL;
- strcpy (addr.sun_path, name);
+ _gnutls_str_cpy (addr.sun_path, sizeof(addr.sun_path), name);
addr_len = (offsetof (struct sockaddr_un, sun_path)
+ strlen (addr.sun_path));
diff --git a/lib/opencdk/literal.c b/lib/opencdk/literal.c
index a36921c..dfbdbf5 100644
--- a/lib/opencdk/literal.c
+++ b/lib/opencdk/literal.c
@@ -27,10 +27,11 @@
#endif
#include <stdio.h>
#include <time.h>
-
-#include "opencdk.h"
-#include "main.h"
-#include "filters.h"
+#include <opencdk.h>
+#include <main.h>
+#include <filters.h>
+#include <gnutls_int.h>
+#include <gnutls_str.h>
/* Duplicate the string @s but strip of possible
@@ -267,7 +268,7 @@ text_encode (void *data, FILE * in, FILE * out)
if (!s)
break;
_cdk_trim_string (buf);
- strcat (buf, "\r\n");
+ _gnutls_str_cat (buf, sizeof(buf), "\r\n");
fwrite (buf, 1, strlen (buf), out);
}
diff --git a/lib/opencdk/misc.c b/lib/opencdk/misc.c
index d00aa95..7173ee8 100644
--- a/lib/opencdk/misc.c
+++ b/lib/opencdk/misc.c
@@ -30,10 +30,11 @@
#include <ctype.h>
#include <sys/stat.h>
#include <c-ctype.h>
-
-#include "opencdk.h"
-#include "main.h"
-#include "../random.h"
+#include <opencdk.h>
+#include <main.h>
+#include <random.h>
+#include <gnutls_int.h>
+#include <gnutls_str.h>
u32
@@ -92,15 +93,16 @@ cdk_strlist_t
cdk_strlist_add (cdk_strlist_t * list, const char *string)
{
cdk_strlist_t sl;
+ int string_size = strlen(string);
if (!string)
return NULL;
- sl = cdk_calloc (1, sizeof *sl + strlen (string) + 2);
+ sl = cdk_calloc (1, sizeof *sl + string_size + 2);
if (!sl)
return NULL;
sl->d = (char *) sl + sizeof (*sl);
- strcpy (sl->d, string);
+ memcpy (sl->d, string, string_size+1);
sl->next = *list;
*list = sl;
return sl;
@@ -195,8 +197,8 @@ _cdk_tmpfile (void)
rnd[DIM (rnd) - 1] = 0;
if (!GetTempPath (464, buf))
return NULL;
- strcat (buf, "_cdk_");
- strcat (buf, rnd);
+ _gnutls_str_cat (buf, sizeof(buf), "_cdk_");
+ _gnutls_str_cat (buf, sizeof(buf), rnd);
/* We need to make sure the file will be deleted when it is closed. */
fd = _open (buf, _O_CREAT | _O_EXCL | _O_TEMPORARY |
diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
index 03395b3..3b40056 100644
--- a/lib/opencdk/read-packet.c
+++ b/lib/opencdk/read-packet.c
@@ -35,6 +35,8 @@
#include "packet.h"
#include "types.h"
#include <gnutls_algorithms.h>
+#include <gnutls_str.h>
+#include <minmax.h>
/* The version of the MDC packet considering the lastest OpenPGP draft. */
#define MDC_PKT_VER 1
@@ -472,9 +474,10 @@ read_secret_subkey (cdk_stream_t inp, size_t pktlen,
cdk_pkt_seckey_t sk)
return rc;
}
+#define ATTRIBUTE "[attribute]"
static cdk_error_t
-read_attribute (cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t attr)
+read_attribute (cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t attr, int
name_size)
{
const byte *p;
byte *buf;
@@ -487,8 +490,9 @@ read_attribute (cdk_stream_t inp, size_t pktlen,
cdk_pkt_userid_t attr)
if (DEBUG_PKT)
_gnutls_write_log ("read_attribute: %d octets\n", (int) pktlen);
- strcpy (attr->name, "[attribute]");
- attr->len = strlen (attr->name);
+ _gnutls_str_cpy (attr->name, name_size, ATTRIBUTE);
+ attr->len = MIN(name_size, sizeof(ATTRIBUTE)-1);
+
buf = cdk_calloc (1, pktlen);
if (!buf)
return CDK_Out_Of_Core;
@@ -996,14 +1000,15 @@ cdk_pkt_read (cdk_stream_t inp, cdk_packet_t pkt)
switch (pkt->pkttype)
{
case CDK_PKT_ATTRIBUTE:
+#define NAME_SIZE (pkt->pktlen + 16 + 1)
pkt->pkt.user_id = cdk_calloc (1, sizeof *pkt->pkt.user_id
- + pkt->pktlen + 16 + 1);
+ + NAME_SIZE);
if (!pkt->pkt.user_id)
return CDK_Out_Of_Core;
pkt->pkt.user_id->name =
(char *) pkt->pkt.user_id + sizeof (*pkt->pkt.user_id);
- rc = read_attribute (inp, pktlen, pkt->pkt.user_id);
+ rc = read_attribute (inp, pktlen, pkt->pkt.user_id, NAME_SIZE);
pkt->pkttype = CDK_PKT_ATTRIBUTE;
break;
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 83718b2..03f3fc9 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -343,7 +343,7 @@ pkcs11_get_info (struct pkcs11_url_info *info,
return GNUTLS_E_SHORT_MEMORY_BUFFER;
}
- strcpy (output, str);
+ memcpy (output, str, len + 1);
*output_size = len;
@@ -677,7 +677,7 @@ pkcs11_url_to_info (const char *url, struct pkcs11_url_info
*info)
if ((p1 = strstr (url, "objecttype=")) != NULL)
{
p1 += sizeof ("objecttype=") - 1;
- l = sizeof (info->model);
+ l = sizeof (info->type);
ret = unescape_string (info->type, p1, &l, ';');
if (ret < 0)
@@ -690,33 +690,21 @@ pkcs11_url_to_info (const char *url, struct
pkcs11_url_info *info)
|| ((p1 = strstr (url, ":id=")) != NULL))
{
p1 += sizeof (";id=") - 1;
+ l = sizeof (info->certid_raw);
- if ((p2 = strchr (p1, ';')) == NULL)
- {
- l = strlen (p1);
- }
- else
+ ret = unescape_string (info->certid_raw, p1, &l, ';');
+ if (ret < 0)
{
- l = p2 - p1;
+ goto cleanup;
}
+ /* not null terminated */
+ info->certid_raw_size = l-1;
- if (l > sizeof (info->id) - 1)
+ p2 = _gnutls_bin2hex(info->certid_raw, info->certid_raw_size,
+ info->id, sizeof(info->id), ":");
+ if (p2 == NULL)
{
- gnutls_assert ();
ret = GNUTLS_E_PARSING_ERROR;
- }
-
- memcpy (info->id, p1, l);
- info->id[l] = 0;
-
- /* convert to raw */
- info->certid_raw_size = sizeof (info->certid_raw);
- ret =
- _gnutls_hex2bin (info->id, strlen (info->id),
- info->certid_raw, &info->certid_raw_size);
- if (ret < 0)
- {
- gnutls_assert ();
goto cleanup;
}
}
@@ -731,21 +719,24 @@ cleanup:
#define INVALID_CHARS "\\/\"'%&address@hidden <>{}[]()`|:;,.+-"
+/* Appends @tname to @dest under the name @p11name.
+ * init indicates whether it is the initial addition to buffer.
+ */
static int
-append (gnutls_buffer_st * dest, const char *tname,
- const char *p11name, int init)
+append (gnutls_buffer_st * dest, const void *tname, int tname_size,
+ const char *p11name, int all, int init)
{
gnutls_buffer_st tmpstr;
int ret;
_gnutls_buffer_init (&tmpstr);
- if ((ret = _gnutls_buffer_append_str (&tmpstr, tname)) < 0)
+ if ((ret = _gnutls_buffer_append_data (&tmpstr, tname, tname_size)) < 0)
{
gnutls_assert ();
goto cleanup;
}
- ret = _gnutls_buffer_escape (&tmpstr, INVALID_CHARS);
+ ret = _gnutls_buffer_escape (&tmpstr, all, INVALID_CHARS);
if (ret < 0)
{
gnutls_assert ();
@@ -791,7 +782,7 @@ pkcs11_info_to_url (const struct pkcs11_url_info *info,
if (info->token[0])
{
- ret = append (&str, info->token, "token", init);
+ ret = append (&str, info->token, strlen(info->token), "token", 0, init);
if (ret < 0)
{
gnutls_assert ();
@@ -802,7 +793,7 @@ pkcs11_info_to_url (const struct pkcs11_url_info *info,
if (info->serial[0])
{
- ret = append (&str, info->serial, "serial", init);
+ ret = append (&str, info->serial, strlen(info->serial), "serial", 0,
init);
if (ret < 0)
{
gnutls_assert ();
@@ -813,7 +804,7 @@ pkcs11_info_to_url (const struct pkcs11_url_info *info,
if (info->model[0])
{
- ret = append (&str, info->model, "model", init);
+ ret = append (&str, info->model, strlen(info->model), "model", 0, init);
if (ret < 0)
{
gnutls_assert ();
@@ -825,7 +816,7 @@ pkcs11_info_to_url (const struct pkcs11_url_info *info,
if (info->manufacturer[0])
{
- ret = append (&str, info->manufacturer, "manufacturer", init);
+ ret = append (&str, info->manufacturer, strlen(info->manufacturer),
"manufacturer", 0, init);
if (ret < 0)
{
gnutls_assert ();
@@ -836,7 +827,7 @@ pkcs11_info_to_url (const struct pkcs11_url_info *info,
if (info->label[0])
{
- ret = append (&str, info->label, "object", init);
+ ret = append (&str, info->label, strlen(info->label), "object", 0, init);
if (ret < 0)
{
gnutls_assert ();
@@ -847,7 +838,7 @@ pkcs11_info_to_url (const struct pkcs11_url_info *info,
if (info->type[0])
{
- ret = append (&str, info->type, "objecttype", init);
+ ret = append (&str, info->type, strlen(info->type), "objecttype", 0,
init);
if (ret < 0)
{
gnutls_assert ();
@@ -861,8 +852,8 @@ pkcs11_info_to_url (const struct pkcs11_url_info *info,
if (info->lib_manufacturer[0])
{
ret =
- append (&str, info->lib_manufacturer, "library-manufacturer",
- init);
+ append (&str, info->lib_manufacturer,
strlen(info->lib_manufacturer), "library-manufacturer",
+ 0, init);
if (ret < 0)
{
gnutls_assert ();
@@ -873,7 +864,7 @@ pkcs11_info_to_url (const struct pkcs11_url_info *info,
if (info->lib_desc[0])
{
- ret = append (&str, info->lib_desc, "library-description", init);
+ ret = append (&str, info->lib_desc, strlen(info->lib_desc),
"library-description", 0, init);
if (ret < 0)
{
gnutls_assert ();
@@ -887,7 +878,7 @@ pkcs11_info_to_url (const struct pkcs11_url_info *info,
{
if (info->lib_version[0])
{
- ret = append (&str, info->lib_version, "library-version", init);
+ ret = append (&str, info->lib_version, strlen(info->lib_version),
"library-version", 0, init);
if (ret < 0)
{
gnutls_assert ();
@@ -897,9 +888,9 @@ pkcs11_info_to_url (const struct pkcs11_url_info *info,
}
}
- if (info->id[0] != 0)
+ if (info->certid_raw_size > 0)
{
- ret = _gnutls_buffer_append_printf (&str, ";id=%s", info->id);
+ ret = append (&str, info->certid_raw, info->certid_raw_size, "id", 1,
init);
if (ret < 0)
{
gnutls_assert ();
@@ -1334,7 +1325,7 @@ pkcs11_obj_import (unsigned int class,
gnutls_pkcs11_obj_t obj,
}
if (obj->type != GNUTLS_PKCS11_OBJ_UNKNOWN)
- strcpy (obj->info.type, pkcs11_obj_type_to_str (obj->type));
+ _gnutls_str_cpy (obj->info.type, sizeof(obj->info.type),
pkcs11_obj_type_to_str (obj->type));
if (data && data->data)
{
@@ -1857,13 +1848,13 @@ find_token_num (pakchois_session_t * pks,
if (find_data->current == find_data->seq)
{
- strcpy (find_data->info.manufacturer, tinfo->tinfo.manufacturer_id);
- strcpy (find_data->info.token, tinfo->tinfo.label);
- strcpy (find_data->info.model, tinfo->tinfo.model);
- strcpy (find_data->info.serial, tinfo->tinfo.serial_number);
+ _gnutls_str_cpy (find_data->info.manufacturer,
sizeof(find_data->info.manufacturer), tinfo->tinfo.manufacturer_id);
+ _gnutls_str_cpy (find_data->info.token, sizeof(find_data->info.token),
tinfo->tinfo.label);
+ _gnutls_str_cpy (find_data->info.model, sizeof(find_data->info.model),
tinfo->tinfo.model);
+ _gnutls_str_cpy (find_data->info.serial, sizeof(find_data->info.serial),
tinfo->tinfo.serial_number);
- strcpy (find_data->info.lib_manufacturer, lib_info->manufacturer_id);
- strcpy (find_data->info.lib_desc, lib_info->library_description);
+ _gnutls_str_cpy (find_data->info.lib_manufacturer,
sizeof(find_data->info.lib_manufacturer), lib_info->manufacturer_id);
+ _gnutls_str_cpy (find_data->info.lib_desc,
sizeof(find_data->info.lib_desc), lib_info->library_description);
snprintf (find_data->info.lib_version,
sizeof (find_data->info.lib_version), "%u.%u",
(unsigned int) lib_info->library_version.major,
@@ -1976,7 +1967,7 @@ gnutls_pkcs11_token_get_info (const char *url,
return GNUTLS_E_SHORT_MEMORY_BUFFER;
}
- strcpy (output, str);
+ memcpy (output, str, len+1);
*output_size = len;
@@ -2049,10 +2040,10 @@ pkcs11_login (pakchois_session_t * pks, const struct
token_info *info, int so)
}
memset (&uinfo, 0, sizeof (uinfo));
- strcpy (uinfo.manufacturer, info->tinfo.manufacturer_id);
- strcpy (uinfo.token, info->tinfo.label);
- strcpy (uinfo.model, info->tinfo.model);
- strcpy (uinfo.serial, info->tinfo.serial_number);
+ _gnutls_str_cpy (uinfo.manufacturer, sizeof(uinfo.manufacturer),
info->tinfo.manufacturer_id);
+ _gnutls_str_cpy (uinfo.token, sizeof(uinfo.token), info->tinfo.label);
+ _gnutls_str_cpy (uinfo.model, sizeof(uinfo.model), info->tinfo.model);
+ _gnutls_str_cpy (uinfo.serial, sizeof(uinfo.serial),
info->tinfo.serial_number);
ret = pkcs11_info_to_url (&uinfo, 1, &token_url);
if (ret < 0)
{
diff --git a/lib/x509/common.c b/lib/x509/common.c
index 51dc97a..6b76d28 100644
--- a/lib/x509/common.c
+++ b/lib/x509/common.c
@@ -392,8 +392,8 @@ _gnutls_x509_data2hex (const opaque * data, size_t
data_size,
if (out)
{
- strcpy (out, "#");
- strcat (out, res);
+ out[0] = '#';
+ _gnutls_str_cat (out, *sizeof_out, res);
}
return 0;
diff --git a/lib/x509_b64.c b/lib/x509_b64.c
index 272c00d..8f9dc4a 100644
--- a/lib/x509_b64.c
+++ b/lib/x509_b64.c
@@ -194,29 +194,25 @@ _gnutls_fbase64_encode (const char *msg, const uint8_t *
data,
uint8_t top[80];
uint8_t bottom[80];
int pos, bytes, top_len, bottom_len;
- size_t msglen = strlen (msg);
- if (msglen > 50)
+ if (strlen(msg) > 50)
{
gnutls_assert ();
return GNUTLS_E_BASE64_ENCODING_ERROR;
}
- memset (bottom, 0, sizeof (bottom));
- memset (top, 0, sizeof (top));
+ _gnutls_str_cpy (top, sizeof(top), "-----BEGIN ");
+ _gnutls_str_cat (top, sizeof(top), msg);
+ _gnutls_str_cat (top, sizeof(top), "-----");
- strcat (top, "-----BEGIN "); /* Flawfinder: ignore */
- strcat (top, msg); /* Flawfinder: ignore */
- strcat (top, "-----"); /* Flawfinder: ignore */
-
- strcat (bottom, "\n-----END "); /* Flawfinder: ignore */
- strcat (bottom, msg); /* Flawfinder: ignore */
- strcat (bottom, "-----\n"); /* Flawfinder: ignore */
+ _gnutls_str_cpy (bottom, sizeof(bottom), "\n-----END ");
+ _gnutls_str_cat (bottom, sizeof(bottom), msg);
+ _gnutls_str_cat (bottom, sizeof(bottom), "-----\n");
top_len = strlen (top);
bottom_len = strlen (bottom);
- ret = B64FSIZE (msglen, data_size);
+ ret = B64FSIZE (top_len+bottom_len, data_size);
(*result) = gnutls_calloc (1, ret + 1);
if ((*result) == NULL)
@@ -229,7 +225,7 @@ _gnutls_fbase64_encode (const char *msg, const uint8_t *
data,
INCR (bytes, top_len);
pos = top_len;
- strcpy (*result, top); /* Flawfinder: ignore */
+ memcpy (*result, top, top_len);
for (i = j = 0; i < data_size; i += 3, j += 4)
{
diff --git a/lib/x509_b64.h b/lib/x509_b64.h
index 055944e..5db60e2 100644
--- a/lib/x509_b64.h
+++ b/lib/x509_b64.h
@@ -37,10 +37,6 @@ int _gnutls_fbase64_decode (const char *header, const
uint8_t * data,
/* The size for B64 encoding + newlines plus header
*/
-#define HEADSIZE( hsize) \
- sizeof("-----BEGIN ")-1+sizeof("-----")-1+ \
- sizeof("\n-----END ")-1+sizeof("-----\n")-1+hsize+hsize
-
#define B64FSIZE( hsize, dsize) \
- (B64SIZE(dsize) + HEADSIZE(hsize) + /*newlines*/ \
+ (B64SIZE(dsize) + (hsize) + /*newlines*/ \
B64SIZE(dsize)/64 + (((B64SIZE(dsize) % 64) > 0) ? 1 : 0))
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_99_1-27-g62ecc17,
Nikos Mavrogiannopoulos <=