[SCM] GNU gnutls branch, master, updated. gnutls_3_1

gnutls-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, master, updated. gnutls_3_1_4-49-g074d9d0

From:	Nikos Mavrogiannopoulos
Subject:	[SCM] GNU gnutls branch, master, updated. gnutls_3_1_4-49-g074d9d0
Date:	Tue, 20 Nov 2012 18:20:09 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=074d9d03bac65c7ac5f0bd76b76bf5a6ef10a619

The branch, master has been updated
       via  074d9d03bac65c7ac5f0bd76b76bf5a6ef10a619 (commit)
       via  77727d5612698cbc919cb1f1c359931a30819c93 (commit)
      from  517699a4c19ac33ea6e064e136e692fa6add1dcf (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 074d9d03bac65c7ac5f0bd76b76bf5a6ef10a619
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Tue Nov 20 19:19:59 2012 +0100

    enforce the 200 character limit.

commit 77727d5612698cbc919cb1f1c359931a30819c93
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Tue Nov 20 19:16:44 2012 +0100

    improved iconv support.

-----------------------------------------------------------------------

Summary of changes:
 NEWS                  |    2 +-
 lib/system.c          |   40 ++++++++++++++++++++++++++++++++++------
 lib/x509/x509_write.c |   11 +++++++++++
 3 files changed, 46 insertions(+), 7 deletions(-)

diff --git a/NEWS b/NEWS
index 367e948..e516d04 100644
--- a/NEWS
+++ b/NEWS
@@ -8,7 +8,7 @@ See the end for copying conditions.
 extension.
 
 ** libgnutls: Handle BMPString (UCS-2) encoding in the Distinguished
-Name by translating it to UTF-8 (works on windows or systems with libiconv).
+Name by translating it to UTF-8 (works on windows or systems with iconv).
 
 ** libgnutls: Added PKCS #11 key generation function that returns the 
 public key on generation.
diff --git a/lib/system.c b/lib/system.c
index dcca145..899598d 100644
--- a/lib/system.c
+++ b/lib/system.c
@@ -477,13 +477,15 @@ 
gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list,
 
 # include <iconv.h>
 
+#define INC(x) (2*x)
+
 int _gnutls_ucs2_to_utf8(const void* data, size_t size, gnutls_datum_t *output)
 {
 iconv_t conv;
 int ret;
-size_t orig, dstlen = size*2;
+size_t orig, dstlen = INC(size), tmp;
 char* src = (void*)data;
-char* dst, *pdst;
+char* dst = NULL, *pdst;
 
   if (size == 0)
     return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
@@ -496,23 +498,49 @@ char* dst, *pdst;
   if (dst == NULL)
     {
       ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-      goto cleanup;
+      goto fail;
     }
 
   orig = dstlen;
   ret = iconv(conv, &src, &size, &pdst, &dstlen);
   if (ret == -1)
     {
-      ret = gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-      goto cleanup;
+      if (dstlen != 0 || size == 0)
+        {
+          ret = gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+          goto fail;
+        }
+
+      /* otherwise the buffer wasn't sufficient */
+      tmp = orig + INC(orig);
+      dstlen += INC(orig);
+
+      dst = gnutls_realloc_fast(dst, tmp);
+      if (dst == NULL)
+        {
+          ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+          goto fail;
+        }
+      pdst = dst + orig;
+      orig = tmp;
+
+      ret = iconv(conv, &src, &size, &pdst, &dstlen);
+      if (ret == -1)
+        {
+          ret = gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+          goto fail;
+        }
     }
-    
 
   output->data = (void*)dst;
   output->size = orig-dstlen;
   output->data[output->size] = 0;
 
   ret = 0;
+  goto cleanup;
+  
+fail:
+  gnutls_free(dst);
   
 cleanup:
   iconv_close(conv);
diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c
index 62ed9c0..49a28f2 100644
--- a/lib/x509/x509_write.c
+++ b/lib/x509/x509_write.c
@@ -1612,6 +1612,10 @@ error:
  * This function will set the certificate policy extension (2.5.29.32).
  * Multiple calls to this function append a new policy.
  *
+ * Note the maximum text size for the qualifier %GNUTLS_X509_QUALIFIER_NOTICE
+ * is 200 characters. This function will fail with %GNUTLS_E_INVALID_REQUEST
+ * if this is exceeded.
+ *
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
  *   negative error value.
  **/
@@ -1726,6 +1730,13 @@ gnutls_x509_crt_set_policy (gnutls_x509_crt_t crt, 
struct gnutls_x509_policy_st*
         {
           tmpd.data = (void*)policy->qualifier[i].data;
           tmpd.size = policy->qualifier[i].size;
+          
+          if (tmpd.size > 200) 
+            {
+              gnutls_assert();
+              result = GNUTLS_E_INVALID_REQUEST;
+              goto cleanup;
+            }
 
           result = encode_user_notice(&tmpd, &der_data);
           if (result < 0)


hooks/post-receive
-- 
GNU gnutls

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU gnutls branch, master, updated. gnutls_3_1_4-49-g074d9d0, Nikos Mavrogiannopoulos <=

Prev by Date: [SCM] GNU gnutls branch, master, updated. gnutls_3_1_4-47-g517699a
Next by Date: [SCM] GNU gnutls branch, master, updated. gnutls_3_1_4-51-g28b4658
Previous by thread: [SCM] GNU gnutls branch, master, updated. gnutls_3_1_4-47-g517699a
Next by thread: [SCM] GNU gnutls branch, master, updated. gnutls_3_1_4-51-g28b4658
Index(es):
- Date
- Thread