[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnutls-dev] [PATCH] Fix off-by-one in TLS 1.2 handshake.
From: |
Ludovic Courtès |
Subject: |
[gnutls-dev] [PATCH] Fix off-by-one in TLS 1.2 handshake. |
Date: |
Wed, 13 Jun 2007 19:41:57 +0200 |
User-agent: |
Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux) |
* lib/auth_cert.c (_gnutls_gen_cert_server_cert_req): Before invoking
`gnutls_malloc ()', increment SIZE when using TLS 1.2 so that the
allocated buffer is large-enough to contain the list of supported
hashes. Don't change SIZE later on.
---
lib/auth_cert.c | 7 ++++++-
1 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index 9114f09..f91c71c 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -1417,6 +1417,11 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t
session, opaque ** data)
session->internals.ignore_rdn_sequence == 0)
size += cred->x509_rdn_sequence.size;
+ if (ver == GNUTLS_TLS1_2)
+ /* Need at least one byte to announce the number of supported hash
+ functions (see below). */
+ size += 1;
+
(*data) = gnutls_malloc (size);
pdata = (*data);
@@ -1436,7 +1441,7 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t
session, opaque ** data)
{
/* Supported hashes (nothing for now -- FIXME). */
*pdata = 0;
- pdata++, size++;
+ pdata++;
}
if (session->security_parameters.cert_type == GNUTLS_CRT_X509 &&
--
1.4.4.4
- [gnutls-dev] [PATCH] Fix off-by-one in TLS 1.2 handshake.,
Ludovic Courtès <=