[gnutls-dev] [PATCH] fix for a bug in gnutls_recv_handshake()
Guillaume Morin
guillaume@morinfr.org
Thu Jan 17 10:52:02 2002
Hi,
I made this patch for a problem I've been experiencing.
The details are in the Debian BTS http://bugs.debian.org/123616.
in STATE8, _gnutls_recv_handshake_header returns 0, but since malloc is
not called for this value, dataptr is unitialized. Here is the fix
(you'll note that I have forced its initialization what is not needed,
but since it hid the bug, I think it is cleaner...)
--- lib/gnutls_handshake.c.old Tue Jan 15 00:53:36 2002
+++ lib/gnutls_handshake.c Tue Jan 15 00:55:39 2002
@@ -865,7 +865,7 @@
{
int ret;
uint32 length32 = 0;
- opaque *dataptr;
+ opaque *dataptr = NULL;
HandshakeType recv_type;
ret = _gnutls_recv_handshake_header(state, type, &recv_type);
@@ -890,7 +890,7 @@
return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
}
- if (dataptr == NULL) {
+ if (dataptr == NULL && length32) {
gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
HTH.
--
Guillaume Morin <guillaume@morinfr.org>
Debian - What your mom would use if it were twenty times easier.
http://www.copyleft.net/