[gnutls-dev] [PATCH] gnutls_session_get_data overflow handling
Joe Orton
joe at manyfish.co.uk
Tue Nov 29 14:44:53 CET 2005
If called with a too-short buffer parameter, and a non-NULL data
parameter, gnutls_session_get_data returns zero for success, which I
think is counter-intuitive; on success one would expect that it has
actually filled in the buffer.
I'd propose changing it as per this entirely untested and uncompiled
patch (with apologies):
--- ./gnutls_session.c.overflow 2005-11-29 13:40:17.000000000 +0000
+++ ./gnutls_session.c 2005-11-29 13:41:44.000000000 +0000
@@ -48,17 +48,16 @@
gnutls_datum_t psession;
int ret;
- if (*session_data_size < SESSION_SIZE || session_data == NULL) {
+ if (session_data == NULL) {
*session_data_size = SESSION_SIZE;
- session_data = NULL; /* return with the new session_data_size value */
+ return 0;
}
+ if (*session_data_size < SESSION_SIZE)
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+
if (session->internals.resumable == RESUME_FALSE)
return GNUTLS_E_INVALID_SESSION;
- /* just return the session size */
- if (session_data == NULL) {
- return 0;
- }
psession.data = session_data;
More information about the Gnutls-dev
mailing list