[gnutls-dev] [PATCH] Fix off-by-one in TLS 1.2 handshake.

[Ludovic Courtès]

* lib/auth_cert.c (_gnutls_gen_cert_server_cert_req): Before invoking
  `gnutls_malloc ()', increment SIZE when using TLS 1.2 so that the
  allocated buffer is large-enough to contain the list of supported
  hashes.  Don't change SIZE later on.
---
 lib/auth_cert.c |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)

diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index 9114f09..f91c71c 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -1417,6 +1417,11 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session, opaque ** data)
       session->internals.ignore_rdn_sequence == 0)
     size += cred->x509_rdn_sequence.size;
 
+  if (ver == GNUTLS_TLS1_2)
+    /* Need at least one byte to announce the number of supported hash
+       functions (see below).  */
+    size += 1;
+
   (*data) = gnutls_malloc (size);
   pdata = (*data);
 
@@ -1436,7 +1441,7 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session, opaque ** data)
     {
       /* Supported hashes (nothing for now -- FIXME). */
       *pdata = 0;
-      pdata++, size++;
+      pdata++;
     }
 
   if (session->security_parameters.cert_type == GNUTLS_CRT_X509 &&
-- 
1.4.4.4