[gnutls-dev] [PATCH] Fix off-by-one in TLS 1.2 handshake.
Simon Josefsson
simon at josefsson.org
Thu Jun 14 09:07:10 CEST 2007
Thanks, applied.
ludo at chbouib.org (Ludovic Courtès) writes:
> * lib/auth_cert.c (_gnutls_gen_cert_server_cert_req): Before invoking
> `gnutls_malloc ()', increment SIZE when using TLS 1.2 so that the
> allocated buffer is large-enough to contain the list of supported
> hashes. Don't change SIZE later on.
> ---
> lib/auth_cert.c | 7 ++++++-
> 1 files changed, 6 insertions(+), 1 deletions(-)
>
> diff --git a/lib/auth_cert.c b/lib/auth_cert.c
> index 9114f09..f91c71c 100644
> --- a/lib/auth_cert.c
> +++ b/lib/auth_cert.c
> @@ -1417,6 +1417,11 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session, opaque ** data)
> session->internals.ignore_rdn_sequence == 0)
> size += cred->x509_rdn_sequence.size;
>
> + if (ver == GNUTLS_TLS1_2)
> + /* Need at least one byte to announce the number of supported hash
> + functions (see below). */
> + size += 1;
> +
> (*data) = gnutls_malloc (size);
> pdata = (*data);
>
> @@ -1436,7 +1441,7 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session, opaque ** data)
> {
> /* Supported hashes (nothing for now -- FIXME). */
> *pdata = 0;
> - pdata++, size++;
> + pdata++;
> }
>
> if (session->security_parameters.cert_type == GNUTLS_CRT_X509 &&
> --
> 1.4.4.4
More information about the Gnutls-dev
mailing list