[gnutls-dev] [PATCH] Fix off-by-one in TLS 1.2 handshake.

Simon Josefsson simon at josefsson.org
Thu Jun 14 09:07:10 CEST 2007


Thanks, applied.

ludo at chbouib.org (Ludovic Courtès) writes:

> * lib/auth_cert.c (_gnutls_gen_cert_server_cert_req): Before invoking
>   `gnutls_malloc ()', increment SIZE when using TLS 1.2 so that the
>   allocated buffer is large-enough to contain the list of supported
>   hashes.  Don't change SIZE later on.
> ---
>  lib/auth_cert.c |    7 ++++++-
>  1 files changed, 6 insertions(+), 1 deletions(-)
>
> diff --git a/lib/auth_cert.c b/lib/auth_cert.c
> index 9114f09..f91c71c 100644
> --- a/lib/auth_cert.c
> +++ b/lib/auth_cert.c
> @@ -1417,6 +1417,11 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session, opaque ** data)
>        session->internals.ignore_rdn_sequence == 0)
>      size += cred->x509_rdn_sequence.size;
>  
> +  if (ver == GNUTLS_TLS1_2)
> +    /* Need at least one byte to announce the number of supported hash
> +       functions (see below).  */
> +    size += 1;
> +
>    (*data) = gnutls_malloc (size);
>    pdata = (*data);
>  
> @@ -1436,7 +1441,7 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session, opaque ** data)
>      {
>        /* Supported hashes (nothing for now -- FIXME). */
>        *pdata = 0;
> -      pdata++, size++;
> +      pdata++;
>      }
>  
>    if (session->security_parameters.cert_type == GNUTLS_CRT_X509 &&
> -- 
> 1.4.4.4



More information about the Gnutls-dev mailing list