[sr #107544] Patch: common.c

Jeffrey Walton INVALID.NOREPLY at gnu.org
Fri Nov 26 08:26:22 CET 2010 

URL:
  <http://savannah.gnu.org/support/?107544>

                 Summary: Patch: common.c
                 Project: GnuTLS
            Submitted by: noloader
            Submitted on: Fri 26 Nov 2010 07:26:20 AM GMT
                Category: None
                Priority: 5 - Normal
                Severity: 2 - Minor
                  Status: None
                 Privacy: Public
             Assigned to: None
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
        Operating System: None

    _______________________________________________________

Details:

Hi Simon/Nikos,

Attached is a patch for common.c.

* str -> val and tmpname -> val_name to improve readability.
* Added test for oid == NULL (_gnutls_x509_oid_data_printable passes its arg
directly to strcmp without validation).
* Added additional guards on asn1_read_value() due to libtasn1's API (length
is an integer rather than unsigned or size_t). Failure results in
GNUTLS_A_DECODE_ERROR.
* Proper casts to clear signed/unsigned warnings.
* Proper casts from char* to opaque* to clear warnings.
* Changed test to 'if (data_size > (MAX_STRING_LEN - 1) / 2)' in case of
overflow using multiplication.

I believe a [likely] stack smash was cleared in _gnutls_x509_oid_data2string
at the call to _gnutls_str_cpy.

Jeff



Sorry about not using git-commit, git-format and friends per the README. The
error message is not very useful to a git-layman (speaking from experience).

$ cd gnutls
$ git commit ./lib/x509/common.c
$ git format-patch
$ git send-email ./git/EDITMSG
fatal: ambiguous argument './git/EDITMSG': unknown revision or path not in
the working tree.
Use '--' to separate paths from revisions
format-patch -o /tmp/bg6BvZnp_r ./git/EDITMSG: command returned error: 128
$ git push
fatal: The remote end hung up unexpectedly






    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Fri 26 Nov 2010 07:26:20 AM GMT  Name: common.patch  Size: 9kB   By:
noloader

<http://savannah.gnu.org/support/download.php?file_id=22124>

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?107544>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

More information about the Gnutls-devel mailing list