[gnutls-devel] GnuTLS | WIP: AIA callback to retrieve missing chain certificates (!1262)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sat May 30 12:45:47 CEST 2020




Daiki Ueno commented on a discussion on tests/missingissuer.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1262#note_352275853

> +	gnutls_datum_t tmp;
> +	int ret;
> +
> +	tmp.data = (unsigned char *)missing_cert_insert;
> +	tmp.size = strlen(missing_cert_insert);
> +
> +	ret = gnutls_x509_crt_import(issuer, &tmp, GNUTLS_X509_FMT_PEM);
> +	if (ret < 0) {
> +		fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
> +		return -1;
> +	}
> +
> +	ret = gnutls_x509_crt_print(crt, GNUTLS_CRT_PRINT_ONELINE, &tmp);
> +	if (ret < 0) {
> +		fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
> +		gnutls_free(tmp.data);

That is true, but `gnutls_x509_crt_print` can return without touching the `out` parameter upon failure, e.g., around https://gitlab.com/gnutls/gnutls/-/blob/master/lib/x509/output.c#L2218. In that case `tmp.data` will still point to the static memory.

In general, I think you can safely assume that the out parameter is not modified when the operation fails.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1262#note_352275853
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200530/cf818b31/attachment-0001.html>


More information about the Gnutls-devel mailing list