[gnutls-devel] GnuTLS | Verify that cert_list_size > 0 and cert_list != NULL (!1379)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Mon Jan 25 14:28:32 CET 2021
Daiki Ueno started a new discussion on lib/cert-cred-x509.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1379#note_493204236
> int ca_list_size)
> {
> int ret, i, j;
> - gnutls_x509_crt_t *new_list = gnutls_malloc(ca_list_size * sizeof(gnutls_x509_crt_t));
> + gnutls_x509_crt_t *new_list;
> +
> + if (ca_list == NULL || ca_list_size < 1)
> + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
>
> + new_list = gnutls_malloc(ca_list_size * sizeof(gnutls_x509_crt_t));
Although it's unlikely in this case, it might be a good practice to use `gnutls_calloc` here to avoid overflow:
https://redhat-crypto.gitlab.io/defensive-coding-guide/#sect-Defensive_Coding-C-Allocators-Arrays
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1379#note_493204236
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210125/cd56322a/attachment.html>
More information about the Gnutls-devel
mailing list