[gnutls-dev] [PATCH] Fix off-by-one in TLS 1.2 handshake.
Ludovic Courtès
ludo at chbouib.org
Wed Jun 13 19:41:57 CEST 2007
* lib/auth_cert.c (_gnutls_gen_cert_server_cert_req): Before invoking
`gnutls_malloc ()', increment SIZE when using TLS 1.2 so that the
allocated buffer is large-enough to contain the list of supported
hashes. Don't change SIZE later on.
---
lib/auth_cert.c | 7 ++++++-
1 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index 9114f09..f91c71c 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -1417,6 +1417,11 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session, opaque ** data)
session->internals.ignore_rdn_sequence == 0)
size += cred->x509_rdn_sequence.size;
+ if (ver == GNUTLS_TLS1_2)
+ /* Need at least one byte to announce the number of supported hash
+ functions (see below). */
+ size += 1;
+
(*data) = gnutls_malloc (size);
pdata = (*data);
@@ -1436,7 +1441,7 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session, opaque ** data)
{
/* Supported hashes (nothing for now -- FIXME). */
*pdata = 0;
- pdata++, size++;
+ pdata++;
}
if (session->security_parameters.cert_type == GNUTLS_CRT_X509 &&
--
1.4.4.4
More information about the Gnutls-devel
mailing list