[gnutls-devel] gnutls_x509_crt_get_extension_by_oid and NULL buf

[Nikos Mavrogiannopoulos]

On 01/26/2014 06:27 PM, Kurt Roeckx wrote:
> Hi,
> 
> The documentation for gnutls_x509_crt_get_extension_by_oid says
> that buf can be NULL.  But looking at the code I see this:
> 
>         if (output.size > (unsigned int) *buf_size) {
>                 *buf_size = output.size;
>                 _gnutls_free_datum(&output);
>                 return GNUTLS_E_SHORT_MEMORY_BUFFER;
>         }
> 
>         *buf_size = output.size;
> 
>         if (buf)
>                 memcpy(buf, output.data, output.size);
> 
> That is, if buf is NULL, it's still going to check the size of the
> buffer and if it's too small update the size and return
> GNUTLS_E_SHORT_MEMORY_BUFFER.

That seems correct.

> At this point I was only interested in checking the existence of
> the extension, and so was expecting to get
> GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE back, and if it's not
> present it works properly, but if it is present I currently
> get GNUTLS_E_SHORT_MEMORY_BUFFER back, unless I set buf_size
> to some arbitrary high value.
> So my question is if this is intentional or not.  Wouldn't it make
> more sense to only give this error in case buf is not NULL?

This was intentional. Most of the functions in gnutls that accept a
buffer work pretty much that way. When a null buffer and/or zero
buffer_size is passed then the required size is returned along with
GNUTLS_E_SHORT_MEMORY_BUFFER. Success is only returned when the data are
actually returned.

I think that logic is sufficient to check the presence or not as
GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is always returned if the
extension is not there.

regards,
Nikos