Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:Update
librelp.6950
0001-unify-error-message-generation.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-unify-error-message-generation.patch of Package librelp.6950
From 7ad55528db6b13ae57d350628ca924348fb6800b Mon Sep 17 00:00:00 2001 From: Rainer Gerhards <rgerhards@adiscon.com> Date: Tue, 20 Mar 2018 12:30:12 +0100 Subject: [PATCH] unify error message generation (cherry picked from commit 2cfe657672636aa5d7d2a14cfcb0a6ab9d1f00cf) --- src/tcp.c | 38 +++++++++++++++++++++++++++++++++----- 1 file changed, 33 insertions(+), 5 deletions(-) diff --git a/src/tcp.c b/src/tcp.c index 1e0fd11..c95ff6a 100644 --- a/src/tcp.c +++ b/src/tcp.c @@ -1128,9 +1128,35 @@ done: return r; } + +/* helper to consistently add names to error message buffer */ +static int +relpTcpAddToCertNamesBuffer(relpTcp_t *const pThis, + char *const buf, + const size_t buflen, + int *p_currIdx, + const char *const certName) +{ + int r = 0; + assert(buf != NULL); + assert(p_currIdx != NULL); + const int currIdx = *p_currIdx; + const int n = snprintf(buf + currIdx, buflen - currIdx, + "DNSname: %s; ", certName); + if(n < 0 || n >= (int) (buflen - currIdx)) { + callOnAuthErr(pThis, "", "certificate validation failed, names " + "inside certifcate are way to long (> 32KiB)", + RELP_RET_AUTH_CERT_INVL); + r = GNUTLS_E_CERTIFICATE_ERROR; + } else { + *p_currIdx += n; + } + return r; +} + /* Check the peer's ID in name auth mode. */ static int -relpTcpChkPeerName(relpTcp_t *pThis, gnutls_x509_crt cert) +relpTcpChkPeerName(relpTcp_t *const pThis, gnutls_x509_crt_t cert) { int r = 0; int ret; @@ -1169,8 +1195,9 @@ relpTcpChkPeerName(relpTcp_t *pThis, gnutls_x509_crt cert) break; else if(gnuRet == GNUTLS_SAN_DNSNAME) { pThis->pEngine->dbgprint("librelp: subject alt dnsName: '%s'\n", szAltName); - iAllNames += snprintf(allNames+iAllNames, sizeof(allNames)-iAllNames, - "DNSname: %s; ", szAltName); + r = relpTcpAddToCertNamesBuffer(pThis, allNames, sizeof(allNames), + &iAllNames, szAltName); + if(r != 0) goto done; relpTcpChkOnePeerName(pThis, szAltName, &bFoundPositiveMatch); /* do NOT break, because there may be multiple dNSName's! */ } @@ -1181,8 +1208,9 @@ relpTcpChkPeerName(relpTcp_t *pThis, gnutls_x509_crt cert) /* if we did not succeed so far, we try the CN part of the DN... */ if(relpTcpGetCN(pThis, cert, cnBuf, sizeof(cnBuf)) == 0) { pThis->pEngine->dbgprint("librelp: relpTcp now checking auth for CN '%s'\n", cnBuf); - iAllNames += snprintf(allNames+iAllNames, sizeof(allNames)-iAllNames, - "CN: %s; ", cnBuf); + r = relpTcpAddToCertNamesBuffer(pThis, allNames, sizeof(allNames), + &iAllNames, cnBuf); + if(r != 0) goto done; relpTcpChkOnePeerName(pThis, cnBuf, &bFoundPositiveMatch); } } -- 2.13.6
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor