From 4bb2a2944b6525226e21d87dfa2b8abd4fc5ca0d Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 22:15:27 +0200 Subject: [PATCH 01/17] Make sure s_sig is initialized in _wrap_gcry_pk_verify()'s cleanup: section. --- lib/pk-libgcrypt.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/lib/pk-libgcrypt.c b/lib/pk-libgcrypt.c index 330fbfb..87e7e16 100644 --- a/lib/pk-libgcrypt.c +++ b/lib/pk-libgcrypt.c @@ -406,6 +406,8 @@ _wrap_gcry_pk_verify (gnutls_pk_algorithm_t algo, bigint_t hash; bigint_t tmp[2] = { NULL, NULL }; + s_sig = 0; + if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0) { gnutls_assert (); -- 1.6.3.3 From 996482bad9a9f74a20a8e968762a1b83e082b711 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:10 +0200 Subject: [PATCH 02/17] Add a missing return code check in write_secret_key(). --- lib/opencdk/write-packet.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/lib/opencdk/write-packet.c b/lib/opencdk/write-packet.c index 24e47b0..1f9fb81 100644 --- a/lib/opencdk/write-packet.c +++ b/lib/opencdk/write-packet.c @@ -589,7 +589,8 @@ write_secret_key (cdk_stream_t out, cdk_pkt_seckey_t sk, } else return CDK_Inv_Value; - rc = stream_write (out, sk->protect.iv, sk->protect.ivlen); + if (!rc) + rc = stream_write (out, sk->protect.iv, sk->protect.ivlen); } if (!rc && sk->is_protected && pk->version == 4) { -- 1.6.3.3 From 586d1e24cbcf3224d36eb06ff06b8229a94bed1c Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:12 +0200 Subject: [PATCH 03/17] Fix a NULL pointer dereference in _gnutls_tls_sign(). XXX: Not sure if this is the right fix. --- lib/gnutls_sig.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c index dfb1a8f..c181eda 100644 --- a/lib/gnutls_sig.c +++ b/lib/gnutls_sig.c @@ -278,7 +278,7 @@ _gnutls_tls_sign (gnutls_session_t session, } /* External signing. */ - if (!pkey || pkey->params_size == 0) + if (cert && (!pkey || pkey->params_size == 0)) { if (!session->internals.sign_func) return GNUTLS_E_INSUFFICIENT_CREDENTIALS; -- 1.6.3.3 From 4252db399e3d10e3b209cd0c65afeac29e1632f0 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:12 +0200 Subject: [PATCH 04/17] Add a return code check in decode_pkcs8_key(). XXX: Everything but 0 is an error, right? --- lib/x509/privkey_pkcs8.c | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index aa777d2..8a9a8bb 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -795,6 +795,11 @@ decode_pkcs8_key (const gnutls_datum_t * raw_key, params_len, &kdf_params, &enc_params); + if (result) + { + goto error; + } + /* Parameters have been decoded. Now * decrypt the EncryptedData. */ -- 1.6.3.3 From 07e5c47725e9b627d00fae766be0705dad38d030 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:12 +0200 Subject: [PATCH 05/17] Add a return code check in gnutls_openpgp_privkey_import(), copy and pasted from below, assuming it works the same. --- lib/openpgp/privkey.c | 10 +++++++++- 1 files changed, 9 insertions(+), 1 deletions(-) diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c index d84a35f..83eb94e 100644 --- a/lib/openpgp/privkey.c +++ b/lib/openpgp/privkey.c @@ -104,7 +104,15 @@ gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key, } if (format == GNUTLS_OPENPGP_FMT_RAW) - rc = cdk_kbnode_read_from_mem (&key->knode, data->data, data->size); + { + rc = cdk_kbnode_read_from_mem (&key->knode, data->data, data->size); + if (rc != 0) + { + rc = _gnutls_map_cdk_rc (rc); + gnutls_assert (); + return rc; + } + } else { rc = cdk_stream_tmp_from_mem (data->data, data->size, &inp); -- 1.6.3.3 From 56167d015181bbdb73f8956e0ca93f3350ddf609 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:12 +0200 Subject: [PATCH 06/17] Add a return code check in gnutls_openpgp_crt_import(), copy and pasted from below, assuming it works the same. --- lib/openpgp/pgp.c | 10 +++++++++- 1 files changed, 9 insertions(+), 1 deletions(-) diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c index d6182e8..354ddad 100644 --- a/lib/openpgp/pgp.c +++ b/lib/openpgp/pgp.c @@ -100,7 +100,15 @@ gnutls_openpgp_crt_import (gnutls_openpgp_crt_t key, } if (format == GNUTLS_OPENPGP_FMT_RAW) - rc = cdk_kbnode_read_from_mem (&key->knode, data->data, data->size); + { + rc = cdk_kbnode_read_from_mem (&key->knode, data->data, data->size); + if (rc) + { + rc = _gnutls_map_cdk_rc (rc); + gnutls_assert (); + return rc; + } + } else { rc = cdk_stream_tmp_from_mem (data->data, data->size, &inp); -- 1.6.3.3 From 6ae1865323b5a58de24f8805e3b5e38b89de8bf0 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:13 +0200 Subject: [PATCH 07/17] Add a missing return code check in _gnutls_x509_write_int() --- lib/gnutls_mpi.c | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/lib/gnutls_mpi.c b/lib/gnutls_mpi.c index 85579e5..2e5e8f5 100644 --- a/lib/gnutls_mpi.c +++ b/lib/gnutls_mpi.c @@ -342,6 +342,12 @@ _gnutls_x509_write_int (ASN1_TYPE node, const char *value, bigint_t mpi, else result = _gnutls_mpi_print (mpi, NULL, &s_len); + if (result != 0) + { + gnutls_assert (); + return GNUTLS_E_MPI_PRINT_FAILED; + } + tmpstr = gnutls_malloc (s_len); if (tmpstr == NULL) { -- 1.6.3.3 From 77108731e8f93b6a9960f0458c49b3567d22f397 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:11 +0200 Subject: [PATCH 08/17] Add another return code check in write_secret_key(). Leaving the indentation alone to keep the changes clearly visible. --- lib/opencdk/write-packet.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/lib/opencdk/write-packet.c b/lib/opencdk/write-packet.c index 1f9fb81..01277b2 100644 --- a/lib/opencdk/write-packet.c +++ b/lib/opencdk/write-packet.c @@ -564,6 +564,8 @@ write_secret_key (cdk_stream_t out, cdk_pkt_seckey_t sk, rc = stream_putc (out, _cdk_pub_algo_to_pgp (pk->pubkey_algo)); if (!rc) rc = write_mpibuf (out, pk->mpi, npkey); + if (!rc) + { if (sk->is_protected == 0) rc = stream_putc (out, 0x00); else @@ -592,6 +594,7 @@ write_secret_key (cdk_stream_t out, cdk_pkt_seckey_t sk, if (!rc) rc = stream_write (out, sk->protect.iv, sk->protect.ivlen); } + } if (!rc && sk->is_protected && pk->version == 4) { if (sk->encdata && sk->enclen) -- 1.6.3.3 From e91990b05aee984c3162ab3e27e493211fd5e920 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:11 +0200 Subject: [PATCH 09/17] I don't see why stream_putc()'s return code should be ignored here. --- lib/opencdk/write-packet.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/lib/opencdk/write-packet.c b/lib/opencdk/write-packet.c index 01277b2..e2c5687 100644 --- a/lib/opencdk/write-packet.c +++ b/lib/opencdk/write-packet.c @@ -571,7 +571,7 @@ write_secret_key (cdk_stream_t out, cdk_pkt_seckey_t sk, else { if (is_RSA (pk->pubkey_algo) && pk->version < 4) - stream_putc (out, _gnutls_cipher_to_pgp (sk->protect.algo)); + rc = stream_putc (out, _gnutls_cipher_to_pgp (sk->protect.algo)); else if (sk->protect.s2k) { s2k_mode = sk->protect.s2k->mode; -- 1.6.3.3 From 7a404435e0ebbf2df8d6d7dcd99ac172a4a1d2c5 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:11 +0200 Subject: [PATCH 10/17] Add a return code check in gnutls_openpgp_export(), copy and pasted from above, assuming it works the same. --- lib/openpgp/pgp.c | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c index 354ddad..ad41489 100644 --- a/lib/openpgp/pgp.c +++ b/lib/openpgp/pgp.c @@ -198,6 +198,12 @@ _gnutls_openpgp_export (cdk_kbnode_t node, CDK_ARMOR_PUBKEY); gnutls_free (in); *output_data_size = calc_size; + if (rc) + { + rc = _gnutls_map_cdk_rc (rc); + gnutls_assert (); + return rc; + } } return 0; -- 1.6.3.3 From 7c03e38be2512a15fde8af79e3a61e9b6fcd0aff Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:11 +0200 Subject: [PATCH 11/17] Let main() log and exit if deriving the key failed. --- src/psk.c | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/src/psk.c b/src/psk.c index b0047e0..7de5ea5 100644 --- a/src/psk.c +++ b/src/psk.c @@ -138,6 +138,11 @@ main (int argc, char **argv) ret = gnutls_psk_netconf_derive_key (passwd, info.username, info.netconf_hint, &dkey); + if (ret < 0) + { + fprintf (stderr, "Deriving the key failed\n"); + exit (1); + } } else { -- 1.6.3.3 From 04cfbe63bdef92cdcc2aa207090acc2d3fba12e8 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:11 +0200 Subject: [PATCH 12/17] Remove write-only variable tot_len in _gnutls_encode_ber_rs(). --- lib/gnutls_pk.c | 4 +--- 1 files changed, 1 insertions(+), 3 deletions(-) diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c index a08349b..2609252 100644 --- a/lib/gnutls_pk.c +++ b/lib/gnutls_pk.c @@ -361,7 +361,7 @@ int _gnutls_encode_ber_rs (gnutls_datum_t * sig_value, bigint_t r, bigint_t s) { ASN1_TYPE sig; - int result, tot_len; + int result; if ((result = asn1_create_element (_gnutls_get_gnutls_asn (), @@ -388,8 +388,6 @@ _gnutls_encode_ber_rs (gnutls_datum_t * sig_value, bigint_t r, bigint_t s) return result; } - tot_len = 0; - result = _gnutls_x509_der_encode (sig, "", sig_value, 0); asn1_delete_structure (&sig); -- 1.6.3.3 From 8df530b26a9dad2fb2f833a42af6cbf1bb6fdbaf Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:11 +0200 Subject: [PATCH 13/17] Remove write-only variable i in _gnutls_proc_openpgp_server_certificate(). --- lib/auth_cert.c | 3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) diff --git a/lib/auth_cert.c b/lib/auth_cert.c index 3d47d45..c0e7547 100644 --- a/lib/auth_cert.c +++ b/lib/auth_cert.c @@ -1065,7 +1065,7 @@ _gnutls_proc_openpgp_server_certificate (gnutls_session_t session, cert_auth_info_t info; gnutls_certificate_credentials_t cred; ssize_t dsize = data_size; - int i, x, key_type; + int x, key_type; gnutls_cert *peer_certificate_list = NULL; int peer_certificate_list_size = 0; gnutls_datum_t tmp, akey = { NULL, 0 }; @@ -1106,7 +1106,6 @@ _gnutls_proc_openpgp_server_certificate (gnutls_session_t session, /* no certificate was sent */ return GNUTLS_E_NO_CERTIFICATE_FOUND; } - i = dsize; /* Read PGPKeyDescriptor */ DECR_LEN (dsize, 1); -- 1.6.3.3 From 9a646732ad1f103e3772d1ab5336d0f71a27952b Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:12 +0200 Subject: [PATCH 14/17] Remove write-only variable siz in _verify_x509_mem(). --- src/certtool.c | 4 +--- 1 files changed, 1 insertions(+), 3 deletions(-) diff --git a/src/certtool.c b/src/certtool.c index f7342dd..e37db8f 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -1985,7 +1985,7 @@ static void print_verification_res (gnutls_x509_crt_t crt, static int _verify_x509_mem (const void *cert, int cert_size) { - int siz, i; + int i; const char *ptr; int ret; char name[256]; @@ -2003,7 +2003,6 @@ _verify_x509_mem (const void *cert, int cert_size) /* Decode the CRL list */ - siz = cert_size; ptr = cert; i = 1; @@ -2047,7 +2046,6 @@ _verify_x509_mem (const void *cert, int cert_size) /* Decode the certificate chain. */ - siz = cert_size; ptr = cert; i = 1; -- 1.6.3.3 From 4c14c2363b303efcd88037974b9cdf686ac6fbe3 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:12 +0200 Subject: [PATCH 15/17] Remove write-only variable in main(). --- doc/examples/ex-serv-anon.c | 3 +-- doc/examples/ex-serv-export.c | 3 +-- doc/examples/ex-serv-pgp.c | 3 +-- doc/examples/ex-serv-psk.c | 3 +-- doc/examples/ex-serv-srp.c | 3 +-- doc/examples/ex-serv1.c | 3 +-- 6 files changed, 6 insertions(+), 12 deletions(-) diff --git a/doc/examples/ex-serv-anon.c b/doc/examples/ex-serv-anon.c index 722d1fc..098432a 100644 --- a/doc/examples/ex-serv-anon.c +++ b/doc/examples/ex-serv-anon.c @@ -64,7 +64,7 @@ generate_dh_params (void) int main (void) { - int err, listen_sd, i; + int err, listen_sd; int sd, ret; struct sockaddr_in sa_serv; struct sockaddr_in sa_cli; @@ -129,7 +129,6 @@ main (void) /* see the Getting peer's information example */ /* print_info(session); */ - i = 0; for (;;) { memset (buffer, 0, MAX_BUF + 1); diff --git a/doc/examples/ex-serv-export.c b/doc/examples/ex-serv-export.c index d3d33a6..f86a0c2 100644 --- a/doc/examples/ex-serv-export.c +++ b/doc/examples/ex-serv-export.c @@ -119,7 +119,7 @@ generate_rsa_params (void) int main (void) { - int err, listen_sd, i; + int err, listen_sd; int sd, ret; struct sockaddr_in sa_serv; struct sockaddr_in sa_cli; @@ -207,7 +207,6 @@ main (void) /* print_info(session); */ - i = 0; for (;;) { memset (buffer, 0, MAX_BUF + 1); diff --git a/doc/examples/ex-serv-pgp.c b/doc/examples/ex-serv-pgp.c index e907056..e0cfcdc 100644 --- a/doc/examples/ex-serv-pgp.c +++ b/doc/examples/ex-serv-pgp.c @@ -70,7 +70,7 @@ initialize_tls_session (void) int main (void) { - int err, listen_sd, i; + int err, listen_sd; int sd, ret; struct sockaddr_in sa_serv; struct sockaddr_in sa_cli; @@ -143,7 +143,6 @@ main (void) /* see the Getting peer's information example */ /* print_info(session); */ - i = 0; for (;;) { memset (buffer, 0, MAX_BUF + 1); diff --git a/doc/examples/ex-serv-psk.c b/doc/examples/ex-serv-psk.c index 6e5d77a..e010313 100644 --- a/doc/examples/ex-serv-psk.c +++ b/doc/examples/ex-serv-psk.c @@ -91,7 +91,7 @@ pskfunc (gnutls_session_t session, const char *username, gnutls_datum_t * key) int main (void) { - int err, listen_sd, i; + int err, listen_sd; int sd, ret; struct sockaddr_in sa_serv; struct sockaddr_in sa_cli; @@ -174,7 +174,6 @@ main (void) /* see the Getting peer's information example */ /* print_info(session); */ - i = 0; for (;;) { memset (buffer, 0, MAX_BUF + 1); diff --git a/doc/examples/ex-serv-srp.c b/doc/examples/ex-serv-srp.c index 559f7ac..859b2f0 100644 --- a/doc/examples/ex-serv-srp.c +++ b/doc/examples/ex-serv-srp.c @@ -59,7 +59,7 @@ initialize_tls_session (void) int main (void) { - int err, listen_sd, i; + int err, listen_sd; int sd, ret; struct sockaddr_in sa_serv; struct sockaddr_in sa_cli; @@ -133,7 +133,6 @@ main (void) /* print_info(session); */ - i = 0; for (;;) { memset (buffer, 0, MAX_BUF + 1); diff --git a/doc/examples/ex-serv1.c b/doc/examples/ex-serv1.c index 0a47cc1..6dd8164 100644 --- a/doc/examples/ex-serv1.c +++ b/doc/examples/ex-serv1.c @@ -80,7 +80,7 @@ generate_dh_params (void) int main (void) { - int err, listen_sd, i; + int err, listen_sd; int sd, ret; struct sockaddr_in sa_serv; struct sockaddr_in sa_cli; @@ -160,7 +160,6 @@ main (void) /* see the Getting peer's information example */ /* print_info(session); */ - i = 0; for (;;) { memset (buffer, 0, MAX_BUF + 1); -- 1.6.3.3 From fcb4fa3c59e232723afecb7bb91a0f5b46a31ae8 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 22:20:56 +0200 Subject: [PATCH 16/17] In case of (!s), we better leave s->error alone. --- lib/opencdk/stream.c | 4 ---- 1 files changed, 0 insertions(+), 4 deletions(-) diff --git a/lib/opencdk/stream.c b/lib/opencdk/stream.c index 60823cb..7171371 100644 --- a/lib/opencdk/stream.c +++ b/lib/opencdk/stream.c @@ -932,7 +932,6 @@ cdk_stream_read (cdk_stream_t s, void *buf, size_t buflen) if (!s) { - s->error = CDK_Inv_Value; gnutls_assert (); return EOF; } @@ -989,7 +988,6 @@ cdk_stream_getc (cdk_stream_t s) if (!s) { - s->error = CDK_Inv_Value; gnutls_assert (); return EOF; } @@ -1022,7 +1020,6 @@ cdk_stream_write (cdk_stream_t s, const void *buf, size_t count) if (!s) { - s->error = CDK_Inv_Value; gnutls_assert (); return EOF; } @@ -1081,7 +1078,6 @@ cdk_stream_putc (cdk_stream_t s, int c) if (!s) { - s->error = CDK_Inv_Value; gnutls_assert (); return EOF; } -- 1.6.3.3 From 32c43db78b31258fb584ff04031085c54858abe3 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:10 +0200 Subject: [PATCH 17/17] Fix a NULL pointer dereference in _gnutls_handshake_buffer_get_ptr() --- lib/gnutls_buffers.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c index 52d3b41..8c5c923 100644 --- a/lib/gnutls_buffers.c +++ b/lib/gnutls_buffers.c @@ -1115,7 +1115,8 @@ _gnutls_handshake_buffer_get_ptr (gnutls_session_t session, if (length != NULL) *length = session->internals.handshake_hash_buffer.length; - _gnutls_buffers_log ("BUF[HSK]: Peeked %d bytes of Data\n", (int)*length); + _gnutls_buffers_log ("BUF[HSK]: Peeked %d bytes of Data\n", + (int)session->internals.handshake_hash_buffer.length); if (data_ptr != NULL) *data_ptr = session->internals.handshake_hash_buffer.data; -- 1.6.3.3