[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r33676 - gnunet-gtk/src/namestore
From: |
gnunet |
Subject: |
[GNUnet-SVN] r33676 - gnunet-gtk/src/namestore |
Date: |
Mon, 16 Jun 2014 22:44:39 +0200 |
Author: grothoff
Date: 2014-06-16 22:44:39 +0200 (Mon, 16 Jun 2014)
New Revision: 33676
Modified:
gnunet-gtk/src/namestore/plugin_gtk_namestore_tlsa.c
Log:
-fix use after free
Modified: gnunet-gtk/src/namestore/plugin_gtk_namestore_tlsa.c
===================================================================
--- gnunet-gtk/src/namestore/plugin_gtk_namestore_tlsa.c 2014-06-16
14:46:24 UTC (rev 33675)
+++ gnunet-gtk/src/namestore/plugin_gtk_namestore_tlsa.c 2014-06-16
20:44:39 UTC (rev 33676)
@@ -724,10 +724,6 @@
*/
struct ImportContext
{
- /**
- * The TLS session.
- */
- gnutls_session_t session;
/**
* Network handle for the session.
@@ -743,6 +739,11 @@
* Builder for accessing widgets.
*/
GtkBuilder *builder;
+
+ /**
+ * Domain name of the site we use to get the TLS cert record from.
+ */
+ char *name;
};
@@ -767,11 +768,13 @@
struct sockaddr *a;
unsigned int port;
gnutls_certificate_type_t type;
+ gnutls_session_t session;
if (NULL == addr)
{
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
_("Name resolution failed\n"));
+ GNUNET_free (ic->name);
GNUNET_free (ic);
return;
}
@@ -823,13 +826,21 @@
GNUNET_NETWORK_socket_close (ic->sock);
return;
}
-
GNUNET_RESOLVER_request_cancel (ic->rh);
+ /* initialize TLS session */
+ gnutls_init (&session, GNUTLS_CLIENT);
+ gnutls_session_set_ptr (session, ic);
+ gnutls_server_name_set (session,
+ GNUTLS_NAME_DNS,
+ ic->name,
+ strlen (ic->name));
+ gnutls_set_default_priority (session);
+
/* Use default priorities */
gnutls_certificate_allocate_credentials (&xcred);
if (GNUTLS_E_SUCCESS !=
- (ret = gnutls_priority_set_direct (ic->session,
+ (ret = gnutls_priority_set_direct (session,
"PERFORMANCE",
NULL)))
{
@@ -839,12 +850,12 @@
goto cleanup;
}
/* put the x509 credentials to the current session */
- gnutls_credentials_set (ic->session,
+ gnutls_credentials_set (session,
GNUTLS_CRD_CERTIFICATE,
xcred);
- gnutls_transport_set_int (ic->session,
+ gnutls_transport_set_int (session,
GNUNET_NETWORK_get_fd (ic->sock));
- gnutls_handshake_set_timeout (ic->session,
+ gnutls_handshake_set_timeout (session,
2000 /* 2s */);
/* TODO: do this in event loop, with insensitive GUI,
@@ -852,14 +863,14 @@
/* Perform the TLS handshake */
do
{
- ret = gnutls_handshake (ic->session);
+ ret = gnutls_handshake (session);
}
while ( (ret < 0) && (0 == gnutls_error_is_fatal (ret)) );
/* finally, access the certificate */
if (GNUTLS_E_SUCCESS == ret)
{
- type = gnutls_certificate_type_get (ic->session);
+ type = gnutls_certificate_type_get (session);
switch (type)
{
case GNUTLS_CRT_UNKNOWN:
@@ -867,7 +878,7 @@
_("Server certificate type not supported\n"));
break;
case GNUTLS_CRT_X509:
- import_x509_certificate (ic->session,
+ import_x509_certificate (session,
ic->builder);
break;
case GNUTLS_CRT_OPENPGP:
@@ -886,13 +897,12 @@
_("TLS handshake failed: %s\n"),
gnutls_strerror (ret));
}
- gnutls_bye (ic->session, GNUTLS_SHUT_RDWR);
+ gnutls_bye (session, GNUTLS_SHUT_RDWR);
cleanup:
GNUNET_break (GNUNET_OK ==
GNUNET_NETWORK_socket_close (ic->sock));
- gnutls_deinit (ic->session);
+ gnutls_deinit (session);
gnutls_certificate_free_credentials (xcred);
- GNUNET_free (ic);
}
@@ -926,13 +936,7 @@
}
ic = GNUNET_new (struct ImportContext);
ic->builder = edc->builder;
- gnutls_init (&ic->session, GNUTLS_CLIENT);
- gnutls_session_set_ptr (ic->session, ic);
- gnutls_server_name_set (ic->session,
- GNUTLS_NAME_DNS,
- name,
- strlen (name));
- gnutls_set_default_priority (ic->session);
+ ic->name = GNUNET_strdup (name);
ic->rh = GNUNET_RESOLVER_ip_get (name,
AF_UNSPEC,
GNUNET_TIME_UNIT_SECONDS,
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r33676 - gnunet-gtk/src/namestore,
gnunet <=