Re: [Pan-users] ssl/tls certificate handling?

[Rhialto]

> >> Maybe this bug is related to the C++11 ABI change in GCC5.

> -D_GLIBCXX_USE_CXX11_ABI=0

> This is the related code (file: cert-store.cc):
> 
> >-------------------------------------------------------------------------
> bool CertStore::add(gnutls_x509_crt_t cert, const Quark& server) {
>       if (!cert || server.empty())
>               return false;
> 
>       std::string addr;
>       int port;
>       _data.get_server_addr(server, addr, port);
>       _cert_to_server[server] = cert;
> 
>       std::stringstream buffer;
>       buffer << addr << ".pem";
>       const char* buf(buffer.str().c_str());

Well I think I can reason why this doesn't work. Buffer.str() likely
makes a  temporary std:string. Then the .c_str() gives a view into its
internals, but the std:string itself gets cleaned up, leaving buf to be
a dangling pointer.

>       FILE * fp = fopen(file::absolute_fn("ssl_certs", buf).c_str(), "wb");

And similar here, where file::absolute_fn(...) most likely is a
std::string, and it is temporary again.

A solution (apart from really fixing all the string handling functions
of course) would make those temporaries into local variables, so that
the value is kept until the end of the function.  Something like this:

        std::string bufferstring(buffer.str());
        const char *buf(bufferstring.c_str());

        std::string abs_fn(file::absolute_fn("ssl_certs", buf));
        FILE *fp = fopen(abs_fn.c_str(), "wb");

C++ has the weird habit to write an initialisation of a variable as

        type name(value);

where you might be more used to

        type name = value;

going by the reasoning that you have to write this in many cases for
objects (class instances) anyway, so they might as well extend it to
everything. And I believe that in the latest version, the () is being
phased out in favour of {}, because () is too confusing.

Of course, maybe the internals of the helper function
file::absolute_fn(...) have the same sort of issues. Best would be to
rewrite it so that both arguments are std::string and its result too,
then we don't need these ugly c_str() calls here any more (nor in other
places where it's called).

-Olaf.
-- 
___ Olaf 'Rhialto' Seibert  -- The Doctor: No, 'eureka' is Greek for
\X/ rhialto/at/xs4all.nl    -- 'this bath is too hot.'

signature.asc
Description: PGP signature