summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Nikias Bassen2009-07-28 14:59:07 +0200
committerGravatar Matt Colyer2009-07-28 21:31:25 -0700
commitc57ebf917e30afd78dac8042552966811531c632 (patch)
tree5c3e200bc1babfead1900dde7d1d37400fac498c
parentdd97a88597eb00fa688ee9f28cadac117c47f6f0 (diff)
downloadlibimobiledevice-c57ebf917e30afd78dac8042552966811531c632.tar.gz
libimobiledevice-c57ebf917e30afd78dac8042552966811531c632.tar.bz2
Fix potential memory corruption in calls to gnutls function on 64 bit arch
[#60 state:resolved] Signed-off-by: Matt Colyer <matt@colyer.name>
-rw-r--r--src/lockdown.c8
-rw-r--r--src/userpref.c32
2 files changed, 25 insertions, 15 deletions
diff --git a/src/lockdown.c b/src/lockdown.c
index bc430c9..88ab7b0 100644
--- a/src/lockdown.c
+++ b/src/lockdown.c
@@ -954,10 +954,12 @@ lockdownd_error_t lockdownd_gen_pair_cert(gnutls_datum_t public_key, gnutls_datu
if (LOCKDOWN_E_SUCCESS == ret) {
/* if everything went well, export in PEM format */
+ size_t export_size = 0;
gnutls_datum_t dev_pem = { NULL, 0 };
- gnutls_x509_crt_export(dev_cert, GNUTLS_X509_FMT_PEM, NULL, &dev_pem.size);
- dev_pem.data = gnutls_malloc(dev_pem.size);
- gnutls_x509_crt_export(dev_cert, GNUTLS_X509_FMT_PEM, dev_pem.data, &dev_pem.size);
+ gnutls_x509_crt_export(dev_cert, GNUTLS_X509_FMT_PEM, NULL, &export_size);
+ dev_pem.data = gnutls_malloc(export_size);
+ gnutls_x509_crt_export(dev_cert, GNUTLS_X509_FMT_PEM, dev_pem.data, &export_size);
+ dev_pem.size = export_size;
gnutls_datum_t pem_root_cert = { NULL, 0 };
gnutls_datum_t pem_host_cert = { NULL, 0 };
diff --git a/src/userpref.c b/src/userpref.c
index 4b6dd98..b930693 100644
--- a/src/userpref.c
+++ b/src/userpref.c
@@ -289,29 +289,37 @@ static userpref_error_t userpref_gen_keys_and_cert(void)
gnutls_x509_crt_sign(host_cert, root_cert, root_privkey);
/* export to PEM format */
+ size_t root_key_export_size = 0;
+ size_t host_key_export_size = 0;
gnutls_datum_t root_key_pem = { NULL, 0 };
gnutls_datum_t host_key_pem = { NULL, 0 };
- gnutls_x509_privkey_export(root_privkey, GNUTLS_X509_FMT_PEM, NULL, &root_key_pem.size);
- gnutls_x509_privkey_export(host_privkey, GNUTLS_X509_FMT_PEM, NULL, &host_key_pem.size);
+ gnutls_x509_privkey_export(root_privkey, GNUTLS_X509_FMT_PEM, NULL, &root_key_export_size);
+ gnutls_x509_privkey_export(host_privkey, GNUTLS_X509_FMT_PEM, NULL, &host_key_export_size);
- root_key_pem.data = gnutls_malloc(root_key_pem.size);
- host_key_pem.data = gnutls_malloc(host_key_pem.size);
+ root_key_pem.data = gnutls_malloc(root_key_export_size);
+ host_key_pem.data = gnutls_malloc(host_key_export_size);
- gnutls_x509_privkey_export(root_privkey, GNUTLS_X509_FMT_PEM, root_key_pem.data, &root_key_pem.size);
- gnutls_x509_privkey_export(host_privkey, GNUTLS_X509_FMT_PEM, host_key_pem.data, &host_key_pem.size);
+ gnutls_x509_privkey_export(root_privkey, GNUTLS_X509_FMT_PEM, root_key_pem.data, &root_key_export_size);
+ root_key_pem.size = root_key_export_size;
+ gnutls_x509_privkey_export(host_privkey, GNUTLS_X509_FMT_PEM, host_key_pem.data, &host_key_export_size);
+ host_key_pem.size = host_key_export_size;
+ size_t root_cert_export_size = 0;
+ size_t host_cert_export_size = 0;
gnutls_datum_t root_cert_pem = { NULL, 0 };
gnutls_datum_t host_cert_pem = { NULL, 0 };
- gnutls_x509_crt_export(root_cert, GNUTLS_X509_FMT_PEM, NULL, &root_cert_pem.size);
- gnutls_x509_crt_export(host_cert, GNUTLS_X509_FMT_PEM, NULL, &host_cert_pem.size);
+ gnutls_x509_crt_export(root_cert, GNUTLS_X509_FMT_PEM, NULL, &root_cert_export_size);
+ gnutls_x509_crt_export(host_cert, GNUTLS_X509_FMT_PEM, NULL, &host_cert_export_size);
- root_cert_pem.data = gnutls_malloc(root_cert_pem.size);
- host_cert_pem.data = gnutls_malloc(host_cert_pem.size);
+ root_cert_pem.data = gnutls_malloc(root_cert_export_size);
+ host_cert_pem.data = gnutls_malloc(host_cert_export_size);
- gnutls_x509_crt_export(root_cert, GNUTLS_X509_FMT_PEM, root_cert_pem.data, &root_cert_pem.size);
- gnutls_x509_crt_export(host_cert, GNUTLS_X509_FMT_PEM, host_cert_pem.data, &host_cert_pem.size);
+ gnutls_x509_crt_export(root_cert, GNUTLS_X509_FMT_PEM, root_cert_pem.data, &root_cert_export_size);
+ root_cert_pem.size = root_cert_export_size;
+ gnutls_x509_crt_export(host_cert, GNUTLS_X509_FMT_PEM, host_cert_pem.data, &host_cert_export_size);
+ host_cert_pem.size = host_cert_export_size;
if (NULL != root_cert_pem.data && 0 != root_cert_pem.size &&
NULL != host_cert_pem.data && 0 != host_cert_pem.size)