diff options
author | Nikias Bassen | 2009-07-28 14:59:07 +0200 |
---|---|---|
committer | Matt Colyer | 2009-07-28 21:31:25 -0700 |
commit | c57ebf917e30afd78dac8042552966811531c632 (patch) | |
tree | 5c3e200bc1babfead1900dde7d1d37400fac498c | |
parent | dd97a88597eb00fa688ee9f28cadac117c47f6f0 (diff) | |
download | libimobiledevice-c57ebf917e30afd78dac8042552966811531c632.tar.gz libimobiledevice-c57ebf917e30afd78dac8042552966811531c632.tar.bz2 |
Fix potential memory corruption in calls to gnutls function on 64 bit arch
[#60 state:resolved]
Signed-off-by: Matt Colyer <matt@colyer.name>
-rw-r--r-- | src/lockdown.c | 8 | ||||
-rw-r--r-- | src/userpref.c | 32 |
2 files changed, 25 insertions, 15 deletions
diff --git a/src/lockdown.c b/src/lockdown.c index bc430c9..88ab7b0 100644 --- a/src/lockdown.c +++ b/src/lockdown.c @@ -954,10 +954,12 @@ lockdownd_error_t lockdownd_gen_pair_cert(gnutls_datum_t public_key, gnutls_datu if (LOCKDOWN_E_SUCCESS == ret) { /* if everything went well, export in PEM format */ + size_t export_size = 0; gnutls_datum_t dev_pem = { NULL, 0 }; - gnutls_x509_crt_export(dev_cert, GNUTLS_X509_FMT_PEM, NULL, &dev_pem.size); - dev_pem.data = gnutls_malloc(dev_pem.size); - gnutls_x509_crt_export(dev_cert, GNUTLS_X509_FMT_PEM, dev_pem.data, &dev_pem.size); + gnutls_x509_crt_export(dev_cert, GNUTLS_X509_FMT_PEM, NULL, &export_size); + dev_pem.data = gnutls_malloc(export_size); + gnutls_x509_crt_export(dev_cert, GNUTLS_X509_FMT_PEM, dev_pem.data, &export_size); + dev_pem.size = export_size; gnutls_datum_t pem_root_cert = { NULL, 0 }; gnutls_datum_t pem_host_cert = { NULL, 0 }; diff --git a/src/userpref.c b/src/userpref.c index 4b6dd98..b930693 100644 --- a/src/userpref.c +++ b/src/userpref.c @@ -289,29 +289,37 @@ static userpref_error_t userpref_gen_keys_and_cert(void) gnutls_x509_crt_sign(host_cert, root_cert, root_privkey); /* export to PEM format */ + size_t root_key_export_size = 0; + size_t host_key_export_size = 0; gnutls_datum_t root_key_pem = { NULL, 0 }; gnutls_datum_t host_key_pem = { NULL, 0 }; - gnutls_x509_privkey_export(root_privkey, GNUTLS_X509_FMT_PEM, NULL, &root_key_pem.size); - gnutls_x509_privkey_export(host_privkey, GNUTLS_X509_FMT_PEM, NULL, &host_key_pem.size); + gnutls_x509_privkey_export(root_privkey, GNUTLS_X509_FMT_PEM, NULL, &root_key_export_size); + gnutls_x509_privkey_export(host_privkey, GNUTLS_X509_FMT_PEM, NULL, &host_key_export_size); - root_key_pem.data = gnutls_malloc(root_key_pem.size); - host_key_pem.data = gnutls_malloc(host_key_pem.size); + root_key_pem.data = gnutls_malloc(root_key_export_size); + host_key_pem.data = gnutls_malloc(host_key_export_size); - gnutls_x509_privkey_export(root_privkey, GNUTLS_X509_FMT_PEM, root_key_pem.data, &root_key_pem.size); - gnutls_x509_privkey_export(host_privkey, GNUTLS_X509_FMT_PEM, host_key_pem.data, &host_key_pem.size); + gnutls_x509_privkey_export(root_privkey, GNUTLS_X509_FMT_PEM, root_key_pem.data, &root_key_export_size); + root_key_pem.size = root_key_export_size; + gnutls_x509_privkey_export(host_privkey, GNUTLS_X509_FMT_PEM, host_key_pem.data, &host_key_export_size); + host_key_pem.size = host_key_export_size; + size_t root_cert_export_size = 0; + size_t host_cert_export_size = 0; gnutls_datum_t root_cert_pem = { NULL, 0 }; gnutls_datum_t host_cert_pem = { NULL, 0 }; - gnutls_x509_crt_export(root_cert, GNUTLS_X509_FMT_PEM, NULL, &root_cert_pem.size); - gnutls_x509_crt_export(host_cert, GNUTLS_X509_FMT_PEM, NULL, &host_cert_pem.size); + gnutls_x509_crt_export(root_cert, GNUTLS_X509_FMT_PEM, NULL, &root_cert_export_size); + gnutls_x509_crt_export(host_cert, GNUTLS_X509_FMT_PEM, NULL, &host_cert_export_size); - root_cert_pem.data = gnutls_malloc(root_cert_pem.size); - host_cert_pem.data = gnutls_malloc(host_cert_pem.size); + root_cert_pem.data = gnutls_malloc(root_cert_export_size); + host_cert_pem.data = gnutls_malloc(host_cert_export_size); - gnutls_x509_crt_export(root_cert, GNUTLS_X509_FMT_PEM, root_cert_pem.data, &root_cert_pem.size); - gnutls_x509_crt_export(host_cert, GNUTLS_X509_FMT_PEM, host_cert_pem.data, &host_cert_pem.size); + gnutls_x509_crt_export(root_cert, GNUTLS_X509_FMT_PEM, root_cert_pem.data, &root_cert_export_size); + root_cert_pem.size = root_cert_export_size; + gnutls_x509_crt_export(host_cert, GNUTLS_X509_FMT_PEM, host_cert_pem.data, &host_cert_export_size); + host_cert_pem.size = host_cert_export_size; if (NULL != root_cert_pem.data && 0 != root_cert_pem.size && NULL != host_cert_pem.data && 0 != host_cert_pem.size) |