diff options
| author | Christian Grothoff <christian@grothoff.org> | 2014-06-16 20:44:39 +0000 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2014-06-16 20:44:39 +0000 |
| commit | 7398501236f017143eb0fb8a110eb4fc0ef49b01 (patch) | |
| tree | 7096158e004a5c83b7eb7d2b8e92d216b20c9f5c /src/namestore/plugin_gtk_namestore_tlsa.c | |
| parent | 83fe5c2dbd9289bfd699a5e39bcc327e68cb93f6 (diff) | |
| download | gnunet-gtk-7398501236f017143eb0fb8a110eb4fc0ef49b01.tar.gz gnunet-gtk-7398501236f017143eb0fb8a110eb4fc0ef49b01.zip | |
-fix use after free
Diffstat (limited to 'src/namestore/plugin_gtk_namestore_tlsa.c')
| -rw-r--r-- | src/namestore/plugin_gtk_namestore_tlsa.c | 48 |
1 files changed, 26 insertions, 22 deletions
diff --git a/src/namestore/plugin_gtk_namestore_tlsa.c b/src/namestore/plugin_gtk_namestore_tlsa.c index 191c785e..1fbdd53b 100644 --- a/src/namestore/plugin_gtk_namestore_tlsa.c +++ b/src/namestore/plugin_gtk_namestore_tlsa.c | |||
| @@ -724,10 +724,6 @@ import_x509_certificate (gnutls_session_t session, | |||
| 724 | */ | 724 | */ |
| 725 | struct ImportContext | 725 | struct ImportContext |
| 726 | { | 726 | { |
| 727 | /** | ||
| 728 | * The TLS session. | ||
| 729 | */ | ||
| 730 | gnutls_session_t session; | ||
| 731 | 727 | ||
| 732 | /** | 728 | /** |
| 733 | * Network handle for the session. | 729 | * Network handle for the session. |
| @@ -743,6 +739,11 @@ struct ImportContext | |||
| 743 | * Builder for accessing widgets. | 739 | * Builder for accessing widgets. |
| 744 | */ | 740 | */ |
| 745 | GtkBuilder *builder; | 741 | GtkBuilder *builder; |
| 742 | |||
| 743 | /** | ||
| 744 | * Domain name of the site we use to get the TLS cert record from. | ||
| 745 | */ | ||
| 746 | char *name; | ||
| 746 | }; | 747 | }; |
| 747 | 748 | ||
| 748 | 749 | ||
| @@ -767,11 +768,13 @@ import_address_cb (void *cls, | |||
| 767 | struct sockaddr *a; | 768 | struct sockaddr *a; |
| 768 | unsigned int port; | 769 | unsigned int port; |
| 769 | gnutls_certificate_type_t type; | 770 | gnutls_certificate_type_t type; |
| 771 | gnutls_session_t session; | ||
| 770 | 772 | ||
| 771 | if (NULL == addr) | 773 | if (NULL == addr) |
| 772 | { | 774 | { |
| 773 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | 775 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
| 774 | _("Name resolution failed\n")); | 776 | _("Name resolution failed\n")); |
| 777 | GNUNET_free (ic->name); | ||
| 775 | GNUNET_free (ic); | 778 | GNUNET_free (ic); |
| 776 | return; | 779 | return; |
| 777 | } | 780 | } |
| @@ -823,13 +826,21 @@ import_address_cb (void *cls, | |||
| 823 | GNUNET_NETWORK_socket_close (ic->sock); | 826 | GNUNET_NETWORK_socket_close (ic->sock); |
| 824 | return; | 827 | return; |
| 825 | } | 828 | } |
| 826 | |||
| 827 | GNUNET_RESOLVER_request_cancel (ic->rh); | 829 | GNUNET_RESOLVER_request_cancel (ic->rh); |
| 828 | 830 | ||
| 831 | /* initialize TLS session */ | ||
| 832 | gnutls_init (&session, GNUTLS_CLIENT); | ||
| 833 | gnutls_session_set_ptr (session, ic); | ||
| 834 | gnutls_server_name_set (session, | ||
| 835 | GNUTLS_NAME_DNS, | ||
| 836 | ic->name, | ||
| 837 | strlen (ic->name)); | ||
| 838 | gnutls_set_default_priority (session); | ||
| 839 | |||
| 829 | /* Use default priorities */ | 840 | /* Use default priorities */ |
| 830 | gnutls_certificate_allocate_credentials (&xcred); | 841 | gnutls_certificate_allocate_credentials (&xcred); |
| 831 | if (GNUTLS_E_SUCCESS != | 842 | if (GNUTLS_E_SUCCESS != |
| 832 | (ret = gnutls_priority_set_direct (ic->session, | 843 | (ret = gnutls_priority_set_direct (session, |
| 833 | "PERFORMANCE", | 844 | "PERFORMANCE", |
| 834 | NULL))) | 845 | NULL))) |
| 835 | { | 846 | { |
| @@ -839,12 +850,12 @@ import_address_cb (void *cls, | |||
| 839 | goto cleanup; | 850 | goto cleanup; |
| 840 | } | 851 | } |
| 841 | /* put the x509 credentials to the current session */ | 852 | /* put the x509 credentials to the current session */ |
| 842 | gnutls_credentials_set (ic->session, | 853 | gnutls_credentials_set (session, |
| 843 | GNUTLS_CRD_CERTIFICATE, | 854 | GNUTLS_CRD_CERTIFICATE, |
| 844 | xcred); | 855 | xcred); |
| 845 | gnutls_transport_set_int (ic->session, | 856 | gnutls_transport_set_int (session, |
| 846 | GNUNET_NETWORK_get_fd (ic->sock)); | 857 | GNUNET_NETWORK_get_fd (ic->sock)); |
| 847 | gnutls_handshake_set_timeout (ic->session, | 858 | gnutls_handshake_set_timeout (session, |
| 848 | 2000 /* 2s */); | 859 | 2000 /* 2s */); |
| 849 | 860 | ||
| 850 | /* TODO: do this in event loop, with insensitive GUI, | 861 | /* TODO: do this in event loop, with insensitive GUI, |
| @@ -852,14 +863,14 @@ import_address_cb (void *cls, | |||
| 852 | /* Perform the TLS handshake */ | 863 | /* Perform the TLS handshake */ |
| 853 | do | 864 | do |
| 854 | { | 865 | { |
| 855 | ret = gnutls_handshake (ic->session); | 866 | ret = gnutls_handshake (session); |
| 856 | } | 867 | } |
| 857 | while ( (ret < 0) && (0 == gnutls_error_is_fatal (ret)) ); | 868 | while ( (ret < 0) && (0 == gnutls_error_is_fatal (ret)) ); |
| 858 | 869 | ||
| 859 | /* finally, access the certificate */ | 870 | /* finally, access the certificate */ |
| 860 | if (GNUTLS_E_SUCCESS == ret) | 871 | if (GNUTLS_E_SUCCESS == ret) |
| 861 | { | 872 | { |
| 862 | type = gnutls_certificate_type_get (ic->session); | 873 | type = gnutls_certificate_type_get (session); |
| 863 | switch (type) | 874 | switch (type) |
| 864 | { | 875 | { |
| 865 | case GNUTLS_CRT_UNKNOWN: | 876 | case GNUTLS_CRT_UNKNOWN: |
| @@ -867,7 +878,7 @@ import_address_cb (void *cls, | |||
| 867 | _("Server certificate type not supported\n")); | 878 | _("Server certificate type not supported\n")); |
| 868 | break; | 879 | break; |
| 869 | case GNUTLS_CRT_X509: | 880 | case GNUTLS_CRT_X509: |
| 870 | import_x509_certificate (ic->session, | 881 | import_x509_certificate (session, |
| 871 | ic->builder); | 882 | ic->builder); |
| 872 | break; | 883 | break; |
| 873 | case GNUTLS_CRT_OPENPGP: | 884 | case GNUTLS_CRT_OPENPGP: |
| @@ -886,13 +897,12 @@ import_address_cb (void *cls, | |||
| 886 | _("TLS handshake failed: %s\n"), | 897 | _("TLS handshake failed: %s\n"), |
| 887 | gnutls_strerror (ret)); | 898 | gnutls_strerror (ret)); |
| 888 | } | 899 | } |
| 889 | gnutls_bye (ic->session, GNUTLS_SHUT_RDWR); | 900 | gnutls_bye (session, GNUTLS_SHUT_RDWR); |
| 890 | cleanup: | 901 | cleanup: |
| 891 | GNUNET_break (GNUNET_OK == | 902 | GNUNET_break (GNUNET_OK == |
| 892 | GNUNET_NETWORK_socket_close (ic->sock)); | 903 | GNUNET_NETWORK_socket_close (ic->sock)); |
| 893 | gnutls_deinit (ic->session); | 904 | gnutls_deinit (session); |
| 894 | gnutls_certificate_free_credentials (xcred); | 905 | gnutls_certificate_free_credentials (xcred); |
| 895 | GNUNET_free (ic); | ||
| 896 | } | 906 | } |
| 897 | 907 | ||
| 898 | 908 | ||
| @@ -926,13 +936,7 @@ tlsa_import_button_clicked_cb (GtkButton *button, | |||
| 926 | } | 936 | } |
| 927 | ic = GNUNET_new (struct ImportContext); | 937 | ic = GNUNET_new (struct ImportContext); |
| 928 | ic->builder = edc->builder; | 938 | ic->builder = edc->builder; |
| 929 | gnutls_init (&ic->session, GNUTLS_CLIENT); | 939 | ic->name = GNUNET_strdup (name); |
| 930 | gnutls_session_set_ptr (ic->session, ic); | ||
| 931 | gnutls_server_name_set (ic->session, | ||
| 932 | GNUTLS_NAME_DNS, | ||
| 933 | name, | ||
| 934 | strlen (name)); | ||
| 935 | gnutls_set_default_priority (ic->session); | ||
| 936 | ic->rh = GNUNET_RESOLVER_ip_get (name, | 940 | ic->rh = GNUNET_RESOLVER_ip_get (name, |
| 937 | AF_UNSPEC, | 941 | AF_UNSPEC, |
| 938 | GNUNET_TIME_UNIT_SECONDS, | 942 | GNUNET_TIME_UNIT_SECONDS, |