diff options
author | Christian Grothoff <christian@grothoff.org> | 2014-06-16 20:44:39 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2014-06-16 20:44:39 +0000 |
commit | 7398501236f017143eb0fb8a110eb4fc0ef49b01 (patch) | |
tree | 7096158e004a5c83b7eb7d2b8e92d216b20c9f5c /src/namestore/plugin_gtk_namestore_tlsa.c | |
parent | 83fe5c2dbd9289bfd699a5e39bcc327e68cb93f6 (diff) | |
download | gnunet-gtk-7398501236f017143eb0fb8a110eb4fc0ef49b01.tar.gz gnunet-gtk-7398501236f017143eb0fb8a110eb4fc0ef49b01.zip |
-fix use after free
Diffstat (limited to 'src/namestore/plugin_gtk_namestore_tlsa.c')
-rw-r--r-- | src/namestore/plugin_gtk_namestore_tlsa.c | 48 |
1 files changed, 26 insertions, 22 deletions
diff --git a/src/namestore/plugin_gtk_namestore_tlsa.c b/src/namestore/plugin_gtk_namestore_tlsa.c index 191c785e..1fbdd53b 100644 --- a/src/namestore/plugin_gtk_namestore_tlsa.c +++ b/src/namestore/plugin_gtk_namestore_tlsa.c | |||
@@ -724,10 +724,6 @@ import_x509_certificate (gnutls_session_t session, | |||
724 | */ | 724 | */ |
725 | struct ImportContext | 725 | struct ImportContext |
726 | { | 726 | { |
727 | /** | ||
728 | * The TLS session. | ||
729 | */ | ||
730 | gnutls_session_t session; | ||
731 | 727 | ||
732 | /** | 728 | /** |
733 | * Network handle for the session. | 729 | * Network handle for the session. |
@@ -743,6 +739,11 @@ struct ImportContext | |||
743 | * Builder for accessing widgets. | 739 | * Builder for accessing widgets. |
744 | */ | 740 | */ |
745 | GtkBuilder *builder; | 741 | GtkBuilder *builder; |
742 | |||
743 | /** | ||
744 | * Domain name of the site we use to get the TLS cert record from. | ||
745 | */ | ||
746 | char *name; | ||
746 | }; | 747 | }; |
747 | 748 | ||
748 | 749 | ||
@@ -767,11 +768,13 @@ import_address_cb (void *cls, | |||
767 | struct sockaddr *a; | 768 | struct sockaddr *a; |
768 | unsigned int port; | 769 | unsigned int port; |
769 | gnutls_certificate_type_t type; | 770 | gnutls_certificate_type_t type; |
771 | gnutls_session_t session; | ||
770 | 772 | ||
771 | if (NULL == addr) | 773 | if (NULL == addr) |
772 | { | 774 | { |
773 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | 775 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
774 | _("Name resolution failed\n")); | 776 | _("Name resolution failed\n")); |
777 | GNUNET_free (ic->name); | ||
775 | GNUNET_free (ic); | 778 | GNUNET_free (ic); |
776 | return; | 779 | return; |
777 | } | 780 | } |
@@ -823,13 +826,21 @@ import_address_cb (void *cls, | |||
823 | GNUNET_NETWORK_socket_close (ic->sock); | 826 | GNUNET_NETWORK_socket_close (ic->sock); |
824 | return; | 827 | return; |
825 | } | 828 | } |
826 | |||
827 | GNUNET_RESOLVER_request_cancel (ic->rh); | 829 | GNUNET_RESOLVER_request_cancel (ic->rh); |
828 | 830 | ||
831 | /* initialize TLS session */ | ||
832 | gnutls_init (&session, GNUTLS_CLIENT); | ||
833 | gnutls_session_set_ptr (session, ic); | ||
834 | gnutls_server_name_set (session, | ||
835 | GNUTLS_NAME_DNS, | ||
836 | ic->name, | ||
837 | strlen (ic->name)); | ||
838 | gnutls_set_default_priority (session); | ||
839 | |||
829 | /* Use default priorities */ | 840 | /* Use default priorities */ |
830 | gnutls_certificate_allocate_credentials (&xcred); | 841 | gnutls_certificate_allocate_credentials (&xcred); |
831 | if (GNUTLS_E_SUCCESS != | 842 | if (GNUTLS_E_SUCCESS != |
832 | (ret = gnutls_priority_set_direct (ic->session, | 843 | (ret = gnutls_priority_set_direct (session, |
833 | "PERFORMANCE", | 844 | "PERFORMANCE", |
834 | NULL))) | 845 | NULL))) |
835 | { | 846 | { |
@@ -839,12 +850,12 @@ import_address_cb (void *cls, | |||
839 | goto cleanup; | 850 | goto cleanup; |
840 | } | 851 | } |
841 | /* put the x509 credentials to the current session */ | 852 | /* put the x509 credentials to the current session */ |
842 | gnutls_credentials_set (ic->session, | 853 | gnutls_credentials_set (session, |
843 | GNUTLS_CRD_CERTIFICATE, | 854 | GNUTLS_CRD_CERTIFICATE, |
844 | xcred); | 855 | xcred); |
845 | gnutls_transport_set_int (ic->session, | 856 | gnutls_transport_set_int (session, |
846 | GNUNET_NETWORK_get_fd (ic->sock)); | 857 | GNUNET_NETWORK_get_fd (ic->sock)); |
847 | gnutls_handshake_set_timeout (ic->session, | 858 | gnutls_handshake_set_timeout (session, |
848 | 2000 /* 2s */); | 859 | 2000 /* 2s */); |
849 | 860 | ||
850 | /* TODO: do this in event loop, with insensitive GUI, | 861 | /* TODO: do this in event loop, with insensitive GUI, |
@@ -852,14 +863,14 @@ import_address_cb (void *cls, | |||
852 | /* Perform the TLS handshake */ | 863 | /* Perform the TLS handshake */ |
853 | do | 864 | do |
854 | { | 865 | { |
855 | ret = gnutls_handshake (ic->session); | 866 | ret = gnutls_handshake (session); |
856 | } | 867 | } |
857 | while ( (ret < 0) && (0 == gnutls_error_is_fatal (ret)) ); | 868 | while ( (ret < 0) && (0 == gnutls_error_is_fatal (ret)) ); |
858 | 869 | ||
859 | /* finally, access the certificate */ | 870 | /* finally, access the certificate */ |
860 | if (GNUTLS_E_SUCCESS == ret) | 871 | if (GNUTLS_E_SUCCESS == ret) |
861 | { | 872 | { |
862 | type = gnutls_certificate_type_get (ic->session); | 873 | type = gnutls_certificate_type_get (session); |
863 | switch (type) | 874 | switch (type) |
864 | { | 875 | { |
865 | case GNUTLS_CRT_UNKNOWN: | 876 | case GNUTLS_CRT_UNKNOWN: |
@@ -867,7 +878,7 @@ import_address_cb (void *cls, | |||
867 | _("Server certificate type not supported\n")); | 878 | _("Server certificate type not supported\n")); |
868 | break; | 879 | break; |
869 | case GNUTLS_CRT_X509: | 880 | case GNUTLS_CRT_X509: |
870 | import_x509_certificate (ic->session, | 881 | import_x509_certificate (session, |
871 | ic->builder); | 882 | ic->builder); |
872 | break; | 883 | break; |
873 | case GNUTLS_CRT_OPENPGP: | 884 | case GNUTLS_CRT_OPENPGP: |
@@ -886,13 +897,12 @@ import_address_cb (void *cls, | |||
886 | _("TLS handshake failed: %s\n"), | 897 | _("TLS handshake failed: %s\n"), |
887 | gnutls_strerror (ret)); | 898 | gnutls_strerror (ret)); |
888 | } | 899 | } |
889 | gnutls_bye (ic->session, GNUTLS_SHUT_RDWR); | 900 | gnutls_bye (session, GNUTLS_SHUT_RDWR); |
890 | cleanup: | 901 | cleanup: |
891 | GNUNET_break (GNUNET_OK == | 902 | GNUNET_break (GNUNET_OK == |
892 | GNUNET_NETWORK_socket_close (ic->sock)); | 903 | GNUNET_NETWORK_socket_close (ic->sock)); |
893 | gnutls_deinit (ic->session); | 904 | gnutls_deinit (session); |
894 | gnutls_certificate_free_credentials (xcred); | 905 | gnutls_certificate_free_credentials (xcred); |
895 | GNUNET_free (ic); | ||
896 | } | 906 | } |
897 | 907 | ||
898 | 908 | ||
@@ -926,13 +936,7 @@ tlsa_import_button_clicked_cb (GtkButton *button, | |||
926 | } | 936 | } |
927 | ic = GNUNET_new (struct ImportContext); | 937 | ic = GNUNET_new (struct ImportContext); |
928 | ic->builder = edc->builder; | 938 | ic->builder = edc->builder; |
929 | gnutls_init (&ic->session, GNUTLS_CLIENT); | 939 | ic->name = GNUNET_strdup (name); |
930 | gnutls_session_set_ptr (ic->session, ic); | ||
931 | gnutls_server_name_set (ic->session, | ||
932 | GNUTLS_NAME_DNS, | ||
933 | name, | ||
934 | strlen (name)); | ||
935 | gnutls_set_default_priority (ic->session); | ||
936 | ic->rh = GNUNET_RESOLVER_ip_get (name, | 940 | ic->rh = GNUNET_RESOLVER_ip_get (name, |
937 | AF_UNSPEC, | 941 | AF_UNSPEC, |
938 | GNUNET_TIME_UNIT_SECONDS, | 942 | GNUNET_TIME_UNIT_SECONDS, |