ext/status_request: ensure response IDs are properly deinitialized

That is, do not attempt to loop through the array if there is no array
allocated.
Signed-off-by: Nikos Mavrogiannopoulos's avatarNikos Mavrogiannopoulos <[email protected]>
parent 83536a74
......@@ -69,7 +69,10 @@ typedef struct {
static void deinit_responder_id(status_request_ext_st *priv)
{
unsigned i;
unsigned i;
if (priv->responder_id == NULL)
return;
for (i = 0; i < priv->responder_id_size; i++)
gnutls_free(priv->responder_id[i].data);
......@@ -135,6 +138,7 @@ server_recv(gnutls_session_t session,
{
size_t i;
ssize_t data_size = size;
unsigned responder_ids = 0;
/* minimum message is type (1) + responder_id_list (2) +
request_extension (2) = 5 */
......@@ -153,23 +157,24 @@ server_recv(gnutls_session_t session,
DECR_LEN(data_size, 1);
data++;
priv->responder_id_size = _gnutls_read_uint16(data);
responder_ids = _gnutls_read_uint16(data);
DECR_LEN(data_size, 2);
data += 2;
if (data_size <= (ssize_t) (priv->responder_id_size * 2))
if (data_size <= (ssize_t) (responder_ids * 2))
return
gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
if (priv->responder_id != NULL)
deinit_responder_id(priv);
deinit_responder_id(priv);
priv->responder_id = gnutls_calloc(1, priv->responder_id_size
priv->responder_id = gnutls_calloc(1, responder_ids
* sizeof(*priv->responder_id));
if (priv->responder_id == NULL)
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
priv->responder_id_size = responder_ids;
for (i = 0; i < priv->responder_id_size; i++) {
size_t l;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment