Overview
Comment: | Changed Tls_NewX509Obj to not use stack space for all and certificate buffers. This reduces the possibility of a stack overflow. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | tls-1.8 |
Files: | files | file ages | folders |
SHA3-256: |
17ee565eedfaa786265161b68db7e24a |
User & Date: | bohagan on 2024-06-25 22:22:16 |
Other Links: | branch diff | manifest | tags |
Context
2024-06-28
| ||
18:50 | Refactored Tls_NewX509Obj to use Tcl_Size, common var names, added function descriptions, etc. check-in: 1bf152a55d user: bohagan tags: tls-1.8 | |
2024-06-25
| ||
22:22 | Changed Tls_NewX509Obj to not use stack space for all and certificate buffers. This reduces the possibility of a stack overflow. check-in: 17ee565eed user: bohagan tags: tls-1.8 | |
2024-06-23
| ||
03:11 | Documentation updates to add info on certificate validation needs and more debug info. check-in: e4794cbb74 user: bohagan tags: tls-1.8 | |
Changes
Modified generic/tls.c from [bba2dae983] to [d36478ef49].
︙ | |||
374 375 376 377 378 379 380 | 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 | - + | /* Create command to eval with fn, chan, depth, cert info list, status, and error args */ cmdPtr = Tcl_DuplicateObj(statePtr->vcmd); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("verify", -1)); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(Tcl_GetChannelName(statePtr->self), -1)); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewIntObj(depth)); |
︙ | |||
2182 2183 2184 2185 2186 2187 2188 | 2182 2183 2184 2185 2186 2187 2188 2189 2190 2191 2192 2193 2194 2195 2196 | - + | if (objc == 2) { peer = SSL_get_peer_certificate(statePtr->ssl); } else { peer = SSL_get_certificate(statePtr->ssl); } /* Get X509 certificate info */ if (peer) { |
︙ |
Modified generic/tlsInt.h from [acd84d3ddd] to [991758417a].
︙ | |||
209 210 211 212 213 214 215 | 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 | - + | /* * Forward declarations */ const Tcl_ChannelType *Tls_ChannelType(void); Tcl_Channel Tls_GetParent(State *statePtr, int maskFlags); |
︙ |
Modified generic/tlsX509.c from [ea8ff7e7c8] to [36eeb56077].
︙ | |||
367 368 369 370 371 372 373 | 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 | - + | * A Tcl List Object representing the provided * X509 certificate. * *------------------------------------------------------* */ Tcl_Obj* |
︙ | |||
592 593 594 595 596 597 598 | 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 | + + + + - - - + + + + + + + + + - + - - - + + + + + | unsigned char *string = X509_alias_get0(cert, &len); LAPPEND_STR(interp, certPtr, "alias", (char *) string, (Tcl_Size) len); string = X509_keyid_get0(cert, &len); LAPPEND_STR(interp, certPtr, "keyId", (char *) string, (Tcl_Size) len); } /* Certificate and dump all data */ if (all) { Tcl_Obj *allObj = Tcl_NewByteArrayObj(NULL, 0); Tcl_Obj *certObj = Tcl_NewByteArrayObj(NULL, 0); unsigned char *allStr, *certStr; |