Bug Summary

File:lib/ext/cert_type.c
Location:line 121, column 20
Description:Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'

Annotated Source Code

1/*
2 * Copyright (C) 2002-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
22
23/* This file contains the code the Certificate Type TLS extension.
24 * This extension is currently gnutls specific.
25 */
26
27#include "gnutls_int.h"
28#include "gnutls_errors.h"
29#include "gnutls_num.h"
30#include <ext/cert_type.h>
31#include <gnutls_state.h>
32#include <gnutls_num.h>
33
34/* Maps record size to numbers according to the
35 * extensions draft.
36 */
37inline static int _gnutls_num2cert_type (int num);
38inline static int _gnutls_cert_type2num (int record_size);
39static int _gnutls_cert_type_recv_params (gnutls_session_t session,
40 const opaque * data,
41 size_t data_size);
42static int _gnutls_cert_type_send_params (gnutls_session_t session,
43 gnutls_buffer_st * extdata);
44
45extension_entry_st ext_mod_cert_type = {
46 .name = "CERT TYPE",
47 .type = GNUTLS_EXTENSION_CERT_TYPE,
48 .parse_type = GNUTLS_EXT_TLS,
49
50 .recv_func = _gnutls_cert_type_recv_params,
51 .send_func = _gnutls_cert_type_send_params,
52 .pack_func = NULL((void*)0),
53 .unpack_func = NULL((void*)0),
54 .deinit_func = NULL((void*)0)
55};
56
57/*
58 * In case of a server: if a CERT_TYPE extension type is received then it stores
59 * into the session security parameters the new value. The server may use gnutls_session_certificate_type_get(),
60 * to access it.
61 *
62 * In case of a client: If a cert_types have been specified then we send the extension.
63 *
64 */
65
66static int
67_gnutls_cert_type_recv_params (gnutls_session_t session,
68 const opaque * data, size_t _data_size)
69{
70 int new_type = -1, ret, i;
71 ssize_t data_size = _data_size;
72
73 if (session->security_parameters.entity == GNUTLS_CLIENT(1<<1))
74 {
75 if (data_size > 0)
76 {
77 if (data_size != 1)
78 {
79 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "cert_type.c",79); } while(0);;
80 return GNUTLS_E_UNEXPECTED_PACKET_LENGTH-9;
81 }
82
83 new_type = _gnutls_num2cert_type (data[0]);
84
85 if (new_type < 0)
86 {
87 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "cert_type.c",87); } while(0);;
88 return new_type;
89 }
90
91 /* Check if we support this cert_type */
92 if ((ret =
93 _gnutls_session_cert_type_supported (session, new_type)) < 0)
94 {
95 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "cert_type.c",95); } while(0);;
96 return ret;
97 }
98
99 _gnutls_session_cert_type_set (session, new_type);
100 }
101 }
102 else
103 { /* SERVER SIDE - we must check if the sent cert type is the right one
104 */
105 if (data_size > 1)
106 {
107 uint8_t len;
108
109 DECR_LEN (data_size, 1)do { data_size-=1; if (data_size<0) {do { if (__builtin_expect
((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n"
, "cert_type.c",109); } while(0);; return -9;} } while (0);
110 len = data[0];
111 DECR_LEN (data_size, len)do { data_size-=len; if (data_size<0) {do { if (__builtin_expect
((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n"
, "cert_type.c",111); } while(0);; return -9;} } while (0);
112
113 for (i = 0; i < len; i++)
114 {
115 new_type = _gnutls_num2cert_type (data[i + 1]);
116
117 if (new_type < 0)
118 continue;
119
120 /* Check if we support this cert_type */
121 if ((ret =
Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
122 _gnutls_session_cert_type_supported (session,
123 new_type)) < 0)
124 {
125 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "cert_type.c",125); } while(0);;
126 continue;
127 }
128 else
129 break;
130 /* new_type is ok */
131 }
132
133 if (new_type < 0)
134 {
135 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "cert_type.c",135); } while(0);;
136 return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER-55;
137 }
138
139 if ((ret =
140 _gnutls_session_cert_type_supported (session, new_type)) < 0)
141 {
142 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "cert_type.c",142); } while(0);;
143 /* The peer has requested unsupported certificate
144 * types. Instead of failing, procceed normally.
145 * (the ciphersuite selection would fail, or a
146 * non certificate ciphersuite will be selected).
147 */
148 return 0;
149 }
150
151 _gnutls_session_cert_type_set (session, new_type);
152 }
153 }
154
155 return 0;
156}
157
158/* returns data_size or a negative number on failure
159 */
160static int
161_gnutls_cert_type_send_params (gnutls_session_t session, gnutls_buffer_st* extdata)
162{
163 unsigned len, i;
164 int ret;
165 uint8_t p;
166
167 /* this function sends the client extension data (dnsname) */
168 if (session->security_parameters.entity == GNUTLS_CLIENT(1<<1))
169 {
170
171 if (session->internals.priorities.cert_type.algorithms > 0)
172 {
173
174 len = session->internals.priorities.cert_type.algorithms;
175
176 if (len == 1 &&
177 session->internals.priorities.cert_type.priority[0] ==
178 GNUTLS_CRT_X509)
179 {
180 /* We don't use this extension if X.509 certificates
181 * are used.
182 */
183 return 0;
184 }
185
186 /* this is a vector!
187 */
188 p = (uint8_t) len;
189 ret = _gnutls_buffer_append_data(extdata, &p, 1);
190 if (ret < 0)
191 return gnutls_assert_val(ret)gnutls_assert_val_int(ret, "cert_type.c", 191);
192
193 for (i = 0; i < len; i++)
194 {
195 p =
196 _gnutls_cert_type2num (session->internals.priorities.
197 cert_type.priority[i]);
198 ret = _gnutls_buffer_append_data(extdata, &p, 1);
199 if (ret < 0)
200 return gnutls_assert_val(ret)gnutls_assert_val_int(ret, "cert_type.c", 200);
201 }
202 return len + 1;
203 }
204
205 }
206 else
207 { /* server side */
208 if (session->security_parameters.cert_type != DEFAULT_CERT_TYPEGNUTLS_CRT_X509)
209 {
210 len = 1;
211
212 p =
213 _gnutls_cert_type2num (session->security_parameters.cert_type);
214 ret = _gnutls_buffer_append_data(extdata, &p, 1);
215 if (ret < 0)
216 return gnutls_assert_val(ret)gnutls_assert_val_int(ret, "cert_type.c", 216);
217
218 return len;
219 }
220
221
222 }
223
224 return 0;
225}
226
227/* Maps numbers to record sizes according to the
228 * extensions draft.
229 */
230inline static int
231_gnutls_num2cert_type (int num)
232{
233 switch (num)
234 {
235 case 0:
236 return GNUTLS_CRT_X509;
237 case 1:
238 return GNUTLS_CRT_OPENPGP;
239 default:
240 return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER-55;
241 }
242}
243
244/* Maps record size to numbers according to the
245 * extensions draft.
246 */
247inline static int
248_gnutls_cert_type2num (int cert_type)
249{
250 switch (cert_type)
251 {
252 case GNUTLS_CRT_X509:
253 return 0;
254 case GNUTLS_CRT_OPENPGP:
255 return 1;
256 default:
257 return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER-55;
258 }
259
260}