From 6948ead152f81b2d66ba0636b0f0604cdc3bc554 Mon Sep 17 00:00:00 2001 From: Adam Tkac Date: Wed, 11 Aug 2010 15:58:59 +0000 Subject: [PATCH] [Bugfix] Check return codes from gnutls library every time. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4120 3789f03b-4d11-0410-bbf8-ca57d06f2519 --- common/rfb/CSecurityTLS.cxx | 31 ++++++++++++++++++++++--------- common/rfb/SSecurityTLS.cxx | 4 +++- 2 files changed, 25 insertions(+), 10 deletions(-) diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx index 7b2456db..651f8521 100644 --- a/common/rfb/CSecurityTLS.cxx +++ b/common/rfb/CSecurityTLS.cxx @@ -79,7 +79,8 @@ CSecurityTLS::CSecurityTLS(bool _anon) : session(0), anon_cred(0), void CSecurityTLS::shutdown() { if (session) - gnutls_bye(session, GNUTLS_SHUT_RDWR); + if (gnutls_bye(session, GNUTLS_SHUT_RDWR) != GNUTLS_E_SUCCESS) + throw Exception("gnutls_bye failed"); if (anon_cred) { gnutls_anon_free_client_credentials(anon_cred); @@ -128,8 +129,11 @@ bool CSecurityTLS::processMsg(CConnection* cc) if (is->readU8() == 0) return true; - gnutls_init(&session, GNUTLS_CLIENT); - gnutls_set_default_priority(session); + if (gnutls_init(&session, GNUTLS_CLIENT) != GNUTLS_E_SUCCESS) + throw AuthFailureException("gnutls_init failed"); + + if (gnutls_set_default_priority(session) != GNUTLS_E_SUCCESS) + throw AuthFailureException("gnutls_set_default_priority failed"); setParam(); @@ -166,14 +170,22 @@ void CSecurityTLS::setParam() GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0 }; if (anon) { - gnutls_kx_set_priority(session, kx_anon_priority); - gnutls_anon_allocate_client_credentials(&anon_cred); - gnutls_credentials_set(session, GNUTLS_CRD_ANON, anon_cred); + if (gnutls_kx_set_priority(session, kx_anon_priority) != GNUTLS_E_SUCCESS) + throw AuthFailureException("gnutls_kx_set_priority failed"); + + if (gnutls_anon_allocate_client_credentials(&anon_cred) != GNUTLS_E_SUCCESS) + throw AuthFailureException("gnutls_anon_allocate_client_credentials failed"); + + if (gnutls_credentials_set(session, GNUTLS_CRD_ANON, anon_cred) != GNUTLS_E_SUCCESS) + throw AuthFailureException("gnutls_credentials_set failed"); vlog.debug("Anonymous session has been set"); } else { - gnutls_kx_set_priority(session, kx_priority); - gnutls_certificate_allocate_credentials(&cert_cred); + if (gnutls_kx_set_priority(session, kx_priority) != GNUTLS_E_SUCCESS) + throw AuthFailureException("gnutls_kx_set_priority failed"); + + if (gnutls_certificate_allocate_credentials(&cert_cred) != GNUTLS_E_SUCCESS) + throw AuthFailureException("gnutls_certificate_allocate_credentials failed"); if (*cafile && gnutls_certificate_set_x509_trust_file(cert_cred,cafile,GNUTLS_X509_FMT_PEM) < 0) throw AuthFailureException("load of CA cert failed"); @@ -181,7 +193,8 @@ void CSecurityTLS::setParam() if (*crlfile && gnutls_certificate_set_x509_crl_file(cert_cred,crlfile,GNUTLS_X509_FMT_PEM) < 0) throw AuthFailureException("load of CRL failed"); - gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cert_cred); + if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cert_cred) != GNUTLS_E_SUCCESS) + throw AuthFailureException("gnutls_credentials_set failed"); vlog.debug("X509 session has been set"); } diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx index a268a512..e6202a88 100644 --- a/common/rfb/SSecurityTLS.cxx +++ b/common/rfb/SSecurityTLS.cxx @@ -183,7 +183,9 @@ void SSecurityTLS::setParams(gnutls_session session) static const int kx_priority[] = { GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0 }; - gnutls_kx_set_priority(session, anon ? kx_anon_priority : kx_priority); + if (gnutls_kx_set_priority(session, anon ? kx_anon_priority : kx_priority) + != GNUTLS_E_SUCCESS) + throw AuthFailureException("gnutls_kx_set_priority failed"); if (gnutls_dh_params_init(&dh_params) != GNUTLS_E_SUCCESS) throw AuthFailureException("gnutls_dh_params_init failed"); -- 2.39.5