Parcourir la source
[Bugfix] Check return codes from gnutls library every time.
git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4120 3789f03b-4d11-0410-bbf8-ca57d06f2519tags/v1.0.90
Adam Tkac
il y a 13 ans
2 fichiers modifiés avec 25 ajouts et 10 suppressions
+ 22
- 9
common/rfb/CSecurityTLS.cxx
Voir le fichier
| @@ -79,7 +79,8 @@ CSecurityTLS::CSecurityTLS(bool _anon) : session(0), anon_cred(0), | |||
| void CSecurityTLS::shutdown() | |||
| { | |||
| if (session) | |||
| gnutls_bye(session, GNUTLS_SHUT_RDWR); | |||
| if (gnutls_bye(session, GNUTLS_SHUT_RDWR) != GNUTLS_E_SUCCESS) | |||
| throw Exception("gnutls_bye failed"); | |||
| if (anon_cred) { | |||
| gnutls_anon_free_client_credentials(anon_cred); | |||
| @@ -128,8 +129,11 @@ bool CSecurityTLS::processMsg(CConnection* cc) | |||
| if (is->readU8() == 0) | |||
| return true; | |||
| gnutls_init(&session, GNUTLS_CLIENT); | |||
| gnutls_set_default_priority(session); | |||
| if (gnutls_init(&session, GNUTLS_CLIENT) != GNUTLS_E_SUCCESS) | |||
| throw AuthFailureException("gnutls_init failed"); | |||
| if (gnutls_set_default_priority(session) != GNUTLS_E_SUCCESS) | |||
| throw AuthFailureException("gnutls_set_default_priority failed"); | |||
| setParam(); | |||
| @@ -166,14 +170,22 @@ void CSecurityTLS::setParam() | |||
| GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0 }; | |||
| if (anon) { | |||
| gnutls_kx_set_priority(session, kx_anon_priority); | |||
| gnutls_anon_allocate_client_credentials(&anon_cred); | |||
| gnutls_credentials_set(session, GNUTLS_CRD_ANON, anon_cred); | |||
| if (gnutls_kx_set_priority(session, kx_anon_priority) != GNUTLS_E_SUCCESS) | |||
| throw AuthFailureException("gnutls_kx_set_priority failed"); | |||
| if (gnutls_anon_allocate_client_credentials(&anon_cred) != GNUTLS_E_SUCCESS) | |||
| throw AuthFailureException("gnutls_anon_allocate_client_credentials failed"); | |||
| if (gnutls_credentials_set(session, GNUTLS_CRD_ANON, anon_cred) != GNUTLS_E_SUCCESS) | |||
| throw AuthFailureException("gnutls_credentials_set failed"); | |||
| vlog.debug("Anonymous session has been set"); | |||
| } else { | |||
| gnutls_kx_set_priority(session, kx_priority); | |||
| gnutls_certificate_allocate_credentials(&cert_cred); | |||
| if (gnutls_kx_set_priority(session, kx_priority) != GNUTLS_E_SUCCESS) | |||
| throw AuthFailureException("gnutls_kx_set_priority failed"); | |||
| if (gnutls_certificate_allocate_credentials(&cert_cred) != GNUTLS_E_SUCCESS) | |||
| throw AuthFailureException("gnutls_certificate_allocate_credentials failed"); | |||
| if (*cafile && gnutls_certificate_set_x509_trust_file(cert_cred,cafile,GNUTLS_X509_FMT_PEM) < 0) | |||
| throw AuthFailureException("load of CA cert failed"); | |||
| @@ -181,7 +193,8 @@ void CSecurityTLS::setParam() | |||
| if (*crlfile && gnutls_certificate_set_x509_crl_file(cert_cred,crlfile,GNUTLS_X509_FMT_PEM) < 0) | |||
| throw AuthFailureException("load of CRL failed"); | |||
| gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cert_cred); | |||
| if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cert_cred) != GNUTLS_E_SUCCESS) | |||
| throw AuthFailureException("gnutls_credentials_set failed"); | |||
| vlog.debug("X509 session has been set"); | |||
| } | |||
+ 3
- 1
common/rfb/SSecurityTLS.cxx
Voir le fichier
| @@ -183,7 +183,9 @@ void SSecurityTLS::setParams(gnutls_session session) | |||
| static const int kx_priority[] = { GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, | |||
| GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0 }; | |||
| gnutls_kx_set_priority(session, anon ? kx_anon_priority : kx_priority); | |||
| if (gnutls_kx_set_priority(session, anon ? kx_anon_priority : kx_priority) | |||
| != GNUTLS_E_SUCCESS) | |||
| throw AuthFailureException("gnutls_kx_set_priority failed"); | |||
| if (gnutls_dh_params_init(&dh_params) != GNUTLS_E_SUCCESS) | |||
| throw AuthFailureException("gnutls_dh_params_init failed"); | |||
Chargement…