[vlc-devel] [PATCH] gnutls: fix stored pubkey on Android
Rémi Denis-Courmont
remi at remlab.net
Wed Jul 13 16:03:11 CEST 2016
This looks like a problem between Android and GnuTLS, and hacking around it in
LibVLC looks questionable.
Also...
Le keskiviikkona 13. heinäkuuta 2016, 15.45.30 EEST Thomas Guillem a écrit :
> ---
> modules/misc/gnutls.c | 18 ++++++++++++++++--
> 1 file changed, 16 insertions(+), 2 deletions(-)
>
> diff --git a/modules/misc/gnutls.c b/modules/misc/gnutls.c
> index 1b9c315..e3a4eb2 100644
> --- a/modules/misc/gnutls.c
> +++ b/modules/misc/gnutls.c
> @@ -460,8 +460,21 @@ static int gnutls_ClientHandshake(vlc_tls_creds_t
> *creds, vlc_tls_t *tls, goto error;
> }
>
> + char *db_name = NULL;
> +#ifdef __ANDROID__
> + /* gnutls fail to save the known_hosts file on Android since there is
> no + * valid HOME directory */
> + char *config = config_GetUserDir(VLC_CONFIG_DIR);
> + if (config != NULL)
> + {
> + if (asprintf(&db_name, "%s/gnutls_known_hosts", config) == -1)
> + db_name = NULL;
> + free(config);
> + }
> +#endif
> +
> msg_Dbg(creds, "%u certificate(s) in the list", count);
> - val = gnutls_verify_stored_pubkey (NULL, NULL, host, service,
> + val = gnutls_verify_stored_pubkey (db_name, NULL, host, service,
> GNUTLS_CRT_X509, datum, 0);
> const char *msg;
> switch (val)
> @@ -522,7 +535,7 @@ static int gnutls_ClientHandshake(vlc_tls_creds_t
> *creds, vlc_tls_t *tls, time (&expiry);
> expiry += 24 * 60 * 60;
> case 2:
> - val = gnutls_store_pubkey (NULL, NULL, host, service,
> + val = gnutls_store_pubkey (db_name, NULL, host, service,
> GNUTLS_CRT_X509, datum, expiry, 0);
> if (val)
> msg_Err(creds, "cannot store X.509 certificate: %s",
> @@ -536,6 +549,7 @@ static int gnutls_ClientHandshake(vlc_tls_creds_t
> *creds, vlc_tls_t *tls, error:
> if (alp != NULL)
> free(*alp);
> + free(db_name);
Looks like undefined behaviour to me. I expect compiler warning even.
> return -1;
> }
--
Rémi Denis-Courmont
http://www.remlab.net/
More information about the vlc-devel
mailing list