[En-Nut-Discussion] Problem with new TLS

Harald Kipp harald.kipp at egnite.de
Fri Jul 11 15:21:56 CEST 2014


the following part of tls1.c:add_cert() looks weird:

 while (ssl_ctx->certs[i].buf && i < TLS_SSL_MAX_CERTS)
 if (i == TLS_SSL_MAX_CERTS) /* too many certs */

It first accesses certs[TLS_SSL_MAX_CERTS], which doesn't exist and then
checks, whether this access may have been illegal. Not really the code
quality I'd expect from security sensitive routines. :-(

I didn't figured this out myself. Instead GCC 4.7.4 reported:

 ../../nut/tls/tls1.c: In function 'add_cert':
 ../../nut/tls/tls1.c:308:26: error: array subscript is above array
bounds [-Werror=array-bounds]



Btw. I'd consider TLS being a protocol and I'm wondering, why it hasn't
been stored in nut/pro/tls.

More information about the En-Nut-Discussion mailing list