X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/e3e281ccf9d8777d0df98ddd644720573e0343d1..a85c067ba6c6940512cf57ec213277a370d87e70:/src/src/tlscert-gnu.c diff --git a/src/src/tlscert-gnu.c b/src/src/tlscert-gnu.c index cbc7accf0..8840d5cfd 100644 --- a/src/src/tlscert-gnu.c +++ b/src/src/tlscert-gnu.c @@ -2,8 +2,9 @@ * Exim - an Internet mail transport agent * *************************************************/ +/* Copyright (c) The Exim Maintainers 2021 - 2022 */ /* Copyright (c) Jeremy Harris 2014 - 2018 */ -/* Copyright (c) The Exim Maintainers 2021 */ +/* SPDX-License-Identifier: GPL-2.0-only */ /* This file provides TLS/SSL support for Exim using the GnuTLS library, one of the available supported implementations. This file is #included into @@ -115,7 +116,7 @@ size_t len = 32; if (mod && Ustrcmp(mod, "int") == 0) return string_sprintf("%u", (unsigned)t); -cp = store_get(len, FALSE); +cp = store_get(len, GET_UNTAINTED); if (f.timestamps_utc) { uschar * tz = to_tz(US"GMT0"); @@ -149,7 +150,7 @@ if ((ret = gnutls_x509_crt_get_issuer_dn(cert, CS cp, &siz)) != GNUTLS_E_SHORT_MEMORY_BUFFER) return g_err("gi0", __FUNCTION__, ret); -cp = store_get(siz, TRUE); +cp = store_get(siz, GET_TAINTED); if ((ret = gnutls_x509_crt_get_issuer_dn(cert, CS cp, &siz)) < 0) return g_err("gi1", __FUNCTION__, ret); @@ -203,7 +204,7 @@ if ((ret = gnutls_x509_crt_get_signature((gnutls_x509_crt_t)cert, CS cp1, &len)) != GNUTLS_E_SHORT_MEMORY_BUFFER) return g_err("gs0", __FUNCTION__, ret); -cp1 = store_get(len*4+1, TRUE); +cp1 = store_get(len*4+1, GET_TAINTED); if (gnutls_x509_crt_get_signature((gnutls_x509_crt_t)cert, CS cp1, &len) != 0) return g_err("gs1", __FUNCTION__, ret); @@ -233,7 +234,7 @@ if ((ret = gnutls_x509_crt_get_dn(cert, CS cp, &siz)) != GNUTLS_E_SHORT_MEMORY_BUFFER) return g_err("gs0", __FUNCTION__, ret); -cp = store_get(siz, TRUE); +cp = store_get(siz, GET_TAINTED); if ((ret = gnutls_x509_crt_get_dn(cert, CS cp, &siz)) < 0) return g_err("gs1", __FUNCTION__, ret); @@ -261,7 +262,7 @@ ret = gnutls_x509_crt_get_extension_by_oid ((gnutls_x509_crt_t)cert, if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) return g_err("ge0", __FUNCTION__, ret); -cp1 = store_get(siz*4 + 1, TRUE); +cp1 = store_get(siz*4 + 1, GET_TAINTED); ret = gnutls_x509_crt_get_extension_by_oid ((gnutls_x509_crt_t)cert, CS oid, idx, CS cp1, &siz, &crit); @@ -317,7 +318,7 @@ for (int index = 0;; index++) return g_err("gs0", __FUNCTION__, ret); } - ele = store_get(siz+1, TRUE); + ele = store_get(siz+1, GET_TAINTED); if ((ret = gnutls_x509_crt_get_subject_alt_name( (gnutls_x509_crt_t)cert, index, ele, &siz, NULL)) < 0) return g_err("gs1", __FUNCTION__, ret); @@ -400,7 +401,7 @@ for (int index = 0;; index++) return g_err("gc0", __FUNCTION__, ret); } - ele = store_get(siz, TRUE); + ele = store_get(siz, GET_TAINTED); if ((ret = gnutls_x509_crt_get_crl_dist_points( (gnutls_x509_crt_t)cert, index, ele, &siz, NULL, NULL)) < 0) return g_err("gc1", __FUNCTION__, ret); @@ -423,7 +424,7 @@ int fail; if ( (fail = gnutls_x509_crt_export((gnutls_x509_crt_t)cert, GNUTLS_X509_FMT_DER, cp, &len)) != GNUTLS_E_SHORT_MEMORY_BUFFER - || !(cp = store_get((int)len, TRUE), TRUE) /* tainted */ + || !(cp = store_get((int)len, GET_TAINTED), TRUE) /* tainted */ || (fail = gnutls_x509_crt_export((gnutls_x509_crt_t)cert, GNUTLS_X509_FMT_DER, cp, &len)) ) @@ -448,7 +449,7 @@ if ((ret = gnutls_x509_crt_get_fingerprint(cert, algo, NULL, &siz)) != GNUTLS_E_SHORT_MEMORY_BUFFER) return g_err("gf0", __FUNCTION__, ret); -cp = store_get(siz*3+1, TRUE); +cp = store_get(siz*3+1, GET_TAINTED); if ((ret = gnutls_x509_crt_get_fingerprint(cert, algo, cp, &siz)) < 0) return g_err("gf1", __FUNCTION__, ret);