GnuTLS: read key material from memory - fixes #1108

0e51a9e6 · Rémi Denis-Courmont · a2ad5ed1 · 0e51a9e6
Commit 0e51a9e6 authored May 20, 2008 by Rémi Denis-Courmont
Show whitespace changes
Inline Side-by-side

Showing with 45 additions and 34 deletions

modules/misc/gnutls.c modules/misc/gnutls.c +45 -34

No files found.
--- a/modules/misc/gnutls.c
+++ b/modules/misc/gnutls.c
@@ -41,14 +41,18 @@
 #endif
 #ifdef HAVE_SYS_STAT_H
 # include <sys/stat.h>
-# ifdef HAVE_UNISTD_H
+#endif
+#ifdef WIN32
+# include <io.h>
+#else
 # include <unistd.h>
-# endif
+# include <fcntl.h>
 #endif
 #include <vlc_tls.h>
 #include <vlc_charset.h>
+#include <vlc_block.h>
 #include <gcrypt.h>
 #include <gnutls/gnutls.h>
@@ -571,41 +575,48 @@ gnutls_Addx509File( vlc_object_t *p_this,
 {
    struct stat st;
-    if( utf8_stat( psz_path, &st ) == 0 )
+    int fd = utf8_open (psz_path, O_RDONLY, 0);
-    {
+    if (fd == -1)
-        if( S_ISREG( st.st_mode ) )
+        goto error;
+    block_t *block = block_File (fd);
+    if (block != NULL)
    {
-            char *psz_localname = ToLocale( psz_path );
+        close (fd);
-            int i = b_priv
-                    ? gnutls_certificate_set_x509_key_file( cred,
+        gnutls_datum data = {
-                    psz_localname,  psz_localname, GNUTLS_X509_FMT_PEM )
+            .data = block->p_buffer,
-                : gnutls_certificate_set_x509_trust_file( cred,
+            .size = block->i_buffer,
-                        psz_localname, GNUTLS_X509_FMT_PEM );
+        };
-            LocaleFree( psz_localname );
+        int res = b_priv
+            ? gnutls_certificate_set_x509_key_mem (cred, &data, &data,
-            if( i < 0 )
+                                                   GNUTLS_X509_FMT_PEM)
+            : gnutls_certificate_set_x509_trust_mem (cred, &data,
+                                                     GNUTLS_X509_FMT_PEM);
+        block_Release (block);
+        if (res < 0)
        {
-                msg_Warn( p_this, "cannot add x509 credentials (%s): %s",
+            msg_Warn (p_this, "cannot add x509 credentials (%s): %s",
-                          psz_path, gnutls_strerror( i ) );
+                      psz_path, gnutls_strerror (res));
            return VLC_EGENERIC;
        }
-            else
+        msg_Dbg (p_this, "added x509 credentials (%s)", psz_path);
-            {
-                msg_Dbg( p_this, "added x509 credentials (%s)",
-                         psz_path );
        return VLC_SUCCESS;
    }
-        }
-        else if( S_ISDIR( st.st_mode ) )
+    if (!fstat (fd, &st) && S_ISDIR (st.st_mode))
    {
-            msg_Dbg( p_this,
+        close (fd);
-                     "looking recursively for x509 credentials in %s",
+        msg_Dbg (p_this, "looking recursively for x509 credentials in %s",
-                     psz_path );
+                 psz_path);
-            return gnutls_Addx509Directory( p_this, cred, psz_path, b_priv);
+        return gnutls_Addx509Directory (p_this, cred, psz_path, b_priv);
    }
-    }
-    else
+error:
-        msg_Warn( p_this, "cannot add x509 credentials (%s): %m", psz_path );
+    msg_Warn (p_this, "cannot add x509 credentials (%s): %m", psz_path);
+    if (fd != -1)
+        close (fd);
    return VLC_EGENERIC;
 }