26 Jan
2021
26 Jan
'21
9:26 a.m.
Damjan Jovanovic damjan.jov@gmail.com wrote:
+SECURITY_STATUS schan_imp_get_unique_channel_binding(schan_imp_session session,
SecPkgContext_Bindings *bindings)+{
- static const char prefix[] = "tls-unique:";
- gnutls_datum_t datum;
- int rc;
- SECURITY_STATUS ret;
- char *p;
- gnutls_session_t s = (gnutls_session_t)session;
- rc = pgnutls_session_channel_binding(s, GNUTLS_CB_TLS_UNIQUE, &datum);
- if (rc)
- {
pgnutls_perror(rc);ret = SEC_E_INTERNAL_ERROR;- }
- else
- {
bindings->BindingsLength = sizeof(SEC_CHANNEL_BINDINGS) + sizeof(prefix)-1 + datum.size;bindings->Bindings = heap_alloc_zero(bindings->BindingsLength);if (!bindings->Bindings)ret = SEC_E_INSUFFICIENT_MEMORY;else{bindings->Bindings->cbApplicationDataLength = sizeof(prefix)-1 + datum.size;bindings->Bindings->dwApplicationDataOffset = sizeof(SEC_CHANNEL_BINDINGS);p = (char*)(bindings->Bindings+1);memcpy(p, prefix, sizeof(prefix)-1);p += sizeof(prefix)-1;memcpy(p, datum.data, datum.size);ret = SEC_E_OK;}- }
- (*pgnutls_free)(datum.data);
- return ret;
+}
Does it make sense to call gnutls_free() if gnutls_session_channel_binding() fails? If not, then the indentation could be simplified to return right after the initial failure.
--
Dmitry.