Author: costin Date: Wed Feb 22 04:52:15 2012 New Revision: 1292127 URL: http://svn.apache.org/viewvc?rev=1292127&view=rev Log: Use fixed len for the buffers. Add back the code for getting/setting tickets.
Modified: tomcat/native/trunk/native/src/sslext.c Modified: tomcat/native/trunk/native/src/sslext.c URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslext.c?rev=1292127&r1=1292126&r2=1292127&view=diff ============================================================================== --- tomcat/native/trunk/native/src/sslext.c (original) +++ tomcat/native/trunk/native/src/sslext.c Wed Feb 22 04:52:15 2012 @@ -33,11 +33,14 @@ TCN_IMPLEMENT_CALL(jint, SSLExt, setSess { tcn_socket_t *s = J2P(tcsock, tcn_socket_t *); tcn_ssl_conn_t *tcssl = (tcn_ssl_conn_t *)s->opaque; - unsigned char bytes[len]; - const unsigned char *bytesp = &bytes[0]; + jbyte bytes[TCN_BUFFER_SZ]; + const jbyte *bytesp = &bytes[0]; + if (len > TCN_BUFFER_SZ) { + return -1; + } (*e)->GetByteArrayRegion(e, buf, 0, len, bytes); - SSL_SESSION* ssl_session = d2i_SSL_SESSION(NULL, &bytesp, len); + SSL_SESSION* ssl_session = d2i_SSL_SESSION(NULL, (const unsigned char **)&bytesp, len); SSL_set_session(tcssl->ssl, ssl_session); return 0; @@ -50,14 +53,14 @@ TCN_IMPLEMENT_CALL(jbyteArray, SSLExt, g SSL_SESSION *sess = SSL_get_session(tcssl->ssl); int size = i2d_SSL_SESSION(sess, NULL); - if (size == 0) { + if (size == 0 || size > TCN_BUFFER_SZ) { return NULL; } jbyteArray javaBytes = (*e)->NewByteArray(e, size); if (javaBytes != NULL) { - unsigned char bytes[size]; - unsigned char *bytesp = &bytes[0]; + jbyte bytes[TCN_BUFFER_SZ]; + unsigned char *bytesp = (unsigned char *)&bytes[0]; i2d_SSL_SESSION(sess, &bytesp); (*e)->SetByteArrayRegion(e, javaBytes, 0, size, bytes); @@ -66,8 +69,6 @@ TCN_IMPLEMENT_CALL(jbyteArray, SSLExt, g return javaBytes; } -#ifdef EXP_TICKETS -// Experimenting with tickets TCN_IMPLEMENT_CALL(jint, SSLExt, getTicket)(TCN_STDARGS, jlong tcsock, jbyteArray buf) { tcn_socket_t *s = J2P(tcsock, tcn_socket_t *); @@ -79,7 +80,7 @@ TCN_IMPLEMENT_CALL(jint, SSLExt, getTick if (!x->tlsext_tick || x->tlsext_ticklen > bufLen) { return 0; } - (*e)->SetByteArrayRegion(e, buf, 0, x->tlsext_ticklen, &x->tlsext_tick[0]); + (*e)->SetByteArrayRegion(e, buf, 0, x->tlsext_ticklen, (jbyte *) &x->tlsext_tick[0]); return x->tlsext_ticklen; } @@ -91,7 +92,7 @@ TCN_IMPLEMENT_CALL(jint, SSLExt, setTick tcn_ssl_conn_t *tcssl = (tcn_ssl_conn_t *)s->opaque; char * requestedTicket = apr_pcalloc(tcssl->pool, len); - (*e)->GetByteArrayRegion(e, buf, 0, len, requestedTicket); + (*e)->GetByteArrayRegion(e, buf, 0, len, (jbyte *) requestedTicket); SSL_set_session_ticket_ext(tcssl->ssl, requestedTicket, len); return 0; } @@ -101,12 +102,11 @@ TCN_IMPLEMENT_CALL(jint, SSLExt, setTick tcn_ssl_ctxt_t *sslctx = J2P(tc_ssl_ctx, tcn_ssl_ctxt_t *); unsigned char keys[48]; - (*e)->GetByteArrayRegion(e, buf, 0, 48, keys); + (*e)->GetByteArrayRegion(e, buf, 0, 48, (jbyte *) keys); SSL_CTX_set_tlsext_ticket_keys(sslctx->ctx, keys, sizeof(keys)); return 0; } -#endif // Debug code - copied from openssl app @@ -420,21 +420,6 @@ void msg_cb(int write_p, int version, in (void)BIO_flush(bio); } -/* - TCN_IMPLEMENT_CALL(jint, SSLSocket, setTlsHostname)(TCN_STDARGS, jlong sock, - jbyteArray buf, jint offset, jint tosend) - { - //SSL_set_tlsext_host_name - return 0; - } - - TCN_IMPLEMENT_CALL(jString, SSLSocket, getTlsHostname)(TCN_STDARGS, jlong sock, - jbyteArray buf, jint offset, jint tosend) - { - return NULL; - } - */ - TCN_IMPLEMENT_CALL(jint, SSLExt, debug)(TCN_STDARGS, jlong tcsock) { tcn_socket_t *s = J2P(tcsock, tcn_socket_t *); @@ -484,7 +469,6 @@ TCN_IMPLEMENT_CALL( jbyteArray, SSLExt, return (jint)-APR_ENOTIMPL; } -#ifdef EXP_TICKETS TCN_IMPLEMENT_CALL( jint, SSLExt, getTicket)(TCN_STDARGS, jlong tcsock, jbyteArray buf) { return (jint)-APR_ENOTIMPL; @@ -499,7 +483,6 @@ TCN_IMPLEMENT_CALL( jint, SSLExt, setTic { return (jint)-APR_ENOTIMPL; } -#endif TCN_IMPLEMENT_CALL( jint, SSLExt, sslSetMode)(TCN_STDARGS, jlong tc_ssl_ctx, jint mode) { @@ -514,9 +497,12 @@ TCN_IMPLEMENT_CALL(jint, SSLExt, setSNI) { tcn_socket_t *s = J2P(tcsock, tcn_socket_t *); tcn_ssl_conn_t *tcssl = (tcn_ssl_conn_t *)s->opaque; - unsigned char bytes[len]; + unsigned char bytes[TCN_BUFFER_SZ]; const unsigned char *bytesp = &bytes[0]; + if (len > TCN_BUFFER_SZ) { + return -1; + } (*e)->GetByteArrayRegion(e, buf, 0, len, bytes); SSL_set_tlsext_host_name(tcssl->ssl, &bytesp); return 0; @@ -609,7 +595,7 @@ TCN_IMPLEMENT_CALL(jint, SSLExt, getNPN) #else -TCN_IMPLEMENT_CALL(jlong, SSLExt, setNPN)(TCN_STDARGS, jlong tc_ssl_ctx, +TCN_IMPLEMENT_CALL(jint, SSLExt, setNPN)(TCN_STDARGS, jlong tc_ssl_ctx, jbyteArray buf, jint len) { return (jint)-APR_ENOTIMPL; --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org