From: Marcel Holtmann <marcel@holtmann.org>
To: ell@lists.linux.dev
Cc: andrew.zaborowski@intel.com
Subject: [PATCH 1/3] tls: Make mask parameter in l_tls_set_domain_mask() const
Date: Tue, 3 Jan 2023 23:02:48 +0100 [thread overview]
Message-ID: <20230103220250.717876-1-marcel@holtmann.org> (raw)
While using l_strv_copy and const char ** is a problem, it is a problem
of the C language and should not affect public API. The public API
should make it clear that a string array is not going to be modified by
that function by making it const. Also allowing to feed a const string
array to that function is useful. The required casting is pushed into
the implementation.
In addition check if the struct l_tls object is valid.
---
ell/tls.c | 8 +++++---
ell/tls.h | 2 +-
unit/test-tls.c | 32 ++++++++++++++++++--------------
3 files changed, 24 insertions(+), 18 deletions(-)
diff --git a/ell/tls.c b/ell/tls.c
index 207f6c3ae40f..330ad4841e25 100644
--- a/ell/tls.c
+++ b/ell/tls.c
@@ -3786,11 +3786,13 @@ LIB_EXPORT void l_tls_set_version_range(struct l_tls *tls,
* beginning of the mask matches one or more consecutive labels from
* the beginning of the domain string.
*/
-LIB_EXPORT void l_tls_set_domain_mask(struct l_tls *tls, char **mask)
+LIB_EXPORT void l_tls_set_domain_mask(struct l_tls *tls, const char **mask)
{
- l_strv_free(tls->subject_mask);
+ if (!tls)
+ return;
- tls->subject_mask = l_strv_copy(mask);
+ l_strv_free(tls->subject_mask);
+ tls->subject_mask = l_strv_copy((char **) mask);
}
/**
diff --git a/ell/tls.h b/ell/tls.h
index 6964380ab84f..cca8792a3262 100644
--- a/ell/tls.h
+++ b/ell/tls.h
@@ -127,7 +127,7 @@ void l_tls_set_version_range(struct l_tls *tls,
enum l_tls_version min_version,
enum l_tls_version max_version);
-void l_tls_set_domain_mask(struct l_tls *tls, char **mask);
+void l_tls_set_domain_mask(struct l_tls *tls, const char **mask);
void l_tls_set_session_cache(struct l_tls *tls, struct l_settings *settings,
const char *group_prefix, uint64_t lifetime,
diff --git a/unit/test-tls.c b/unit/test-tls.c
index e0898593536d..b981f577d5eb 100644
--- a/unit/test-tls.c
+++ b/unit/test-tls.c
@@ -374,7 +374,7 @@ struct tls_conn_test {
const char *client_ca_cert_path;
const char *client_expect_identity;
const char **client_cipher_suites;
- char **client_domain_mask;
+ const char **client_domain_mask;
bool expect_alert;
bool expect_client_start_fail;
enum l_tls_alert_desc alert_desc;
@@ -736,7 +736,9 @@ static const struct tls_conn_test tls_conn_test_domain_match1 = {
.client_ca_cert_path = CERTDIR "cert-ca.pem",
.client_expect_identity = "/O=Bar Example Organization"
"/CN=Bar Example Organization/emailAddress=bar@mail.example",
- .client_domain_mask = (char *[]) { "Bar Example Organization", NULL },
+ .client_domain_mask = (const char *[]) {
+ "Bar Example Organization", NULL
+ },
};
static const struct tls_conn_test tls_conn_test_domain_match2 = {
@@ -750,7 +752,7 @@ static const struct tls_conn_test tls_conn_test_domain_match2 = {
.client_ca_cert_path = CERTDIR "cert-ca.pem",
.client_expect_identity = "/O=Bar Example Organization"
"/CN=Bar Example Organization/emailAddress=bar@mail.example",
- .client_domain_mask = (char *[]) {
+ .client_domain_mask = (const char *[]) {
"Bar Example Organization", "Foo Example Organization", NULL
},
};
@@ -766,7 +768,7 @@ static const struct tls_conn_test tls_conn_test_domain_match3 = {
.client_ca_cert_path = CERTDIR "cert-ca.pem",
.client_expect_identity = "/O=Bar Example Organization"
"/CN=Bar Example Organization/emailAddress=bar@mail.example",
- .client_domain_mask = (char *[]) {
+ .client_domain_mask = (const char *[]) {
"Foo Example Organization", "Bar Example Organization", NULL
},
};
@@ -782,7 +784,7 @@ static const struct tls_conn_test tls_conn_test_domain_match4 = {
.client_ca_cert_path = CERTDIR "cert-ca.pem",
.client_expect_identity = "/O=Bar Example Organization"
"/CN=Bar Example Organization/emailAddress=bar@mail.example",
- .client_domain_mask = (char *[]) { "*", NULL },
+ .client_domain_mask = (const char *[]) { "*", NULL },
};
static const struct tls_conn_test tls_conn_test_domain_match5 = {
@@ -796,7 +798,7 @@ static const struct tls_conn_test tls_conn_test_domain_match5 = {
.client_ca_cert_path = CERTDIR "cert-ca.pem",
.client_expect_identity = "/O=Foo Example Organization"
"/CN=Foo Example Organization/emailAddress=foo@mail.example",
- .client_domain_mask = (char *[]) { "foo.int.com", NULL },
+ .client_domain_mask = (const char *[]) { "foo.int.com", NULL },
};
static const struct tls_conn_test tls_conn_test_domain_match6 = {
@@ -810,7 +812,7 @@ static const struct tls_conn_test tls_conn_test_domain_match6 = {
.client_ca_cert_path = CERTDIR "cert-ca.pem",
.client_expect_identity = "/O=Foo Example Organization"
"/CN=Foo Example Organization/emailAddress=foo@mail.example",
- .client_domain_mask = (char *[]) { "*.*", NULL },
+ .client_domain_mask = (const char *[]) { "*.*", NULL },
};
static const struct tls_conn_test tls_conn_test_domain_match7 = {
@@ -824,7 +826,7 @@ static const struct tls_conn_test tls_conn_test_domain_match7 = {
.client_ca_cert_path = CERTDIR "cert-ca.pem",
.client_expect_identity = "/O=Foo Example Organization"
"/CN=Foo Example Organization/emailAddress=foo@mail.example",
- .client_domain_mask = (char *[]) { "*.*.*", NULL },
+ .client_domain_mask = (const char *[]) { "*.*.*", NULL },
};
static const struct tls_conn_test tls_conn_test_domain_mismatch1 = {
@@ -838,7 +840,7 @@ static const struct tls_conn_test tls_conn_test_domain_mismatch1 = {
.client_ca_cert_path = CERTDIR "cert-ca.pem",
.client_expect_identity = "/O=Bar Example Organization"
"/CN=Bar Example Organization/emailAddress=bar@mail.example",
- .client_domain_mask = (char *[]) { "", NULL },
+ .client_domain_mask = (const char *[]) { "", NULL },
.expect_alert = true,
.alert_desc = TLS_ALERT_BAD_CERT,
};
@@ -854,7 +856,9 @@ static const struct tls_conn_test tls_conn_test_domain_mismatch2 = {
.client_ca_cert_path = CERTDIR "cert-ca.pem",
.client_expect_identity = "/O=Bar Example Organization"
"/CN=Bar Example Organization/emailAddress=bar@mail.example",
- .client_domain_mask = (char *[]) { "Foo Example Organization", NULL },
+ .client_domain_mask = (const char *[]) {
+ "Foo Example Organization", NULL
+ },
.expect_alert = true,
.alert_desc = TLS_ALERT_BAD_CERT,
};
@@ -870,7 +874,7 @@ static const struct tls_conn_test tls_conn_test_domain_mismatch3 = {
.client_ca_cert_path = CERTDIR "cert-ca.pem",
.client_expect_identity = "/O=Bar Example Organization"
"/CN=Bar Example Organization/emailAddress=bar@mail.example",
- .client_domain_mask = (char *[]) {
+ .client_domain_mask = (const char *[]) {
"Bar Example Organization.com", NULL
},
.expect_alert = true,
@@ -888,7 +892,7 @@ static const struct tls_conn_test tls_conn_test_domain_mismatch4 = {
.client_ca_cert_path = CERTDIR "cert-ca.pem",
.client_expect_identity = "/O=Bar Example Organization"
"/CN=Bar Example Organization/emailAddress=bar@mail.example",
- .client_domain_mask = (char *[]) {
+ .client_domain_mask = (const char *[]) {
"Bar Example Organization.*", NULL
},
.expect_alert = true,
@@ -906,7 +910,7 @@ static const struct tls_conn_test tls_conn_test_domain_mismatch5 = {
.client_ca_cert_path = CERTDIR "cert-ca.pem",
.client_expect_identity = "/O=Bar Example Organization"
"/CN=Bar Example Organization/emailAddress=bar@mail.example",
- .client_domain_mask = (char *[]) {
+ .client_domain_mask = (const char *[]) {
"*.Bar Example Organization", NULL
},
.expect_alert = true,
@@ -924,7 +928,7 @@ static const struct tls_conn_test tls_conn_test_domain_mismatch6 = {
.client_ca_cert_path = CERTDIR "cert-ca.pem",
.client_expect_identity = "/O=Foo Example Organization"
"/CN=Foo Example Organization/emailAddress=foo@mail.example",
- .client_domain_mask = (char *[]) {
+ .client_domain_mask = (const char *[]) {
"foo.*", NULL
},
.expect_alert = true,
--
2.39.0
reply other threads:[~2023-01-03 22:02 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230103220250.717876-1-marcel@holtmann.org \
--to=marcel@holtmann.org \
--cc=andrew.zaborowski@intel.com \
--cc=ell@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).