* gpgkeys_ldap.c (main): Avoid possible pre-string write.

* gpgkeys_hkp.c (parse_hkp_index, dehtmlize): Fix memory corruption bug on some platforms. From devel. (search_key): Catch a mangled input file (useful if something other than GnuPG is calling the program). (main): Avoid possible pre-string write. Noted by Christian Biere.
2025-02-01 16:33:02 +01:00 · 2003-12-06 01:41:00 +00:00 · 2003-12-06 01:41:00 +00:00 · 23e102f2e7
commit 23e102f2e7
parent bb0d9f0658
3 changed files with 27 additions and 6 deletions
--- a/keyserver/ChangeLog
+++ b/keyserver/ChangeLog
@ -1,3 +1,14 @@
+2003-12-05  David Shaw  <dshaw@jabberwocky.com>
+
+	* gpgkeys_ldap.c (main): Avoid possible pre-string write.
+
+	* gpgkeys_hkp.c (parse_hkp_index, dehtmlize): Fix memory
+	corruption bug on some platforms.  From devel.
+	(search_key): Catch a mangled input file (useful if something
+	other than GnuPG is calling the program).
+	(main): Avoid possible pre-string write.  Noted by Christian
+	Biere.
+
 2003-11-27  Werner Koch  <wk@gnupg.org>

 	* gpgkeys_hkp.c (get_key): Fixed bad use of fprintf w/o format
--- a/keyserver/gpgkeys_hkp.c
+++ b/keyserver/gpgkeys_hkp.c
@ -362,6 +362,8 @@ dehtmlize(char *line)
      while(isspace(((unsigned char *)parsed)[parsedindex]))
 	{
 	  parsed[parsedindex]='\0';
+	  if(parsedindex==0)
+	    break;
 	  parsedindex--;
 	}
    }
@ -479,7 +481,7 @@ parse_hkp_index(IOBUF buffer,char *line)
      line+=4;

      tok=strsep(&line,"/");
-      if(tok==NULL)
+      if(tok==NULL || strlen(tok)==0)
 	return ret;

      if(tok[strlen(tok)-1]=='R')
@ -576,6 +578,12 @@ int search_key(char *searchkey)
      request++;
    }

+  if(!search)
+    {
+      fprintf(console,"gpgkeys: corrupt input?\n");
+      return -1;
+    }
+
  search[len]='\0';

  fprintf(console,("gpgkeys: searching for \"%s\" from HKP server %s\n"),
@ -827,7 +835,7 @@ int main(int argc,char *argv[])
 	    break;
 	  else
 	    {
-	      if(line[0]=='\n')
+	      if(line[0]=='\n' || line[0]=='\0')
 		break;

 	      work=malloc(sizeof(struct keylist));
@ -953,7 +961,8 @@ int main(int argc,char *argv[])
 	  }

 	/* Nail that last space */
-	searchkey[strlen(searchkey)-1]='\0';
+	if(*searchkey)
+	  searchkey[strlen(searchkey)-1]='\0';

 	if(search_key(searchkey)==-1)
 	  {
--- a/keyserver/gpgkeys_ldap.c
+++ b/keyserver/gpgkeys_ldap.c
@ -467,7 +467,7 @@ int search_key(char *searchkey)
  char **vals;
  LDAPMessage *res,*each;
  int err,count;
-  /* The maxium size of the search, including the optional stuff and
+  /* The maximum size of the search, including the optional stuff and
     the trailing \0 */
  char search[2+12+MAX_LINE+2+15+14+1+1];
  char *attrs[]={"pgpcertid","pgpuserid","pgprevoked","pgpdisabled",
@ -782,7 +782,7 @@ int main(int argc,char *argv[])
 	    break;
 	  else
 	    {
-	      if(line[0]=='\n')
+	      if(line[0]=='\n' || line[0]=='\0')
 		break;

 	      work=malloc(sizeof(struct keylist));
@ -968,7 +968,8 @@ int main(int argc,char *argv[])
 	  }

 	/* Nail that last "*" */
-	searchkey[strlen(searchkey)-1]='\0';
+	if(*searchkey)
+	  searchkey[strlen(searchkey)-1]='\0';

 	if(search_key(searchkey)==-1)
 	  {