From 23e102f2e7a8e27a513c52758a43245ac23efb41 Mon Sep 17 00:00:00 2001 From: David Shaw Date: Sat, 6 Dec 2003 01:41:00 +0000 Subject: [PATCH] * gpgkeys_ldap.c (main): Avoid possible pre-string write. * gpgkeys_hkp.c (parse_hkp_index, dehtmlize): Fix memory corruption bug on some platforms. From devel. (search_key): Catch a mangled input file (useful if something other than GnuPG is calling the program). (main): Avoid possible pre-string write. Noted by Christian Biere. --- keyserver/ChangeLog | 11 +++++++++++ keyserver/gpgkeys_hkp.c | 15 ++++++++++++--- keyserver/gpgkeys_ldap.c | 7 ++++--- 3 files changed, 27 insertions(+), 6 deletions(-) diff --git a/keyserver/ChangeLog b/keyserver/ChangeLog index 4fcaa74c7..04702fa3e 100644 --- a/keyserver/ChangeLog +++ b/keyserver/ChangeLog @@ -1,3 +1,14 @@ +2003-12-05 David Shaw + + * gpgkeys_ldap.c (main): Avoid possible pre-string write. + + * gpgkeys_hkp.c (parse_hkp_index, dehtmlize): Fix memory + corruption bug on some platforms. From devel. + (search_key): Catch a mangled input file (useful if something + other than GnuPG is calling the program). + (main): Avoid possible pre-string write. Noted by Christian + Biere. + 2003-11-27 Werner Koch * gpgkeys_hkp.c (get_key): Fixed bad use of fprintf w/o format diff --git a/keyserver/gpgkeys_hkp.c b/keyserver/gpgkeys_hkp.c index 92aa05800..72fa61ef9 100644 --- a/keyserver/gpgkeys_hkp.c +++ b/keyserver/gpgkeys_hkp.c @@ -362,6 +362,8 @@ dehtmlize(char *line) while(isspace(((unsigned char *)parsed)[parsedindex])) { parsed[parsedindex]='\0'; + if(parsedindex==0) + break; parsedindex--; } } @@ -479,7 +481,7 @@ parse_hkp_index(IOBUF buffer,char *line) line+=4; tok=strsep(&line,"/"); - if(tok==NULL) + if(tok==NULL || strlen(tok)==0) return ret; if(tok[strlen(tok)-1]=='R') @@ -576,6 +578,12 @@ int search_key(char *searchkey) request++; } + if(!search) + { + fprintf(console,"gpgkeys: corrupt input?\n"); + return -1; + } + search[len]='\0'; fprintf(console,("gpgkeys: searching for \"%s\" from HKP server %s\n"), @@ -827,7 +835,7 @@ int main(int argc,char *argv[]) break; else { - if(line[0]=='\n') + if(line[0]=='\n' || line[0]=='\0') break; work=malloc(sizeof(struct keylist)); @@ -953,7 +961,8 @@ int main(int argc,char *argv[]) } /* Nail that last space */ - searchkey[strlen(searchkey)-1]='\0'; + if(*searchkey) + searchkey[strlen(searchkey)-1]='\0'; if(search_key(searchkey)==-1) { diff --git a/keyserver/gpgkeys_ldap.c b/keyserver/gpgkeys_ldap.c index f0015ff53..963503cf5 100644 --- a/keyserver/gpgkeys_ldap.c +++ b/keyserver/gpgkeys_ldap.c @@ -467,7 +467,7 @@ int search_key(char *searchkey) char **vals; LDAPMessage *res,*each; int err,count; - /* The maxium size of the search, including the optional stuff and + /* The maximum size of the search, including the optional stuff and the trailing \0 */ char search[2+12+MAX_LINE+2+15+14+1+1]; char *attrs[]={"pgpcertid","pgpuserid","pgprevoked","pgpdisabled", @@ -782,7 +782,7 @@ int main(int argc,char *argv[]) break; else { - if(line[0]=='\n') + if(line[0]=='\n' || line[0]=='\0') break; work=malloc(sizeof(struct keylist)); @@ -968,7 +968,8 @@ int main(int argc,char *argv[]) } /* Nail that last "*" */ - searchkey[strlen(searchkey)-1]='\0'; + if(*searchkey) + searchkey[strlen(searchkey)-1]='\0'; if(search_key(searchkey)==-1) {