security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-02 22:38:02 +02:00
Code Activity

Re-indented dns-cert.c

Browse Source
This commit is contained in:
Werner Koch 2011-11-28 18:35:19 +01:00
parent f95cb909ba
commit 295b9e29c5
1 changed files with 104 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

207
common/dns-cert.c
View File

@ -56,8 +56,8 @@
found with a supported type; it is expected that only one CERT found with a supported type; it is expected that only one CERT
record is used. */ record is used. */
int int
get_dns_cert (const char *name, size_t max_size, IOBUF *iobuf, get_dns_cert (const char *name, size_t max_size, IOBUF * iobuf,
unsigned char **fpr, size_t *fpr_len, char **url) unsigned char **fpr, size_t * fpr_len, char **url)
{ {
#ifdef USE_DNS_CERT #ifdef USE_DNS_CERT
#ifdef USE_ADNS #ifdef USE_ADNS
@ -92,7 +92,7 @@ get_dns_cert (const char *name, size_t max_size, IOBUF *iobuf,
return 0; return 0;
} }
for (rc = 0, count=0; !rc && count < answer->nrrs; count++) for (rc = 0, count = 0; !rc && count < answer->nrrs; count++)
{ {
int datalen = answer->rrs.byteblock[count].len; int datalen = answer->rrs.byteblock[count].len;
const unsigned char *data = answer->rrs.byteblock[count].data; const unsigned char *data = answer->rrs.byteblock[count].data;
@ -100,7 +100,7 @@ get_dns_cert (const char *name, size_t max_size, IOBUF *iobuf,
if (datalen < 5) if (datalen < 5)
continue; /* Truncated CERT record - skip. */ continue; /* Truncated CERT record - skip. */
ctype = ((data[0]<<8)|data[1]); ctype = ((data[0] << 8) | data[1]);
/* (key tag and algorithm fields are not required.) */ /* (key tag and algorithm fields are not required.) */
data += 5; data += 5;
datalen -= 5; datalen -= 5;
@ -109,11 +109,11 @@ get_dns_cert (const char *name, size_t max_size, IOBUF *iobuf,
{ {
/* CERT type is PGP. Gpg checks for a minimum length of 11, /* CERT type is PGP. Gpg checks for a minimum length of 11,
thus we do the same. */ thus we do the same. */
*iobuf = iobuf_temp_with_content ((char*)data, datalen); *iobuf = iobuf_temp_with_content ((char *)data, datalen);
rc = 1; rc = 1;
} }
else if (ctype == 6 && datalen && datalen < 1023 else if (ctype == 6 && datalen && datalen < 1023
&& datalen >= data[0]+1 && fpr && fpr_len && url) && datalen >= data[0] + 1 && fpr && fpr_len && url)
{ {
/* CERT type is IPGP. We made sure tha the data is /* CERT type is IPGP. We made sure tha the data is
plausible and that the caller requested the plausible and that the caller requested the
@ -122,16 +122,16 @@ get_dns_cert (const char *name, size_t max_size, IOBUF *iobuf,
if (*fpr_len) if (*fpr_len)
{ {
*fpr = xmalloc (*fpr_len); *fpr = xmalloc (*fpr_len);
memcpy (*fpr, data+1, *fpr_len); memcpy (*fpr, data + 1, *fpr_len);
} }
else else
*fpr = NULL; *fpr = NULL;
if (datalen > *fpr_len + 1) if (datalen > *fpr_len + 1)
{ {
*url = xmalloc (datalen - (*fpr_len+1) + 1); *url = xmalloc (datalen - (*fpr_len + 1) + 1);
memcpy (*url, data + (*fpr_len+1), datalen - (*fpr_len+1)); memcpy (*url, data + (*fpr_len + 1), datalen - (*fpr_len + 1));
(*url)[datalen - (*fpr_len+1)] = '\0'; (*url)[datalen - (*fpr_len + 1)] = '\0';
} }
else else
*url = NULL; *url = NULL;
@ -147,137 +147,138 @@ get_dns_cert (const char *name, size_t max_size, IOBUF *iobuf,
#else /*!USE_ADNS*/ #else /*!USE_ADNS*/
unsigned char *answer; unsigned char *answer;
int r,ret=-1; int ret = -1;
int r;
u16 count; u16 count;
if(fpr) if (fpr)
*fpr=NULL; *fpr = NULL;
if(url) if (url)
*url=NULL; *url = NULL;
answer=xmalloc(max_size); answer = xmalloc (max_size);
r=res_query(name,C_IN,T_CERT,answer,max_size); r = res_query (name, C_IN, T_CERT, answer, max_size);
/* Not too big, not too small, no errors and at least 1 answer. */ /* Not too big, not too small, no errors and at least 1 answer. */
if(r>=sizeof(HEADER) && r<=max_size if (r >= sizeof (HEADER) && r <= max_size
&& (((HEADER *)answer)->rcode)==NOERROR && (((HEADER *) answer)->rcode) == NOERROR
&& (count=ntohs(((HEADER *)answer)->ancount))) && (count = ntohs (((HEADER *) answer)->ancount)))
{ {
int rc; int rc;
unsigned char *pt,*emsg; unsigned char *pt, *emsg;
emsg=&answer[r]; emsg = &answer[r];
pt=&answer[sizeof(HEADER)]; pt = &answer[sizeof (HEADER)];
/* Skip over the query */ /* Skip over the query */
rc=dn_skipname(pt,emsg); rc = dn_skipname (pt, emsg);
if(rc==-1) if (rc == -1)
goto fail; goto fail;
pt+=rc+QFIXEDSZ; pt += rc + QFIXEDSZ;
/* There are several possible response types for a CERT request. /* There are several possible response types for a CERT request.
We're interested in the PGP (a key) and IPGP (a URI) types. We're interested in the PGP (a key) and IPGP (a URI) types.
Skip all others. TODO: A key is better than a URI since Skip all others. TODO: A key is better than a URI since
we've gone through all this bother to fetch it, so favor that we've gone through all this bother to fetch it, so favor that
if we have both PGP and IPGP? */ if we have both PGP and IPGP? */
while(count-->0 && pt<emsg) while (count-- > 0 && pt < emsg)
{ {
u16 type,class,dlen,ctype; u16 type, class, dlen, ctype;
rc=dn_skipname(pt,emsg); /* the name we just queried for */ rc = dn_skipname (pt, emsg); /* the name we just queried for */
if(rc==-1) if (rc == -1)
break; break;
pt+=rc; pt += rc;
/* Truncated message? 15 bytes takes us to the point where /* Truncated message? 15 bytes takes us to the point where
we start looking at the ctype. */ we start looking at the ctype. */
if((emsg-pt)<15) if ((emsg - pt) < 15)
break; break;
type=*pt++ << 8; type = *pt++ << 8;
type|=*pt++; type |= *pt++;
class=*pt++ << 8; class = *pt++ << 8;
class|=*pt++; class |= *pt++;
/* We asked for IN and got something else !? */ /* We asked for IN and got something else !? */
if(class!=C_IN) if (class != C_IN)
break; break;
/* ttl */ /* ttl */
pt+=4; pt += 4;
/* data length */ /* data length */
dlen=*pt++ << 8; dlen = *pt++ << 8;
dlen|=*pt++; dlen |= *pt++;
/* We asked for CERT and got something else - might be a /* We asked for CERT and got something else - might be a
CNAME, so loop around again. */ CNAME, so loop around again. */
if(type!=T_CERT) if (type != T_CERT)
{ {
pt+=dlen; pt += dlen;
continue; continue;
} }
/* The CERT type */ /* The CERT type */
ctype=*pt++ << 8; ctype = *pt++ << 8;
ctype|=*pt++; ctype |= *pt++;
/* Skip the CERT key tag and algo which we don't need. */ /* Skip the CERT key tag and algo which we don't need. */
pt+=3; pt += 3;
dlen-=5; dlen -= 5;
/* 15 bytes takes us to here */ /* 15 bytes takes us to here */
if(ctype==3 && iobuf && dlen) if (ctype == 3 && iobuf && dlen)
{ {
/* PGP type */ /* PGP type */
*iobuf=iobuf_temp_with_content((char *)pt,dlen); *iobuf = iobuf_temp_with_content ((char *) pt, dlen);
ret=1; ret = 1;
break; break;
} }
else if(ctype==6 && dlen && dlen<1023 && dlen>=pt[0]+1 else if (ctype == 6 && dlen && dlen < 1023 && dlen >= pt[0] + 1
&& fpr && fpr_len && url) && fpr && fpr_len && url)
{ {
/* IPGP type */ /* IPGP type */
*fpr_len=pt[0]; *fpr_len = pt[0];
if(*fpr_len) if (*fpr_len)
{ {
*fpr=xmalloc(*fpr_len); *fpr = xmalloc (*fpr_len);
memcpy(*fpr,&pt[1],*fpr_len); memcpy (*fpr, &pt[1], *fpr_len);
} }
else else
*fpr=NULL; *fpr = NULL;
if(dlen>*fpr_len+1) if (dlen > *fpr_len + 1)
{ {
*url=xmalloc(dlen-(*fpr_len+1)+1); *url = xmalloc (dlen - (*fpr_len + 1) + 1);
memcpy(*url,&pt[*fpr_len+1],dlen-(*fpr_len+1)); memcpy (*url, &pt[*fpr_len + 1], dlen - (*fpr_len + 1));
(*url)[dlen-(*fpr_len+1)]='\0'; (*url)[dlen - (*fpr_len + 1)] = '\0';
} }
else else
*url=NULL; *url = NULL;
ret=2; ret = 2;
break; break;
} }
/* Neither type matches, so go around to the next answer. */ /* Neither type matches, so go around to the next answer. */
pt+=dlen; pt += dlen;
} }
} }
fail: fail:
xfree(answer); xfree (answer);
return ret; return ret;
#endif /*!USE_ADNS*/ #endif /*!USE_ADNS */
#else /* !USE_DNS_CERT */ #else /* !USE_DNS_CERT */
(void)name; (void)name;
(void)max_size; (void)max_size;