sm: Fix issuer certificate look error due to legacy error code.

* sm/certchain.c (find_up): Get rid of the legacy return code -1 and chnage var name rc to err. (gpgsm_walk_cert_chain): Change var name rc to err. (do_validate_chain): Get rid of the legacy return code -1. * sm/keydb.c (keydb_search): Replace return code -1 by GPG_ERR_NOT_FOUND. (keydb_set_cert_flags): Replace return code -1 by GPG_ERR_NOT_FOUND. * sm/certchain.c (find_up_search_by_keyid): Ditto. (find_up_external, find_up, find_up_dirmngr): Ditto. (gpgsm_walk_cert_chain): Ditto. (get_regtp_ca_info): Ditto. * sm/certlist.c (gpgsm_add_to_certlist): Ditto. (gpgsm_find_cert): Ditto. * sm/delete.c (delete_one): Ditto. * sm/export.c (gpgsm_export): Ditto. (gpgsm_p12_export): Ditto. * sm/import.c (gpgsm_import_files): Ditto. * sm/keylist.c (list_cert_colon): Ditto. (list_internal_keys): Ditto. * sm/sign.c (add_certificate_list): Ditto. -- This bug was detected while fixing GnuPG-bug-id: 4757 Backported-from-master: 473b83d1b9 Some extra code has been taken from commit ed6ebb696e
2025-07-03 22:56:33 +02:00 · 2021-02-25 09:00:38 +01:00 · 2021-02-25 09:00:38 +01:00 · 332098a0f7
commit 332098a0f7
parent d6aa8bcbbb
8 changed files with 115 additions and 101 deletions
--- a/sm/keydb.c
+++ b/sm/keydb.c
@ -941,9 +941,10 @@ keydb_search (ctrl_t ctrl, KEYDB_HANDLE hd,
  rc = lock_all (hd);
  if (rc)
    return rc;
-  rc = -1;
+  rc = gpg_error (GPG_ERR_EOF);

-  while (rc == -1 && hd->current >= 0 && hd->current < hd->used)
+  while (gpg_err_code (rc) == GPG_ERR_EOF
+         && hd->current >= 0 && hd->current < hd->used)
    {
      switch (hd->active[hd->current].type)
        {
@ -954,9 +955,11 @@ keydb_search (ctrl_t ctrl, KEYDB_HANDLE hd,
          rc = keybox_search (hd->active[hd->current].u.kr, desc, ndesc,
                              KEYBOX_BLOBTYPE_X509,
                              NULL, &skipped);
+          if (rc == -1) /* Map legacy code.  */
+            rc = gpg_error (GPG_ERR_EOF);
          break;
        }
-      if (rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF)
+      if (gpg_err_code (rc) == GPG_ERR_EOF)
        { /* EOF -> switch to next resource */
          hd->current++;
        }
@ -964,6 +967,10 @@ keydb_search (ctrl_t ctrl, KEYDB_HANDLE hd,
        hd->found = hd->current;
    }

+  /* The NOTHING_FOUND error is triggered by a NEXT command.  */
+  if (gpg_err_code (rc) == GPG_ERR_EOF
+      || gpg_err_code (rc) == GPG_ERR_NOTHING_FOUND)
+    rc = gpg_error (GPG_ERR_NOT_FOUND);
  return rc;
 }

@ -1102,7 +1109,7 @@ keydb_store_cert (ctrl_t ctrl, ksba_cert_t cert, int ephemeral, int *existed)
    return rc;

  rc = keydb_search_fpr (ctrl, kh, fpr);
-  if (rc != -1)
+  if (gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
    {
      keydb_release (kh);
      if (!rc)
@ -1194,9 +1201,7 @@ keydb_set_cert_flags (ctrl_t ctrl, ksba_cert_t cert, int ephemeral,
  err = keydb_search_fpr (ctrl, kh, fpr);
  if (err)
    {
-      if (err == -1)
-        err = gpg_error (GPG_ERR_NOT_FOUND);
-      else
+      if (gpg_err_code (err) != gpg_error (GPG_ERR_NOT_FOUND))
        log_error (_("problem re-searching certificate: %s\n"),
                   gpg_strerror (err));
      keydb_release (kh);
@ -1313,7 +1318,7 @@ keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names)
            }
        }
    }
-  if (rc && rc != -1)
+  if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
    log_error ("%s failed: %s\n", __func__, gpg_strerror (rc));

 leave: