Fixed bug#907.

Fixed a segv in keybox and made it more robust.
2024-12-22 10:19:57 +01:00 · 2008-05-06 14:03:36 +00:00 · 2008-05-06 14:03:36 +00:00 · 4254e90426
commit 4254e90426
parent 67e0a7e732
39 changed files with 10743 additions and 9955 deletions
--- a/2
+++ b/2
@ -131,4 +131,6 @@
  our design goal to allow changing the locale without changing
  gpg-agent's default locale (e.g. by the command updatestartuptty).

+* RFC 4387: Operational Protocols: Certificate Store Access via HTTP
+  Do we support this?

--- a/autogen.sh
+++ b/autogen.sh
@ -93,6 +93,7 @@ if test "$1" = "--build-w32"; then
 	     --with-zlib=${w32root} \
 	     --with-regex=${w32root} \
             --with-pth-prefix=${w32root} \
+             --with-adns=${w32root}
             --without-included-gettext "$@"
    rc=$?
    exit $rc
--- a/configure.ac
+++ b/configure.ac
@ -847,6 +847,8 @@ if test "$have_adns" = "yes"; then
  ADNSLIBS="-ladns" 
 fi
 AC_SUBST(ADNSLIBS)
+# Newer adns versions feature a free function to be used under W32.
+AC_CHECK_FUNCS(adns_free)


 #
--- a/kbx/ChangeLog
+++ b/kbx/ChangeLog
@ -1,3 +1,12 @@
+2008-05-06  Werner Koch  <wk@g10code.com>
+
+	* keybox-file.c (_keybox_read_blob2): Return GPG_ERR_TOO_SHORT if
+	we get an EOF for 2nd to 5th byte as a better error message.
+
+	Always use gpg_error_from_syserror and gpg_err_code_from_syserror.
+	This is to avoid cases where we expect an error but due to an
+	errno set to 0 we get back a success status.
+
 2008-04-01  Werner Koch  <wk@g10code.com>

 	* keybox-init.c (keybox_new, keybox_release): Track used handles.
--- a/kbx/keybox-blob.c
+++ b/kbx/keybox-blob.c
@ -685,7 +685,7 @@ create_blob_finish (KEYBOXBLOB blob)

  pp = xtrymalloc (n);
  if ( !pp )
-    return gpg_error (gpg_err_code_from_errno (errno));
+    return gpg_error_from_syserror ();
  memcpy (pp , p, n);
  blob->blob = pp;
  blob->bloblen = n;
@ -706,7 +706,7 @@ _keybox_create_pgp_blob (KEYBOXBLOB *r_blob, KBNODE keyblock, int as_ephemeral)
  *r_blob = NULL;
  blob = xtrycalloc (1, sizeof *blob);
  if (!blob)
-    return gpg_error (gpg_err_code_from_errno (errno));
+    return gpg_error_from_syserror ();

  /* fixme: Do some sanity checks on the keyblock */

@ -838,7 +838,7 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert,
  *r_blob = NULL;
  blob = xtrycalloc (1, sizeof *blob);
  if( !blob )
-    return gpg_error (gpg_err_code_from_errno (errno));
+    return gpg_error_from_syserror ();

  sn = ksba_cert_get_serial (cert);
  if (sn)
@ -873,7 +873,7 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert,
  names = xtrymalloc (max_names * sizeof *names);
  if (!names)
    {
-      rc = gpg_error (gpg_err_code_from_errno (errno));
+      rc = gpg_error_from_syserror ();
      goto leave;
    }
  
@ -894,7 +894,7 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert,
          tmp = xtryrealloc (names, max_names * sizeof *names);
          if (!tmp)
            {
-              rc = gpg_error (gpg_err_code_from_errno (errno));
+              rc = gpg_error_from_syserror ();
              goto leave;
            }
        }
@ -985,7 +985,7 @@ _keybox_new_blob (KEYBOXBLOB *r_blob,
  *r_blob = NULL;
  blob = xtrycalloc (1, sizeof *blob);
  if (!blob)
-    return gpg_error (gpg_err_code_from_errno (errno));
+    return gpg_error_from_syserror ();

  blob->blob = image;
  blob->bloblen = imagelen;
--- a/kbx/keybox-file.c
+++ b/kbx/keybox-file.c
@ -58,7 +58,7 @@ _keybox_read_blob2 (KEYBOXBLOB *r_blob, FILE *fp, int *skipped_deleted)
  *r_blob = NULL;
  off = ftello (fp);
  if (off == (off_t)-1)
-    return gpg_error (gpg_err_code_from_errno (errno));
+    return gpg_error_from_syserror ();

  if ((c1 = getc (fp)) == EOF
      || (c2 = getc (fp)) == EOF
@ -68,7 +68,9 @@ _keybox_read_blob2 (KEYBOXBLOB *r_blob, FILE *fp, int *skipped_deleted)
    {
      if ( c1 == EOF && !ferror (fp) )
        return -1; /* eof */
-      return gpg_error (gpg_err_code_from_errno (errno));
+      if (!ferror (fp))
+        return gpg_error (GPG_ERR_TOO_SHORT);
+      return gpg_error_from_syserror ();
    }

  imagelen = (c1 << 24) | (c2 << 16) | (c3 << 8 ) | c4;
@ -82,26 +84,26 @@ _keybox_read_blob2 (KEYBOXBLOB *r_blob, FILE *fp, int *skipped_deleted)
    {
      /* Special treatment for empty blobs. */
      if (fseek (fp, imagelen-5, SEEK_CUR))
-        return gpg_error (gpg_err_code_from_errno (errno));
+        return gpg_error_from_syserror ();
      *skipped_deleted = 1;
      goto again;
    }

  image = xtrymalloc (imagelen);
  if (!image) 
-    return gpg_error (gpg_err_code_from_errno (errno));
+    return gpg_error_from_syserror ();

  image[0] = c1; image[1] = c2; image[2] = c3; image[3] = c4; image[4] = type;
  if (fread (image+5, imagelen-5, 1, fp) != 1)
    {
-      gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
+      gpg_error_t tmperr = gpg_error_from_syserror ();
      xfree (image);
      return tmperr;
    }
  
  rc = r_blob? _keybox_new_blob (r_blob, image, imagelen, off) : 0;
  if (rc || !r_blob)
-        xfree (image);
+    xfree (image);
  return rc;
 }

@ -122,7 +124,7 @@ _keybox_write_blob (KEYBOXBLOB blob, FILE *fp)

  image = _keybox_get_blob_image (blob, &length);
  if (fwrite (image, length, 1, fp) != 1)
-    return gpg_error (gpg_err_code_from_errno (errno));
+    return gpg_error_from_syserror ();
  return 0;
 }

@ -154,7 +156,7 @@ _keybox_write_header_blob (FILE *fp)
  image[20+3] = (val      );

  if (fwrite (image, 32, 1, fp) != 1)
-    return gpg_error (gpg_err_code_from_errno (errno));
+    return gpg_error_from_syserror ();
  return 0;
 }

--- a/kbx/keybox-search.c
+++ b/kbx/keybox-search.c
@ -735,7 +735,7 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
        {
          sn_array = xtrycalloc (ndesc, sizeof *sn_array);
          if (!sn_array)
-            return (hd->error = gpg_error (gpg_err_code_from_errno (errno)));
+            return (hd->error = gpg_error_from_syserror ());
        }
    }

@ -744,7 +744,7 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
      hd->fp = fopen (hd->kb->fname, "rb");
      if (!hd->fp)
        {
-          hd->error = gpg_error (gpg_err_code_from_errno (errno));
+          hd->error = gpg_error_from_syserror ();
          xfree (sn_array);
          return hd->error;
        }
@ -776,7 +776,7 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
              sn_array[n].sn = xtrymalloc (snlen);
              if (!sn_array[n].sn)
                {
-                  hd->error = gpg_error (gpg_err_code_from_errno (errno));
+                  hd->error = gpg_error_from_syserror ();
                  release_sn_array (sn_array, n);
                  return hd->error;
                }
@ -800,7 +800,7 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
              sn_array[n].sn = xtrymalloc (snlen);
              if (!sn_array[n].sn)
                {
-                  hd->error = gpg_error (gpg_err_code_from_errno (errno));
+                  hd->error = gpg_error_from_syserror ();
                  release_sn_array (sn_array, n);
                  return hd->error;
                }
--- a/kbx/keybox-update.c
+++ b/kbx/keybox-update.c
@ -82,14 +82,14 @@ create_tmp_file (const char *template,
    {
      bakfname = xtrymalloc (strlen (template) + 1);
      if (!bakfname)
-        return gpg_error (gpg_err_code_from_errno (errno));
+        return gpg_error_from_syserror ();
      strcpy (bakfname, template);
      strcpy (bakfname+strlen(template)-4, EXTSEP_S "bak");
      
      tmpfname = xtrymalloc (strlen (template) + 1);
      if (!tmpfname)
        {
-          gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
+          gpg_error_t tmperr = gpg_error_from_syserror ();
          xfree (bakfname);
          return tmperr;
        }
@ -100,13 +100,13 @@ create_tmp_file (const char *template,
    { /* File does not end with kbx; hmmm. */
      bakfname = xtrymalloc ( strlen (template) + 5);
      if (!bakfname)
-        return gpg_error (gpg_err_code_from_errno (errno));
+        return gpg_error_from_syserror ();
      strcpy (stpcpy (bakfname, template), EXTSEP_S "bak");
      
      tmpfname = xtrymalloc ( strlen (template) + 5);
      if (!tmpfname)
        {
-          gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
+          gpg_error_t tmperr = gpg_error_from_syserror ();
          xfree (bakfname);
          return tmperr;
        }
@ -115,13 +115,13 @@ create_tmp_file (const char *template,
 # else /* Posix file names */
  bakfname = xtrymalloc (strlen (template) + 2);
  if (!bakfname)
-    return gpg_error (gpg_err_code_from_errno (errno));
+    return gpg_error_from_syserror ();
  strcpy (stpcpy (bakfname,template),"~");
  
  tmpfname = xtrymalloc ( strlen (template) + 5);
  if (!tmpfname)
    {
-      gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
+      gpg_error_t tmperr = gpg_error_from_syserror ();
      xfree (bakfname);
      return tmperr;
    }
@ -131,7 +131,7 @@ create_tmp_file (const char *template,
  *r_fp = fopen (tmpfname, "wb");
  if (!*r_fp)
    {
-      gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
+      gpg_error_t tmperr = gpg_error_from_syserror ();
      xfree (tmpfname);
      xfree (bakfname);
      return tmperr;
@ -175,7 +175,7 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
 #endif
      if (rename (fname, bakfname) )
        {
-          return gpg_error (gpg_err_code_from_errno (errno));
+          return gpg_error_from_syserror ();
 	}
    }
  
@ -185,7 +185,7 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
 #endif
  if (rename (tmpfname, fname) )
    {
-      rc = gpg_error (gpg_err_code_from_errno (errno));
+      rc = gpg_error_from_syserror ();
      if (secret)
        {
 /*            log_info ("WARNING: 2 files with confidential" */
@ -221,7 +221,7 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
  /* Open the source file. Because we do a rename, we have to check the 
     permissions of the file */
  if (access (fname, W_OK))
-    return gpg_error (gpg_err_code_from_errno (errno));
+    return gpg_error_from_syserror ();

  fp = fopen (fname, "rb");
  if (mode == 1 && !fp && errno == ENOENT)
@ -230,7 +230,7 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
         Create a new keybox file. */
      newfp = fopen (fname, "wb");
      if (!newfp )
-        return gpg_error (gpg_err_code_from_errno (errno));
+        return gpg_error_from_syserror ();

      rc = _keybox_write_header_blob (newfp);
      if (rc)
@ -241,7 +241,7 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
        return rc;

      if ( fclose (newfp) )
-        return gpg_error (gpg_err_code_from_errno (errno));
+        return gpg_error_from_syserror ();

 /*        if (chmod( fname, S_IRUSR | S_IWUSR )) */
 /*          { */
@ -253,7 +253,7 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,

  if (!fp)
    {
-      rc = gpg_error (gpg_err_code_from_errno (errno));
+      rc = gpg_error_from_syserror ();
      goto leave;
    }

@ -273,13 +273,13 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
        {
          if (fwrite (buffer, nread, 1, newfp) != 1)
            {
-              rc = gpg_error (gpg_err_code_from_errno (errno));
+              rc = gpg_error_from_syserror ();
              goto leave;
            }
        }
      if (ferror (fp))
        {
-          rc = gpg_error (gpg_err_code_from_errno (errno));
+          rc = gpg_error_from_syserror ();
          goto leave;
        }
    }
@ -302,13 +302,13 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
          
          if (fwrite (buffer, nread, 1, newfp) != 1)
            {
-              rc = gpg_error (gpg_err_code_from_errno (errno));
+              rc = gpg_error_from_syserror ();
              goto leave;
            }
        }
      if (ferror (fp))
        {
-          rc = gpg_error (gpg_err_code_from_errno (errno));
+          rc = gpg_error_from_syserror ();
          goto leave;
        }
      
@ -333,13 +333,13 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
        {
          if (fwrite (buffer, nread, 1, newfp) != 1)
            {
-              rc = gpg_error (gpg_err_code_from_errno (errno));
+              rc = gpg_error_from_syserror ();
              goto leave;
            }
        }
      if (ferror (fp))
        {
-          rc = gpg_error (gpg_err_code_from_errno (errno));
+          rc = gpg_error_from_syserror ();
          goto leave;
        }
    }
@ -347,13 +347,13 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
  /* Close both files. */
  if (fclose(fp))
    {
-      rc = gpg_error (gpg_err_code_from_errno (errno));
+      rc = gpg_error_from_syserror ();
      fclose (newfp);
      goto leave;
    }
  if (fclose(newfp))
    {
-      rc = gpg_error (gpg_err_code_from_errno (errno));
+      rc = gpg_error_from_syserror ();
      goto leave;
    }

@ -452,11 +452,11 @@ keybox_set_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int value)
  _keybox_close_file (hd);
  fp = fopen (hd->kb->fname, "r+b");
  if (!fp)
-    return gpg_error (gpg_err_code_from_errno (errno));
+    return gpg_error_from_syserror ();

  ec = 0;
  if (fseeko (fp, off, SEEK_SET))
-    ec = gpg_error (gpg_err_code_from_errno (errno));
+    ec = gpg_error_from_syserror ();
  else
    {
      unsigned char tmp[4];
@ -472,7 +472,7 @@ keybox_set_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int value)
        case 2:
        case 4:
          if (fwrite (tmp+4-flag_size, flag_size, 1, fp) != 1)
-            ec = gpg_err_code_from_errno (errno);
+            ec = gpg_err_code_from_syserror ();
          break;
        default:
          ec = GPG_ERR_BUG;
@ -483,7 +483,7 @@ keybox_set_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int value)
  if (fclose (fp))
    {
      if (!ec)
-        ec = gpg_err_code_from_errno (errno);
+        ec = gpg_err_code_from_syserror ();
    }

  return gpg_error (ec);
@ -517,19 +517,19 @@ keybox_delete (KEYBOX_HANDLE hd)
  _keybox_close_file (hd);
  fp = fopen (hd->kb->fname, "r+b");
  if (!fp)
-    return gpg_error (gpg_err_code_from_errno (errno));
+    return gpg_error_from_syserror ();

  if (fseeko (fp, off, SEEK_SET))
-    rc = gpg_error (gpg_err_code_from_errno (errno));
+    rc = gpg_error_from_syserror ();
  else if (putc (0, fp) == EOF)
-    rc = gpg_error (gpg_err_code_from_errno (errno));
+    rc = gpg_error_from_syserror ();
  else
    rc = 0;

  if (fclose (fp))
    {
      if (!rc)
-        rc = gpg_error (gpg_err_code_from_errno (errno));
+        rc = gpg_error_from_syserror ();
    }

  return rc;
@ -567,14 +567,14 @@ keybox_compress (KEYBOX_HANDLE hd)
  /* Open the source file. Because we do a rename, we have to check the 
     permissions of the file */
  if (access (fname, W_OK))
-    return gpg_error (gpg_err_code_from_errno (errno));
+    return gpg_error_from_syserror ();

  fp = fopen (fname, "rb");
  if (!fp && errno == ENOENT)
    return 0; /* Ready. File has been deleted right after the access above. */
  if (!fp)
    {
-      rc = gpg_error (gpg_err_code_from_errno (errno));
+      rc = gpg_error_from_syserror ();
      return rc;
    }

@ -695,9 +695,9 @@ keybox_compress (KEYBOX_HANDLE hd)

  /* Close both files. */
  if (fclose(fp) && !rc)
-    rc = gpg_error (gpg_err_code_from_errno (errno));
+    rc = gpg_error_from_syserror ();
  if (fclose(newfp) && !rc)
-    rc = gpg_error (gpg_err_code_from_errno (errno));
+    rc = gpg_error_from_syserror ();

  /* Rename or remove the temporary file. */
  if (rc || !any_changes)
--- a/keyserver/gpgkeys_kdns.c
+++ b/keyserver/gpgkeys_kdns.c
@ -29,6 +29,9 @@
 #include <assert.h>
 #ifdef HAVE_ADNS_H
 # include <adns.h>
+# ifndef HAVE_ADNS_FREE
+#  define adns_free free
+# endif
 #endif

 #define INCLUDED_BY_MAIN_MODULE 1
@ -175,7 +178,7 @@ get_key (adns_state adns_ctx, char *address)
    fprintf (output, "\nNAME %s FAILED %d\n", address, ret);
  else
    fprintf (output, "\nNAME %s END\n", address);
-  free (answer);  /* (Right, this is free and not xfree.) */
+  adns_free (answer); 
  xfree (name);
  return ret;
 }
--- a/po/ChangeLog
+++ b/po/ChangeLog
@ -1,3 +1,7 @@
+2008-05-01  Werner Koch  <wk@g10code.com>
+
+	* de.po: Typo fix.
+
 2008-03-26  Jedi Lin <Jedi@Jedi.org>  (wk)

 	* zh_TW.po: Update.
--- a/po/be.po
+++ b/po/be.po
--- a/po/ca.po
+++ b/po/ca.po
--- a/po/cs.po
+++ b/po/cs.po
--- a/po/da.po
+++ b/po/da.po
--- a/po/de.po
+++ b/po/de.po
--- a/po/el.po
+++ b/po/el.po
--- a/po/eo.po
+++ b/po/eo.po
--- a/po/es.po
+++ b/po/es.po
--- a/po/et.po
+++ b/po/et.po
--- a/po/fi.po
+++ b/po/fi.po
--- a/po/fr.po
+++ b/po/fr.po
--- a/po/gl.po
+++ b/po/gl.po
--- a/po/hu.po
+++ b/po/hu.po
--- a/po/id.po
+++ b/po/id.po
--- a/po/it.po
+++ b/po/it.po
--- a/po/ja.po
+++ b/po/ja.po
--- a/po/nb.po
+++ b/po/nb.po
--- a/po/pl.po
+++ b/po/pl.po
--- a/po/pt.po
+++ b/po/pt.po
--- a/po/pt_BR.po
+++ b/po/pt_BR.po
--- a/po/ro.po
+++ b/po/ro.po
--- a/po/ru.po
+++ b/po/ru.po
--- a/po/sk.po
+++ b/po/sk.po
--- a/po/sv.po
+++ b/po/sv.po
--- a/po/tr.po
+++ b/po/tr.po
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
--- a/po/zh_TW.po
+++ b/po/zh_TW.po
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@ -1,3 +1,8 @@
+2008-05-06  Werner Koch  <wk@g10code.com>
+
+	* keylist.c (list_external_keys): Ignore NOT FOUND error code.
+	This is bug#907.
+
 2008-04-23  Werner Koch  <wk@g10code.com>

 	* certchain.c (find_up): Make correct C89 code.  Declare variable
--- a/sm/keylist.c
+++ b/sm/keylist.c
@ -1383,6 +1383,9 @@ list_external_keys (ctrl_t ctrl, strlist_t names, estream_t fp, int raw_mode)
  parm.raw_mode  = raw_mode;

  rc = gpgsm_dirmngr_lookup (ctrl, names, 0, list_external_cb, &parm);
+  if (gpg_err_code (rc) == GPG_ERR_EOF || rc == -1 
+      || gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
+    rc = 0; /* "Not found" is not an error here. */
  if (rc)
    log_error ("listing external keys failed: %s\n", gpg_strerror (rc));
  return rc;