dirmngr: Minor fix for baseDN fallback.

* dirmngr/ks-engine-ldap.c (my_ldap_connect): Avoid passing data behind the EOS. (interrogate_ldap_dn): Stylistic change. -- This also updates the my_ldap_connect description. GnuPG-bug-id: 6047 (cherry picked from commit 11aa5a93a754fe978d0f35d7fbeb4767b6b6df05)
2025-03-21 21:39:58 +01:00 · 2022-09-29 15:59:43 +02:00 · 2022-09-29 15:59:43 +02:00 · 4cf8dc2d96
commit 4cf8dc2d96
parent 73cc5e073c
1 changed files with 20 additions and 37 deletions
--- a/dirmngr/ks-engine-ldap.c
+++ b/dirmngr/ks-engine-ldap.c
@ -304,7 +304,10 @@ interrogate_ldap_dn (LDAP *ldap_conn, const char *basedn_search,
  int is_gnupg = 0;
  char *basedn = NULL;
  char *attr2[] = { "pgpBaseKeySpaceDN", "pgpVersion", "pgpSoftware", NULL };
-  char *object = xasprintf ("cn=pgpServerInfo,%s", basedn_search);
+  char *object;
  object = xasprintf ("cn=pgpServerInfo,%s", basedn_search);
  npth_unprotect ();
  lerr = ldap_search_s (ldap_conn, object, LDAP_SCOPE_BASE,
@ -360,40 +363,21 @@ interrogate_ldap_dn (LDAP *ldap_conn, const char *basedn_search,
 /* Connect to an LDAP server and interrogate it.
-
+ *
-     - uri describes the server to connect to and various options
+ * URI describes the server to connect to and various options
-       including whether to use TLS and the username and password (see
+ * including whether to use TLS and the username and password (see
-       ldap_parse_uri for a description of the various fields).
+ * ldap_parse_uri for a description of the various fields).
-
+ *
-   This function returns:
+ * Returns: The ldap connection handle in *LDAP_CONNP, R_BASEDN is set
-
+ * to the base DN for the PGP key space, several flags will be stored
-     - The ldap connection handle in *LDAP_CONNP.
+ * at SERVERINFO, If you pass NULL, then the value won't be returned.
-
+ * It is the caller's responsibility to release *LDAP_CONNP with
-     - The base DN for the PGP key space by querying the
+ * ldap_unbind and to xfree *BASEDNP.  On error these variables are
-       pgpBaseKeySpaceDN attribute (This is normally
+ * cleared.
-       'ou=PGP Keys,dc=EXAMPLE,dc=ORG').
+ *
-
+ * Note: On success, you still need to check that *BASEDNP is valid.
-     - The attribute to lookup to find the pgp key.  This is either
+ * If it is NULL, then the server does not appear to be an OpenPGP
-       'pgpKey' or 'pgpKeyV2'.
+ * keyserver.  */
     - Whether this is a real ldap server.  (It's unclear what this
       exactly means.)
   The values are returned in the passed variables.  If you pass NULL,
   then the value won't be returned.  It is the caller's
   responsibility to release *LDAP_CONNP with ldap_unbind and xfree
   *BASEDNP.
   If this function successfully interrogated the server, it returns
   0.  If there was an LDAP error, it returns the LDAP error code.  If
   an error occurred, *basednp, etc., are undefined (and don't need to
   be freed.)
   R_SERVERINFO receives information about the server.
   If no LDAP error occurred, you still need to check that *basednp is
   valid.  If it is NULL, then the server does not appear to be an
   OpenPGP Keyserver.  */
 static gpg_error_t
 my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
                 char **r_basedn, char **r_host, int *r_use_tls,
@ -453,7 +437,6 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
  if (!port)
    port = use_tls == 2? 636 : 389;
  if (host)
    {
      host = xtrystrdup (host);
@ -665,7 +648,7 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
      if (!basedn)
        {
          const char *basedn_parent = strchr (user_basedn, ',');
-          if (basedn_parent)
+          if (basedn_parent && *basedn_parent)
            basedn = interrogate_ldap_dn (ldap_conn, basedn_parent + 1,
                                          r_serverinfo);
        }