From 5e6d360596efbf7d1c6008a8c8fbe60de7e40cba Mon Sep 17 00:00:00 2001 From: David Shaw Date: Mon, 2 May 2005 00:46:39 +0000 Subject: [PATCH] * gpgkeys_hkp.c, gpgkeys_oldhkp.c, ksutil.h: Some minor cleanup and comments as to the size of MAX_LINE and MAX_URL. --- keyserver/ChangeLog | 5 +++++ keyserver/gpgkeys_hkp.c | 12 +++++++++--- keyserver/gpgkeys_oldhkp.c | 4 ++++ keyserver/ksutil.h | 12 +++++------- 4 files changed, 23 insertions(+), 10 deletions(-) diff --git a/keyserver/ChangeLog b/keyserver/ChangeLog index 3e0e0c7fd..3264b6247 100644 --- a/keyserver/ChangeLog +++ b/keyserver/ChangeLog @@ -1,3 +1,8 @@ +2005-05-01 David Shaw + + * gpgkeys_hkp.c, gpgkeys_oldhkp.c, ksutil.h: Some minor cleanup + and comments as to the size of MAX_LINE and MAX_URL. + 2005-04-16 David Shaw * gpgkeys_hkp.c: New hkp handler that uses curl or curl-shim. diff --git a/keyserver/gpgkeys_hkp.c b/keyserver/gpgkeys_hkp.c index 27e3449c1..a7d7b92be 100644 --- a/keyserver/gpgkeys_hkp.c +++ b/keyserver/gpgkeys_hkp.c @@ -72,7 +72,7 @@ int send_key(int *eof) { CURLcode res; - char request[MAX_URL+100]; + char request[MAX_URL]; int begin=0,end=0,ret=KEYSERVER_INTERNAL_ERROR; char keyid[17]; char line[MAX_LINE]; @@ -80,7 +80,6 @@ send_key(int *eof) size_t keylen=8,keymax=8; key=malloc(9); - strcpy(key,"keytext="); if(!key) { fprintf(console,"gpgkeys: out of memory\n"); @@ -88,6 +87,8 @@ send_key(int *eof) goto fail; } + strcpy(key,"keytext="); + /* Read and throw away input until we see the BEGIN */ while(fgets(line,MAX_LINE,input)!=NULL) @@ -216,6 +217,9 @@ get_key(char *getkey) return KEYSERVER_NOT_SUPPORTED; } + /* Note that the size of request is MAX_URL which already implies a + 1024 byte PATH. MAX_URL+100 is absurdly safe. */ + strcpy(request,"http://"); strcat(request,opt->host); strcat(request,":"); @@ -273,7 +277,9 @@ search_key(char *searchkey) searchkey_encoded=curl_escape(searchkey,0); - request=malloc(MAX_URL+100+strlen(searchkey_encoded)); + /* Note that MAX_URL already implies a 1024 byte PATH, so this is + safe. */ + request=malloc(MAX_URL+strlen(searchkey_encoded)); if(!request) { fprintf(console,"gpgkeys: out of memory\n"); diff --git a/keyserver/gpgkeys_oldhkp.c b/keyserver/gpgkeys_oldhkp.c index fe74f4d28..b29ff2590 100644 --- a/keyserver/gpgkeys_oldhkp.c +++ b/keyserver/gpgkeys_oldhkp.c @@ -37,6 +37,10 @@ #include "keyserver.h" #include "ksutil.h" +#define GET 0 +#define SEND 1 +#define SEARCH 2 + extern char *optarg; extern int optind; diff --git a/keyserver/ksutil.h b/keyserver/ksutil.h index 1b123922b..0001cf318 100644 --- a/keyserver/ksutil.h +++ b/keyserver/ksutil.h @@ -27,13 +27,11 @@ #include #endif -#define GET 0 -#define SEND 1 -#define SEARCH 2 - -/* MAX_LINE must be 1 larger than the largest item we expect to - receive. */ -#define MAX_LINE 1080 +/* MAX_LINE must be at least 1 larger than the largest item we expect + to receive, including the name tag ("COMMAND", "PORT", etc) and + space between. In practice, that means it should be + strlen("OPAQUE")+1+sizeof_opaque+1 */ +#define MAX_LINE (6+1+1024+1) #define MAX_COMMAND 6 #define MAX_OPTION 256