security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

dirmngr: Minor cleanups. 

* dirmngr/ks-engine-ldap.c [__riscos__]: Remove doubled util.h.
(ldap_to_gpg_err): s/GPG_ERR_GENERAL/GPG_ERR_INTERNAL/.
(tm2ldaptime): Use snprintf.
(ldap_connect): Get error code prior to log_error and and use modern
function.   Use xfree, xtrustrdup etc.
(modlist_lookup): Use GNUPG_GCC_A_USED.
(modlist_free): Use xfree.
--

sprintf has been replaced by snprintf to avoid warnings on some
platforms.

xfree et al. is required so that replacement functions are
used if defined.  For example the Libgcrypt functions which may not be
fully compatible with standard free.

Impossible conditions should use GPG_ERR_INTERNAL.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2015-03-25 19:33:59 +01:00
parent 99ef9cd7f5
commit 6c701af121
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 29 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
dirmngr/ks-engine-ldap.c
View File

@ -49,10 +49,6 @@
#include "ks-engine.h"
#include "ldap-parse-uri.h"
#ifdef __riscos__
# include "util.h"
#endif
#ifndef HAVE_TIMEGM
time_t timegm(struct tm *tm);
#endif
@ -220,7 +216,7 @@ ldap_to_gpg_err (LDAP *ld)
#else
/* We should never get here since the LDAP library should always
have either ldap_get_option or ld_errno, but just in case... */
return GPG_ERR_GENERAL;
return GPG_ERR_INTERNAL;
#endif
}
@ -265,7 +261,7 @@ tm2ldaptime (struct tm *tm)
tmp.tm_year += 1900;
tmp.tm_mon ++;
sprintf (buf, "%04d%02d%02d%02d%02d%02dZ",
snprintf (buf, sizeof buf, "%04d%02d%02d%02d%02d%02dZ",
tmp.tm_year,
tmp.tm_mon,
tmp.tm_mday,
@ -435,7 +431,7 @@ keyspec_to_ldap_filter (const char *keyspec, char **filter, int only_exact)
If no LDAP error occured, you still need to check that *basednp is
valid. If it is NULL, then the server does not appear to be an
OpenPGP Keyserver. In this case, you also do not need to free
OpenPGP Keyserver. In this case, you also do not need to xfree
*pgpkeyattrp. */
static int
ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
@ -476,9 +472,9 @@ ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
ldap_conn = ldap_init (uri->host, uri->port);
if (! ldap_conn)
{
err = gpg_err_code_from_syserror ();
log_error ("Failed to open connection to LDAP server (%s://%s:%d)\n",
uri->scheme, uri->host, uri->port);
err = gpg_err_code_from_errno (errno);
goto out;
}
@ -516,7 +512,7 @@ ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
/* XXX: We need an option to determine whether to abort if the
certificate is bad or not. Right now we conservatively
default to checking the certificate and aborting. */
int check_cert = LDAP_OPT_X_TLS_HARD; // LDAP_OPT_X_TLS_NEVER
int check_cert = LDAP_OPT_X_TLS_HARD; /* LDAP_OPT_X_TLS_NEVER */
err = ldap_set_option (ldap_conn,
LDAP_OPT_X_TLS_REQUIRE_CERT, &check_cert);
@ -587,10 +583,13 @@ ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
char **vals;
LDAPMessage *si_res;
char *object = xasprintf ("cn=pgpServerInfo,%s", context[i]);
err = ldap_search_s (ldap_conn, object, LDAP_SCOPE_BASE,
"(objectClass=*)", attr2, 0, &si_res);
free (object);
{
char *object = xasprintf ("cn=pgpServerInfo,%s",
context[i]);
err = ldap_search_s (ldap_conn, object, LDAP_SCOPE_BASE,
"(objectClass=*)", attr2, 0, &si_res);
xfree (object);
}
if (err == LDAP_SUCCESS)
{
@ -598,7 +597,7 @@ ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
"pgpBaseKeySpaceDN");
if (vals)
{
basedn = strdup (vals[0]);
basedn = xtrystrdup (vals[0]);
ldap_value_free (vals);
}
@ -649,7 +648,7 @@ ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
vals = ldap_get_values (ldap_conn, si_res, "baseKeySpaceDN");
if (vals)
{
basedn = strdup (vals[0]);
basedn = xtrystrdup (vals[0]);
ldap_value_free (vals);
}
@ -1361,8 +1360,6 @@ modlist_add (LDAPMod ***modlistp, char *attr, const char *value)
{
modlist[nummods]->mod_values = xmalloc (sizeof(char *) * 2);
/* XXX: Is this the right thing? Can a UTF8-encoded user ID
have embedded nulls? */
modlist[nummods]->mod_values[0] = xstrdup (value);
modlist[nummods]->mod_values[1] = NULL;
}
@ -1394,7 +1391,7 @@ modlist_lookup (LDAPMod **modlist, const char *attr)
/* Dump a modlist to a file. This is useful for debugging. */
static estream_t modlist_dump (LDAPMod **modlist, estream_t output)
__attribute__ ((used));
GNUPG_GCC_A_USED;
static estream_t
modlist_dump (LDAPMod **modlist, estream_t output)
@ -1488,14 +1485,14 @@ modlist_free (LDAPMod **modlist)
if (mod->mod_values)
{
for (ptr = mod->mod_values; *ptr; ptr++)
free (*ptr);
xfree (*ptr);
free (mod->mod_values);
xfree (mod->mod_values);
}
free (mod);
xfree (mod);
}
free (modlist);
xfree (modlist);
}
/* Append two onto the end of one. Two is not freed, but its pointers
@ -1633,7 +1630,8 @@ extract_attributes (LDAPMod ***modlist, char *line)
if (is_pub)
{
int disabled = 0, revoked = 0;
int disabled = 0;
int revoked = 0;
char *flags;
for (flags = fields[1]; *flags; flags ++)
switch (*flags)

10
dirmngr/ldap-parse-uri.c
View File

@ -127,7 +127,7 @@ ldap_parse_uri (parsed_uri_t *purip, const char *uri)
len = 0;
#define add(s) { if (s) len += strlen (s) + 1; }
#define add(s) do { if (s) len += strlen (s) + 1; } while (0)
add (scheme);
add (host);
@ -166,6 +166,11 @@ ldap_parse_uri (parsed_uri_t *purip, const char *uri)
if (password)
{
puri->query = calloc (sizeof (*puri->query), 1);
if (!puri->query)
{
err = gpg_err_code_from_syserror ();
goto out;
}
puri->query->name = "password";
copy (puri->query->value, password);
puri->query->valuelen = strlen (password) + 1;
@ -221,7 +226,8 @@ ldap_escape_filter (const char *filter)
case ')':
case '\\':
case '/':
sprintf (&escaped[escaped_i], "%%%02x", filter[filter_i]);
snprintf (&escaped[escaped_i], 4, "%%%02x",
((const unsigned char *)filter)[filter_i]);
escaped_i += 3;
break;