security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-13 22:21:09 +02:00
Code Activity

dirmngr: Change DNS code to make additions easier.

Browse Source 
* dirmngr/dns-cert.c (get_dns_cert) [!USE_ADNS]: Change loop to allow
adding more resource types.
This commit is contained in:
Werner Koch 2015-10-06 17:34:13 +02:00
parent 7faf45effc
commit 6cf80dc77e
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 71 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
dirmngr/dns-cert.c
View File

@ -53,7 +53,7 @@
/* Not every installation has gotten around to supporting CERTs /* Not every installation has gotten around to supporting CERTs
yet... */ yet... */
#ifndef T_CERT #ifndef T_CERT
#define T_CERT 37 # define T_CERT 37
#endif #endif
/* ADNS has no support for CERT yet. */ /* ADNS has no support for CERT yet. */
@ -69,7 +69,7 @@
string and returned at R_URL. If WANT_CERTTYPE is 0 this function string and returned at R_URL. If WANT_CERTTYPE is 0 this function
returns the first CERT found with a supported type; it is expected returns the first CERT found with a supported type; it is expected
that only one CERT record is used. If WANT_CERTTYPE is one of the that only one CERT record is used. If WANT_CERTTYPE is one of the
supported certtypes only records wih this certtype are considered supported certtypes only records with this certtype are considered
and the first found is returned. (R_KEY,R_KEYLEN) are optional. */ and the first found is returned. (R_KEY,R_KEYLEN) are optional. */
gpg_error_t gpg_error_t
get_dns_cert (const char *name, int want_certtype, get_dns_cert (const char *name, int want_certtype,
@ -282,83 +282,85 @@ get_dns_cert (const char *name, int want_certtype,
dlen = buf16_to_u16 (pt); dlen = buf16_to_u16 (pt);
pt += 2; pt += 2;
/* We asked for CERT and got something else - might be a /* Check the type and parse. */
CNAME, so loop around again. */ if (type == T_CERT)
if (type != T_CERT)
{ {
pt += dlen; /* We got a CERT type. */
continue; ctype = buf16_to_u16 (pt);
} pt += 2;
/* The CERT type */ /* Skip the CERT key tag and algo which we don't need. */
ctype = buf16_to_u16 (pt); pt += 3;
pt += 2;
/* Skip the CERT key tag and algo which we don't need. */ dlen -= 5;
pt += 3;
dlen -= 5; /* 15 bytes takes us to here */
if (want_certtype && want_certtype != ctype)
/* 15 bytes takes us to here */ ; /* Not of the requested certtype. */
if (want_certtype && want_certtype != ctype) else if (ctype == DNS_CERTTYPE_PGP && dlen && r_key && r_keylen)
; /* Not of the requested certtype. */
else if (ctype == DNS_CERTTYPE_PGP && dlen && r_key && r_keylen)
{
/* PGP type */
*r_key = xtrymalloc (dlen);
if (!*r_key)
err = gpg_err_make (default_errsource,
gpg_err_code_from_syserror ());
else
{ {
memcpy (*r_key, pt, dlen); /* PGP type */
*r_keylen = dlen; *r_key = xtrymalloc (dlen);
if (!*r_key)
err = gpg_err_make (default_errsource,
gpg_err_code_from_syserror ());
else
{
memcpy (*r_key, pt, dlen);
*r_keylen = dlen;
err = 0;
}
goto leave;
}
else if (ctype == DNS_CERTTYPE_IPGP
&& dlen && dlen < 1023 && dlen >= pt[0] + 1)
{
/* IPGP type */
*r_fprlen = pt[0];
if (*r_fprlen)
{
*r_fpr = xtrymalloc (*r_fprlen);
if (!*r_fpr)
{
err = gpg_err_make (default_errsource,
gpg_err_code_from_syserror ());
goto leave;
}
memcpy (*r_fpr, &pt[1], *r_fprlen);
}
else
*r_fpr = NULL;
if (dlen > *r_fprlen + 1)
{
*r_url = xtrymalloc (dlen - (*r_fprlen + 1) + 1);
if (!*r_fpr)
{
err = gpg_err_make (default_errsource,
gpg_err_code_from_syserror ());
xfree (*r_fpr);
*r_fpr = NULL;
goto leave;
}
memcpy (*r_url, &pt[*r_fprlen + 1],
dlen - (*r_fprlen + 1));
(*r_url)[dlen - (*r_fprlen + 1)] = '\0';
}
else
*r_url = NULL;
err = 0; err = 0;
goto leave;
} }
goto leave;
/* No subtype matches, so continue with the next answer. */
pt += dlen;
} }
else if (ctype == DNS_CERTTYPE_IPGP else
&& dlen && dlen < 1023 && dlen >= pt[0] + 1)
{ {
/* IPGP type */ /* Not a requested type - might be a CNAME. Try next item. */
*r_fprlen = pt[0]; pt += dlen;
if (*r_fprlen)
{
*r_fpr = xtrymalloc (*r_fprlen);
if (!*r_fpr)
{
err = gpg_err_make (default_errsource,
gpg_err_code_from_syserror ());
goto leave;
}
memcpy (*r_fpr, &pt[1], *r_fprlen);
}
else
*r_fpr = NULL;
if (dlen > *r_fprlen + 1)
{
*r_url = xtrymalloc (dlen - (*r_fprlen + 1) + 1);
if (!*r_fpr)
{
err = gpg_err_make (default_errsource,
gpg_err_code_from_syserror ());
xfree (*r_fpr);
*r_fpr = NULL;
goto leave;
}
memcpy (*r_url, &pt[*r_fprlen + 1], dlen - (*r_fprlen + 1));
(*r_url)[dlen - (*r_fprlen + 1)] = '\0';
}
else
*r_url = NULL;
err = 0;
goto leave;
} }
/* Neither type matches, so go around to the next answer. */
pt += dlen;
} }
} }