security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-02-22 19:58:29 +01:00
Code Activity

* gpgkeys_hkp.c (send_key, get_key, search_key): Check return

Browse Source 
value of malloc.
(dehtmlize): Use ascii_tolower to protect against weird locales.
Cast the argument for isspace for the sake of broken HP/UXes.
(search_key): Check return value of realloc.
This commit is contained in:
Werner Koch 2002-09-10 08:28:40 +00:00
parent d6a87e6b28
commit 92f8a5d12a
2 changed files with 40 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
keyserver/ChangeLog
View File

@ -1,3 +1,11 @@
2002-09-09 Werner Koch <wk@gnupg.org>
* gpgkeys_hkp.c (send_key, get_key, search_key): Check return
value of malloc.
(dehtmlize): Use ascii_tolower to protect against weird locales.
Cast the argument for isspace for the sake of broken HP/UXes.
(search_key): Check return value of realloc.
2002-09-09 David Shaw <dshaw@jabberwocky.com> 2002-09-09 David Shaw <dshaw@jabberwocky.com>
* gpgkeys_ldap.c (get_key): Some compilers (RISC OS, HPUX c89) * gpgkeys_ldap.c (get_key): Some compilers (RISC OS, HPUX c89)
@ -7,7 +15,7 @@
2002-08-28 David Shaw <dshaw@jabberwocky.com> 2002-08-28 David Shaw <dshaw@jabberwocky.com>
* gpgkeys_hkp.c: (parse_hkp_index): Use same types on all * gpgkeys_hkp.c (parse_hkp_index): Use same types on all
platforms. This was probably leftover from earlier code where the platforms. This was probably leftover from earlier code where the
typing mattered. typing mattered.

42
keyserver/gpgkeys_hkp.c
View File

@ -84,6 +84,11 @@ int send_key(void)
char line[MAX_LINE]; char line[MAX_LINE];
request=malloc(strlen(host)+100); request=malloc(strlen(host)+100);
if(!request)
{
fprintf(console,"gpgkeys: out of memory\n");
return -1;
}
iobuf_push_filter(temp,urlencode_filter,NULL); iobuf_push_filter(temp,urlencode_filter,NULL);
@ -223,6 +228,11 @@ int get_key(char *getkey)
getkey,host,port[0]?":":"",port[0]?port:""); getkey,host,port[0]?":":"",port[0]?port:"");
request=malloc(strlen(host)+100); request=malloc(strlen(host)+100);
if(!request)
{
fprintf(console,"gpgkeys: out of memory\n");
return -1;
}
sprintf(request,"x-hkp://%s%s%s/pks/lookup?op=get&search=%s", sprintf(request,"x-hkp://%s%s%s/pks/lookup?op=get&search=%s",
host,port[0]?":":"",port[0]?port:"", search); host,port[0]?":":"",port[0]?port:"", search);
@ -288,25 +298,25 @@ dehtmlize(char *line)
break; break;
case '&': case '&':
if((*(line+1)!='\0' && tolower(*(line+1))=='l') && if((*(line+1)!='\0' && ascii_tolower(*(line+1))=='l') &&
(*(line+2)!='\0' && tolower(*(line+2))=='t') && (*(line+2)!='\0' && ascii_tolower(*(line+2))=='t') &&
(*(line+3)!='\0' && *(line+3)==';')) (*(line+3)!='\0' && *(line+3)==';'))
{ {
parsed[parsedindex++]='<'; parsed[parsedindex++]='<';
line+=4; line+=4;
break; break;
} }
else if((*(line+1)!='\0' && tolower(*(line+1))=='g') && else if((*(line+1)!='\0' && ascii_tolower(*(line+1))=='g') &&
(*(line+2)!='\0' && tolower(*(line+2))=='t') && (*(line+2)!='\0' && ascii_tolower(*(line+2))=='t') &&
(*(line+3)!='\0' && *(line+3)==';')) (*(line+3)!='\0' && *(line+3)==';'))
{ {
parsed[parsedindex++]='>'; parsed[parsedindex++]='>';
line+=4; line+=4;
break; break;
} }
else if((*(line+1)!='\0' && tolower(*(line+1))=='a') && else if((*(line+1)!='\0' && ascii_tolower(*(line+1))=='a') &&
(*(line+2)!='\0' && tolower(*(line+2))=='m') && (*(line+2)!='\0' && ascii_tolower(*(line+2))=='m') &&
(*(line+3)!='\0' && tolower(*(line+3))=='p') && (*(line+3)!='\0' && ascii_tolower(*(line+3))=='p') &&
(*(line+4)!='\0' && *(line+4)==';')) (*(line+4)!='\0' && *(line+4)==';'))
{ {
parsed[parsedindex++]='&'; parsed[parsedindex++]='&';
@ -329,7 +339,7 @@ dehtmlize(char *line)
if(parsedindex>0) if(parsedindex>0)
{ {
parsedindex--; parsedindex--;
while(isspace(parsed[parsedindex])) while(isspace(((unsigned char *)parsed)[parsedindex]))
{ {
parsed[parsedindex]='\0'; parsed[parsedindex]='\0';
parsedindex--; parsedindex--;
@ -393,8 +403,8 @@ parse_hkp_index(IOBUF buffer,char *line)
response. This only complains about problems within the key response. This only complains about problems within the key
section itself. Headers and footers should not matter. */ section itself. Headers and footers should not matter. */
if(open && line[0]!='\0' && if(open && line[0]!='\0' &&
ascii_memcasecmp(line,"pub ",4)!=0 && ascii_strncasecmp(line,"pub ",4)!=0 &&
ascii_memcasecmp(line," ",4)!=0) ascii_strncasecmp(line," ",4)!=0)
{ {
free(key); free(key);
free(uid); free(uid);
@ -440,7 +450,7 @@ parse_hkp_index(IOBUF buffer,char *line)
} }
} }
if(ascii_memcasecmp(line,"pub ",4)==0) if(ascii_strncasecmp(line,"pub ",4)==0)
{ {
char *tok,*temp; char *tok,*temp;
@ -527,6 +537,11 @@ int search_key(char *searchkey)
{ {
max+=100; max+=100;
search=realloc(search,max+1); /* Note +1 for \0 */ search=realloc(search,max+1); /* Note +1 for \0 */
if (!search)
{
fprintf(console,"gpgkeys: out of memory\n");
return -1;
}
} }
if(isalnum(*request) || *request=='-') if(isalnum(*request) || *request=='-')
@ -548,6 +563,11 @@ int search_key(char *searchkey)
searchkey,host); searchkey,host);
request=malloc(strlen(host)+100+strlen(search)); request=malloc(strlen(host)+100+strlen(search));
if(!request)
{
fprintf(console,"gpgkeys: out of memory\n");
return -1;
}
sprintf(request,"x-hkp://%s%s%s/pks/lookup?op=index&search=%s", sprintf(request,"x-hkp://%s%s%s/pks/lookup?op=index&search=%s",
host,port[0]?":":"",port[0]?port:"",search); host,port[0]?":":"",port[0]?port:"",search);