* hkp.c (parse_hkp_index): Don't leak memory when failing out of a bad HKP

keyserver. * g10.c (add_notation_data): Relax slightly the rules as to what can go into a notation name - 2440 allows "@", for example.
2024-07-01 02:42:44 +02:00 · 2002-06-19 21:46:56 +00:00 · 2002-06-19 21:46:56 +00:00 · a4d654c548
commit a4d654c548
parent f383c7c810
3 changed files with 18 additions and 20 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,11 @@
+2002-06-19  David Shaw  <dshaw@jabberwocky.com>
+
+	* hkp.c (parse_hkp_index): Don't leak memory when failing out of a
+	bad HKP keyserver.
+
+	* g10.c (add_notation_data): Relax slightly the rules as to what
+	can go into a notation name - 2440 allows "@", for example.
+
 2002-06-17  David Shaw  <dshaw@jabberwocky.com>

 	* import.c (clean_subkeys, import_one): Only allow at most 1
--- a/g10/g10.c
+++ b/g10/g10.c
@ -2460,7 +2460,6 @@ static void
 add_notation_data( const char *string, int which )
 {
    const char *s;
-    const char *s2;
    STRLIST sl,*notation_data;
    int critical=0;
    int highbit=0;
@ -2474,26 +2473,15 @@ add_notation_data( const char *string, int which )
 	critical = 1;
 	string++;
    }
-    s = string;

-    if( !*s || (*s & 0x80) || (!isalpha(*s) && *s != '_') ) {
-	log_error(_("the first character of a notation name "
-		    "must be a letter or an underscore\n") );
-	return;
-    }
-    for(s++; *s != '='; s++ ) {
-	if( !*s || (*s & 0x80) || (!isalnum(*s) && *s != '_' && *s != '.' ) ) {
-	    log_error(_("a notation name must have only letters, "
-			"digits, dots or underscores and end with an '='\n") );
+    for( s=string ; *s != '='; s++ ) {
+	if( !*s || (*s & 0x80) || (!isgraph(*s) && !isspace(*s)) ) {
+	    log_error(_("a notation name must have only printable characters "
+			"or spaces, and end with an '='\n") );
 	    return;
 	}
    }
-    if( s[-1] == '.' || ((s2=strstr(string, "..")) && s2 < s ) ) {
-	log_error(_("dots in a notation name must be surrounded "
-		    "by other characters\n") );
-	return;
-    }
-    /* we do only support printabe text - therefore we enforce the use
+    /* we only support printable text - therefore we enforce the use
     * of only printable characters (an empty value is valid) */
    for( s++; *s ; s++ ) {
 	if( iscntrl(*s) ) {
--- a/g10/hkp.c
+++ b/g10/hkp.c
@ -260,11 +260,11 @@ static int
 parse_hkp_index(IOBUF buffer,char *line)
 {
  static int open=0,revoked=0;
-  static char *key;
+  static char *key=NULL;
 #ifdef __riscos__
-  static char *uid;
+  static char *uid=NULL;
 #else
-  static unsigned char *uid;
+  static unsigned char *uid=NULL;
 #endif
  static u32 bits,createtime;
  int ret=0;
@ -278,6 +278,8 @@ parse_hkp_index(IOBUF buffer,char *line)
     ascii_memcasecmp(line,"pub  ",5)!=0 &&
     ascii_memcasecmp(line,"     ",5)!=0)
    {
+      m_free(key);
+      m_free(uid);
      log_error(_("this keyserver is not fully HKP compatible\n"));
      return -1;
    }