diff options
| author | David Shaw <[email protected]> | 2004-01-12 04:09:37 +0000 |
|---|---|---|
| committer | David Shaw <[email protected]> | 2004-01-12 04:09:37 +0000 |
| commit | 580faa8675add423c87ad785cd5316305698c2ea (patch) | |
| tree | 74a2526c322c7fab7e2e778c4410d30d42f95598 | |
| parent | * configure.ac: Include stdio.h when checking for bzlib.h. Solaris 9 has a (diff) | |
| download | gnupg-580faa8675add423c87ad785cd5316305698c2ea.tar.gz gnupg-580faa8675add423c87ad785cd5316305698c2ea.zip | |
* gpgkeys_hkp.c (search_key): Catch a mangled input file (useful if
something other than GnuPG is calling the program). (main): Avoid possible
pre-string write. Noted by Christian Biere.
* gpgkeys_ldap.c (main): Avoid possible pre-string write.
| -rw-r--r-- | keyserver/ChangeLog | 9 | ||||
| -rw-r--r-- | keyserver/gpgkeys_hkp.c | 11 | ||||
| -rw-r--r-- | keyserver/gpgkeys_ldap.c | 7 |
3 files changed, 22 insertions, 5 deletions
diff --git a/keyserver/ChangeLog b/keyserver/ChangeLog index eb760be79..cb4670ce0 100644 --- a/keyserver/ChangeLog +++ b/keyserver/ChangeLog @@ -1,3 +1,12 @@ +2004-01-11 David Shaw <[email protected]> + + * gpgkeys_hkp.c (search_key): Catch a mangled input file (useful + if something other than GnuPG is calling the program). + (main): Avoid possible pre-string write. Noted by Christian + Biere. + + * gpgkeys_ldap.c (main): Avoid possible pre-string write. + 2003-12-28 David Shaw <[email protected]> * gpgkeys_hkp.c (send_key, get_key, main): Work with new HTTP code diff --git a/keyserver/gpgkeys_hkp.c b/keyserver/gpgkeys_hkp.c index 25c47d256..698425ada 100644 --- a/keyserver/gpgkeys_hkp.c +++ b/keyserver/gpgkeys_hkp.c @@ -653,6 +653,12 @@ search_key(char *searchkey) skey++; } + if(!search) + { + fprintf(console,"gpgkeys: corrupt input?\n"); + return -1; + } + search[len]='\0'; fprintf(console,("gpgkeys: searching for \"%s\" from HKP server %s\n"), @@ -939,7 +945,7 @@ main(int argc,char *argv[]) break; else { - if(line[0]=='\n') + if(line[0]=='\n' || line[0]=='\0') break; work=malloc(sizeof(struct keylist)); @@ -1069,7 +1075,8 @@ main(int argc,char *argv[]) } /* Nail that last space */ - searchkey[strlen(searchkey)-1]='\0'; + if(*searchkey) + searchkey[strlen(searchkey)-1]='\0'; if(search_key(searchkey)!=KEYSERVER_OK) failed++; diff --git a/keyserver/gpgkeys_ldap.c b/keyserver/gpgkeys_ldap.c index 7847292c5..8dd0f0244 100644 --- a/keyserver/gpgkeys_ldap.c +++ b/keyserver/gpgkeys_ldap.c @@ -548,7 +548,7 @@ search_key(char *searchkey) LDAPMessage *res,*each; int err,count=0; struct keylist *dupelist=NULL; - /* The maxium size of the search, including the optional stuff and + /* The maximum size of the search, including the optional stuff and the trailing \0 */ char search[2+12+MAX_LINE+2+15+14+1+1]; char *attrs[]={"pgpcertid","pgpuserid","pgprevoked","pgpdisabled", @@ -962,7 +962,7 @@ main(int argc,char *argv[]) break; else { - if(line[0]=='\n') + if(line[0]=='\n' || line[0]=='\0') break; work=malloc(sizeof(struct keylist)); @@ -1160,7 +1160,8 @@ main(int argc,char *argv[]) } /* Nail that last "*" */ - searchkey[strlen(searchkey)-1]='\0'; + if(*searchkey) + searchkey[strlen(searchkey)-1]='\0'; if(search_key(searchkey)!=KEYSERVER_OK) failed++; |