aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--dirmngr/ks-engine-ldap.c44
-rw-r--r--dirmngr/ldap-parse-uri.c10
2 files changed, 29 insertions, 25 deletions
diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c
index 68a1bb73e..a17a3124e 100644
--- a/dirmngr/ks-engine-ldap.c
+++ b/dirmngr/ks-engine-ldap.c
@@ -49,10 +49,6 @@
#include "ks-engine.h"
#include "ldap-parse-uri.h"
-#ifdef __riscos__
-# include "util.h"
-#endif
-
#ifndef HAVE_TIMEGM
time_t timegm(struct tm *tm);
#endif
@@ -220,7 +216,7 @@ ldap_to_gpg_err (LDAP *ld)
#else
/* We should never get here since the LDAP library should always
have either ldap_get_option or ld_errno, but just in case... */
- return GPG_ERR_GENERAL;
+ return GPG_ERR_INTERNAL;
#endif
}
@@ -265,7 +261,7 @@ tm2ldaptime (struct tm *tm)
tmp.tm_year += 1900;
tmp.tm_mon ++;
- sprintf (buf, "%04d%02d%02d%02d%02d%02dZ",
+ snprintf (buf, sizeof buf, "%04d%02d%02d%02d%02d%02dZ",
tmp.tm_year,
tmp.tm_mon,
tmp.tm_mday,
@@ -435,7 +431,7 @@ keyspec_to_ldap_filter (const char *keyspec, char **filter, int only_exact)
If no LDAP error occured, you still need to check that *basednp is
valid. If it is NULL, then the server does not appear to be an
- OpenPGP Keyserver. In this case, you also do not need to free
+ OpenPGP Keyserver. In this case, you also do not need to xfree
*pgpkeyattrp. */
static int
ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
@@ -476,9 +472,9 @@ ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
ldap_conn = ldap_init (uri->host, uri->port);
if (! ldap_conn)
{
+ err = gpg_err_code_from_syserror ();
log_error ("Failed to open connection to LDAP server (%s://%s:%d)\n",
uri->scheme, uri->host, uri->port);
- err = gpg_err_code_from_errno (errno);
goto out;
}
@@ -516,7 +512,7 @@ ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
/* XXX: We need an option to determine whether to abort if the
certificate is bad or not. Right now we conservatively
default to checking the certificate and aborting. */
- int check_cert = LDAP_OPT_X_TLS_HARD; // LDAP_OPT_X_TLS_NEVER
+ int check_cert = LDAP_OPT_X_TLS_HARD; /* LDAP_OPT_X_TLS_NEVER */
err = ldap_set_option (ldap_conn,
LDAP_OPT_X_TLS_REQUIRE_CERT, &check_cert);
@@ -587,10 +583,13 @@ ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
char **vals;
LDAPMessage *si_res;
- char *object = xasprintf ("cn=pgpServerInfo,%s", context[i]);
- err = ldap_search_s (ldap_conn, object, LDAP_SCOPE_BASE,
- "(objectClass=*)", attr2, 0, &si_res);
- free (object);
+ {
+ char *object = xasprintf ("cn=pgpServerInfo,%s",
+ context[i]);
+ err = ldap_search_s (ldap_conn, object, LDAP_SCOPE_BASE,
+ "(objectClass=*)", attr2, 0, &si_res);
+ xfree (object);
+ }
if (err == LDAP_SUCCESS)
{
@@ -598,7 +597,7 @@ ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
"pgpBaseKeySpaceDN");
if (vals)
{
- basedn = strdup (vals[0]);
+ basedn = xtrystrdup (vals[0]);
ldap_value_free (vals);
}
@@ -649,7 +648,7 @@ ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
vals = ldap_get_values (ldap_conn, si_res, "baseKeySpaceDN");
if (vals)
{
- basedn = strdup (vals[0]);
+ basedn = xtrystrdup (vals[0]);
ldap_value_free (vals);
}
@@ -1361,8 +1360,6 @@ modlist_add (LDAPMod ***modlistp, char *attr, const char *value)
{
modlist[nummods]->mod_values = xmalloc (sizeof(char *) * 2);
- /* XXX: Is this the right thing? Can a UTF8-encoded user ID
- have embedded nulls? */
modlist[nummods]->mod_values[0] = xstrdup (value);
modlist[nummods]->mod_values[1] = NULL;
}
@@ -1394,7 +1391,7 @@ modlist_lookup (LDAPMod **modlist, const char *attr)
/* Dump a modlist to a file. This is useful for debugging. */
static estream_t modlist_dump (LDAPMod **modlist, estream_t output)
- __attribute__ ((used));
+ GNUPG_GCC_A_USED;
static estream_t
modlist_dump (LDAPMod **modlist, estream_t output)
@@ -1488,14 +1485,14 @@ modlist_free (LDAPMod **modlist)
if (mod->mod_values)
{
for (ptr = mod->mod_values; *ptr; ptr++)
- free (*ptr);
+ xfree (*ptr);
- free (mod->mod_values);
+ xfree (mod->mod_values);
}
- free (mod);
+ xfree (mod);
}
- free (modlist);
+ xfree (modlist);
}
/* Append two onto the end of one. Two is not freed, but its pointers
@@ -1633,7 +1630,8 @@ extract_attributes (LDAPMod ***modlist, char *line)
if (is_pub)
{
- int disabled = 0, revoked = 0;
+ int disabled = 0;
+ int revoked = 0;
char *flags;
for (flags = fields[1]; *flags; flags ++)
switch (*flags)
diff --git a/dirmngr/ldap-parse-uri.c b/dirmngr/ldap-parse-uri.c
index 2a341adf1..9a6d6199a 100644
--- a/dirmngr/ldap-parse-uri.c
+++ b/dirmngr/ldap-parse-uri.c
@@ -127,7 +127,7 @@ ldap_parse_uri (parsed_uri_t *purip, const char *uri)
len = 0;
-#define add(s) { if (s) len += strlen (s) + 1; }
+#define add(s) do { if (s) len += strlen (s) + 1; } while (0)
add (scheme);
add (host);
@@ -166,6 +166,11 @@ ldap_parse_uri (parsed_uri_t *purip, const char *uri)
if (password)
{
puri->query = calloc (sizeof (*puri->query), 1);
+ if (!puri->query)
+ {
+ err = gpg_err_code_from_syserror ();
+ goto out;
+ }
puri->query->name = "password";
copy (puri->query->value, password);
puri->query->valuelen = strlen (password) + 1;
@@ -221,7 +226,8 @@ ldap_escape_filter (const char *filter)
case ')':
case '\\':
case '/':
- sprintf (&escaped[escaped_i], "%%%02x", filter[filter_i]);
+ snprintf (&escaped[escaped_i], 4, "%%%02x",
+ ((const unsigned char *)filter)[filter_i]);
escaped_i += 3;
break;
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-11 04:34:49 +0000