* gpgkeys_hkp.c (search_key): Catch a mangled input file (useful if
authorDavid Shaw <dshaw@jabberwocky.com>
Mon, 12 Jan 2004 04:09:37 +0000 (04:09 +0000)
committerDavid Shaw <dshaw@jabberwocky.com>
Mon, 12 Jan 2004 04:09:37 +0000 (04:09 +0000)
something other than GnuPG is calling the program). (main): Avoid possible
pre-string write.  Noted by Christian Biere.

* gpgkeys_ldap.c (main): Avoid possible pre-string write.

keyserver/ChangeLog
keyserver/gpgkeys_hkp.c
keyserver/gpgkeys_ldap.c

index eb760be..cb4670c 100644 (file)
@@ -1,3 +1,12 @@
+2004-01-11  David Shaw  <dshaw@jabberwocky.com>
+
+       * gpgkeys_hkp.c (search_key): Catch a mangled input file (useful
+       if something other than GnuPG is calling the program).
+       (main): Avoid possible pre-string write.  Noted by Christian
+       Biere.
+
+       * gpgkeys_ldap.c (main): Avoid possible pre-string write.
+
 2003-12-28  David Shaw  <dshaw@jabberwocky.com>
 
        * gpgkeys_hkp.c (send_key, get_key, main): Work with new HTTP code
index 25c47d2..698425a 100644 (file)
@@ -653,6 +653,12 @@ search_key(char *searchkey)
       skey++;
     }
 
+  if(!search)
+    {
+      fprintf(console,"gpgkeys: corrupt input?\n");
+      return -1;
+    }    
+
   search[len]='\0';
 
   fprintf(console,("gpgkeys: searching for \"%s\" from HKP server %s\n"),
@@ -939,7 +945,7 @@ main(int argc,char *argv[])
            break;
          else
            {
-             if(line[0]=='\n')
+             if(line[0]=='\n' || line[0]=='\0')
                break;
 
              work=malloc(sizeof(struct keylist));
@@ -1069,7 +1075,8 @@ main(int argc,char *argv[])
          }
 
        /* Nail that last space */
-       searchkey[strlen(searchkey)-1]='\0';
+       if(*searchkey)
+         searchkey[strlen(searchkey)-1]='\0';
 
        if(search_key(searchkey)!=KEYSERVER_OK)
          failed++;
index 7847292..8dd0f02 100644 (file)
@@ -548,7 +548,7 @@ search_key(char *searchkey)
   LDAPMessage *res,*each;
   int err,count=0;
   struct keylist *dupelist=NULL;
-  /* The maxium size of the search, including the optional stuff and
+  /* The maximum size of the search, including the optional stuff and
      the trailing \0 */
   char search[2+12+MAX_LINE+2+15+14+1+1];
   char *attrs[]={"pgpcertid","pgpuserid","pgprevoked","pgpdisabled",
@@ -962,7 +962,7 @@ main(int argc,char *argv[])
            break;
          else
            {
-             if(line[0]=='\n')
+             if(line[0]=='\n' || line[0]=='\0')
                break;
 
              work=malloc(sizeof(struct keylist));
@@ -1160,7 +1160,8 @@ main(int argc,char *argv[])
          }
 
        /* Nail that last "*" */
-       searchkey[strlen(searchkey)-1]='\0';
+       if(*searchkey)
+         searchkey[strlen(searchkey)-1]='\0';
 
        if(search_key(searchkey)!=KEYSERVER_OK)
          failed++;