[svn] GnuPG - r3866 - trunk/keyserver
svn author dshaw
cvs at cvs.gnupg.org
Thu Aug 18 19:40:04 CEST 2005
Author: dshaw
Date: 2005-08-18 19:40:04 +0200 (Thu, 18 Aug 2005)
New Revision: 3866
Modified:
trunk/keyserver/ChangeLog
trunk/keyserver/gpgkeys_ldap.c
Log:
* gpgkeys_ldap.c (ldap_quote): \-quote a string for LDAP.
* gpgkeys_ldap.c (search_key): Use it here to escape reserved characters
in searches.
Modified: trunk/keyserver/ChangeLog
===================================================================
--- trunk/keyserver/ChangeLog 2005-08-18 04:17:20 UTC (rev 3865)
+++ trunk/keyserver/ChangeLog 2005-08-18 17:40:04 UTC (rev 3866)
@@ -1,3 +1,10 @@
+2005-08-18 David Shaw <dshaw at jabberwocky.com>
+
+ * gpgkeys_ldap.c (ldap_quote): \-quote a string for LDAP.
+
+ * gpgkeys_ldap.c (search_key): Use it here to escape reserved
+ characters in searches.
+
2005-08-17 David Shaw <dshaw at jabberwocky.com>
* ksutil.h, ksutil.c (parse_ks_options): New keyserver-option
Modified: trunk/keyserver/gpgkeys_ldap.c
===================================================================
--- trunk/keyserver/gpgkeys_ldap.c 2005-08-18 04:17:20 UTC (rev 3865)
+++ trunk/keyserver/gpgkeys_ldap.c 2005-08-18 17:40:04 UTC (rev 3866)
@@ -1130,6 +1130,37 @@
}
}
+#define LDAP_ESCAPE_CHARS "*()\\"
+
+static int
+ldap_quote(char *buffer,const char *string)
+{
+ int count=0;
+
+ for(;*string;string++)
+ {
+ if(strchr(LDAP_ESCAPE_CHARS,*string))
+ {
+ if(buffer)
+ {
+ sprintf(buffer,"\\%02X",*string);
+ buffer+=3;
+ }
+
+ count+=3;
+ }
+ else
+ {
+ if(buffer)
+ *buffer++=*string;
+
+ count++;
+ }
+ }
+
+ return count;
+}
+
/* Returns 0 on success and -1 on error. Note that key-not-found is
not an error! */
static int
@@ -1141,6 +1172,7 @@
struct keylist *dupelist=NULL;
/* The maximum size of the search, including the optional stuff and
the trailing \0 */
+ char *expanded_search;
char search[2+12+1+MAX_LINE+1+2+15+14+1+1];
char *attrs[]={"pgpcertid","pgpuserid","pgprevoked","pgpdisabled",
"pgpkeycreatetime","pgpkeyexpiretime","modifytimestamp",
@@ -1148,17 +1180,29 @@
fprintf(output,"SEARCH %s BEGIN\n",searchkey);
+ expanded_search=malloc(ldap_quote(NULL,searchkey)+1);
+ if(!expanded_search)
+ {
+ fprintf(output,"SEARCH %s FAILED %d\n",searchkey,KEYSERVER_NO_MEMORY);
+ fprintf(console,"Out of memory when quoting LDAP search string\n");
+ return KEYSERVER_NO_MEMORY;
+ }
+
+ ldap_quote(expanded_search,searchkey);
+
/* Build the search string */
sprintf(search,"%s(pgpuserid=*%s%s%s*)%s%s%s",
(!(opt->flags.include_disabled&&opt->flags.include_revoked))?"(&":"",
opt->flags.exact_email?"<":"",
- searchkey,
+ expanded_search,
opt->flags.exact_email?">":"",
opt->flags.include_disabled?"":"(pgpdisabled=0)",
opt->flags.include_revoked?"":"(pgprevoked=0)",
!(opt->flags.include_disabled&&opt->flags.include_revoked)?")":"");
+ free(expanded_search);
+
if(opt->verbose>2)
fprintf(console,"gpgkeys: LDAP search for: %s\n",search);
@@ -1202,9 +1246,11 @@
if(err==LDAP_SIZELIMIT_EXCEEDED)
{
if(count==1)
- fprintf(console,"gpgkeys: search results exceeded server limit. First %d result shown.\n",count);
+ fprintf(console,"gpgkeys: search results exceeded server limit."
+ " First %d result shown.\n",count);
else
- fprintf(console,"gpgkeys: search results exceeded server limit. First %d results shown.\n",count);
+ fprintf(console,"gpgkeys: search results exceeded server limit."
+ " First %d results shown.\n",count);
}
free_keylist(dupelist);
More information about the Gnupg-commits
mailing list