[git] KSBA - branch, master, updated. libksba-1.3.1-7-g4ecabc4
by Werner Koch
cvs at cvs.gnupg.org
Tue Nov 25 12:43:53 CET 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "KSBA is a library to access X.509 certificates and CMS data.".
The branch, master has been updated
via 4ecabc4eb0684f5decb240dc3ac7c797a07b5cb7 (commit)
via 02079b56b8d0d922bb84981270fafbc36637b417 (commit)
via 00ef765bc1aff709e990f9fd984e25aa8e09f482 (commit)
via 86570994c43f193912b1c2e8f71ae24c72ccfaf8 (commit)
via f715b9e156dfa99ae829fc694e5a0abd23ef97d7 (commit)
from 6692de1398629061d405099bb22e9480475928af (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 4ecabc4eb0684f5decb240dc3ac7c797a07b5cb7
Author: Werner Koch <wk at gnupg.org>
Date: Tue Nov 25 12:43:43 2014 +0100
Post release updates
--
diff --git a/NEWS b/NEWS
index fad8554..bf0c43b 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+Noteworthy changes in version 1.3.3 (unreleased) [C19/A11/R_]
+------------------------------------------------
+
+
Noteworthy changes in version 1.3.2 (2014-11-25) [C19/A11/R3]
------------------------------------------------
diff --git a/configure.ac b/configure.ac
index 1ca825b..cc3637e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -30,7 +30,7 @@ min_automake_version="1.10"
m4_define([mym4_package],[libksba])
m4_define([mym4_major], [1])
m4_define([mym4_minor], [3])
-m4_define([mym4_micro], [2])
+m4_define([mym4_micro], [3])
# Below is m4 magic to extract and compute the git revision number,
# the decimalized short revision number, a beta version string and a
commit 02079b56b8d0d922bb84981270fafbc36637b417
Author: Werner Koch <wk at gnupg.org>
Date: Tue Nov 25 12:31:40 2014 +0100
Release 1.3.2.
* configure.ac: Set LT version to C19/A11/R3.
diff --git a/.gitignore b/.gitignore
index a345612..f7ecb30 100644
--- a/.gitignore
+++ b/.gitignore
@@ -25,3 +25,4 @@
/doc/ksba.info
/tests/Makefile.in
/src/asn1-parse.c
+/VERSION
diff --git a/NEWS b/NEWS
index 7929dd4..fad8554 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,8 @@
-Noteworthy changes in version 1.3.2 (unreleased)
+Noteworthy changes in version 1.3.2 (2014-11-25) [C19/A11/R3]
------------------------------------------------
+ * Fixed a buffer overflow in ksba_oid_to_str.
+
Noteworthy changes in version 1.3.1 (2014-09-18)
------------------------------------------------
diff --git a/configure.ac b/configure.ac
index 283b9a9..1ca825b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -52,7 +52,7 @@ AC_INIT([mym4_package],[mym4_version], [http://bugs.gnupg.org])
# Please remember to document interface changes in the NEWS file.
LIBKSBA_LT_CURRENT=19
LIBKSBA_LT_AGE=11
-LIBKSBA_LT_REVISION=2
+LIBKSBA_LT_REVISION=3
#-------------------
# If the API is changed in an incompatible way: increment the next counter.
KSBA_CONFIG_API_VERSION=1
commit 00ef765bc1aff709e990f9fd984e25aa8e09f482
Author: Werner Koch <wk at gnupg.org>
Date: Tue Nov 25 12:24:47 2014 +0100
build: Update version number magic.
* autogen.sh: Update from gnupg master.
* configure.ac: Change for new init style. Create VERSION.
* Makefile.am (dist-hook): Do no create VERSION
diff --git a/Makefile.am b/Makefile.am
index c797e4f..1dc647d 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -41,7 +41,6 @@ endif
SUBDIRS = m4 gl src ${tests} doc
dist-hook: gen-ChangeLog
- @set -e; echo "$(VERSION)" > $(distdir)/VERSION
gen_start_date = 2011-12-01T00:00:00
diff --git a/autogen.sh b/autogen.sh
index ea3d5fc..7effd56 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -15,7 +15,7 @@
# configure it for the respective package. It is maintained as part of
# GnuPG and source copied by other packages.
#
-# Version: 2014-01-10
+# Version: 2014-06-06
configure_ac="configure.ac"
@@ -41,7 +41,7 @@ fatal () {
info () {
if [ -z "${SILENT}" ]; then
- echo "autogen.sh:" "$*"
+ echo "autogen.sh:" "$*" >&2
fi
}
@@ -70,8 +70,11 @@ MSGMERGE=${GETTEXT_PREFIX}${MSGMERGE:-msgmerge}${GETTEXT_SUFFIX}
DIE=no
FORCE=
SILENT=
+PRINT_HOST=no
+PRINT_BUILD=no
tmp=$(dirname "$0")
tsdir=$(cd "${tmp}"; pwd)
+version_parts=3
if [ -n "${AUTOGEN_SH_SILENT}" ]; then
SILENT=" --silent"
@@ -88,6 +91,14 @@ if test x"$1" = x"--force"; then
FORCE=" --force"
shift
fi
+if test x"$1" = x"--print-host"; then
+ PRINT_HOST=yes
+ shift
+fi
+if test x"$1" = x"--print-build"; then
+ PRINT_BUILD=yes
+ shift
+fi
# Reject unsafe characters in $HOME, $tsdir and cwd. We consider spaces
@@ -133,6 +144,11 @@ amd64_toolprefixes=
myhost=""
myhostsub=""
case "$1" in
+ --find-version)
+ myhost="find-version"
+ SILENT=" --silent"
+ shift
+ ;;
--build-w32)
myhost="w32"
shift
@@ -172,16 +188,74 @@ if [ -f "$HOME/.gnupg-autogen.rc" ]; then
. "$HOME/.gnupg-autogen.rc"
fi
+
+# **** FIND VERSION ****
+# This is a helper for the configure.ac M4 magic
+# Called
+# ./autogen.sh --find-version PACKAGE MAJOR MINOR [MICRO]
+# returns a complete version string with automatic beta numbering.
+if [ "$myhost" = "find-version" ]; then
+ package="$1"
+ major="$2"
+ minor="$3"
+ micro="$4"
+
+ case "$version_parts" in
+ 2)
+ matchstr1="$package-$major.[0-9]*"
+ matchstr2="$package-$major-base"
+ vers="$major.$minor"
+ ;;
+ *)
+ matchstr1="$package-$major.$minor.[0-9]*"
+ matchstr2="$package-$major.$minor-base"
+ vers="$major.$minor.$micro"
+ ;;
+ esac
+
+ beta=no
+ if [ -d .git ]; then
+ ingit=yes
+ tmp=$(git describe --match "${matchstr1}" --long 2>/dev/null)
+ if [ -n "$tmp" ]; then
+ tmp=$(echo "$tmp"|awk -F- '$3!=0 && $3 !~ /^beta/ {print"-beta"$3}')
+ else
+ tmp=$(git describe --match "${matchstr2}" --long 2>/dev/null \
+ | awk -F- '$4!=0{print"-beta"$4}')
+ fi
+ [ -n "$tmp" ] && beta=yes
+ rev=$(git rev-parse --short HEAD | tr -d '\n\r')
+ rvd=$((0x$(echo ${rev} | head -c 4)))
+ else
+ ingit=no
+ beta=yes
+ tmp="-unknown"
+ rev="0000000"
+ rvd="0"
+ fi
+
+ echo "$package-$vers$tmp:$beta:$ingit:$vers$tmp:$vers:$tmp:$rev:$rvd:"
+ exit 0
+fi
+# **** end FIND VERSION ****
+
+
+if [ ! -f "$tsdir/build-aux/config.guess" ]; then
+ fatal "$tsdir/build-aux/config.guess not found"
+ exit 1
+fi
+build=`$tsdir/build-aux/config.guess`
+if [ $PRINT_BUILD = yes ]; then
+ echo "$build"
+ exit 0
+fi
+
+
+
# ******************
# W32 build script
# ******************
if [ "$myhost" = "w32" ]; then
- if [ ! -f "$tsdir/build-aux/config.guess" ]; then
- fatal "$tsdir/build-aux/config.guess not found"
- exit 1
- fi
- build=`$tsdir/build-aux/config.guess`
-
case $myhostsub in
ce)
w32root="$w32ce_root"
@@ -189,6 +263,12 @@ if [ "$myhost" = "w32" ]; then
toolprefixes="$w32ce_toolprefixes arm-mingw32ce"
extraoptions="$extraoptions $w32ce_extraoptions"
;;
+ 64)
+ w32root="$w64root"
+ [ -z "$w32root" ] && w32root="$HOME/w64root"
+ toolprefixes="$w64_toolprefixes x86_64-w64-mingw32"
+ extraoptions="$extraoptions $w64_extraoptions"
+ ;;
*)
[ -z "$w32root" ] && w32root="$HOME/w32root"
toolprefixes="$w32_toolprefixes i686-w64-mingw32 i586-mingw32msvc"
@@ -216,6 +296,10 @@ if [ "$myhost" = "w32" ]; then
fi
die_p
fi
+ if [ $PRINT_HOST = yes ]; then
+ echo "$host"
+ exit 0
+ fi
if [ -f "$tsdir/config.log" ]; then
if ! head $tsdir/config.log | grep "$host" >/dev/null; then
@@ -226,7 +310,7 @@ if [ "$myhost" = "w32" ]; then
$tsdir/configure --enable-maintainer-mode ${SILENT} \
--prefix=${w32root} \
- --host=${host} --build=${build} \
+ --host=${host} --build=${build} SYSROOT=${w32root} \
${configure_opts} ${extraoptions} "$@"
rc=$?
exit $rc
@@ -236,13 +320,6 @@ fi
# ***** AMD64 cross build script *******
# Used to cross-compile for AMD64 (for testing)
if [ "$myhost" = "amd64" ]; then
- shift
- if [ ! -f $tsdir/build-aux/config.guess ]; then
- echo "$tsdir/build-aux/config.guess not found" >&2
- exit 1
- fi
- build=`$tsdir/build-aux/config.guess`
-
[ -z "$amd64root" ] && amd64root="$HOME/amd64root"
info "Using $amd64root as standard install directory"
replace_sysroot
@@ -263,6 +340,10 @@ if [ "$myhost" = "amd64" ]; then
echo "Stop." >&2
exit 1
fi
+ if [ $PRINT_HOST = yes ]; then
+ echo "$host"
+ exit 0
+ fi
if [ -f "$tsdir/config.log" ]; then
if ! head $tsdir/config.log | grep "$host" >/dev/null; then
diff --git a/configure.ac b/configure.ac
index 85311aa..283b9a9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -27,23 +27,23 @@ min_automake_version="1.10"
# bump the version number immediately after the release and do another
# commit and push so that the git magic is able to work. See below
# for the LT versions.
-m4_define(mym4_version, [1.3.2])
-
-# Below is m4 magic to extract and compute the revision number, the
-# decimalized short revision number, a beta version string, and a flag
-# indicating a development version (mym4_isgit). Note that the m4
-# processing is done by autoconf and not during the configure run.
-m4_define([mym4_revision],
- m4_esyscmd([git rev-parse --short HEAD | tr -d '\n\r']))
-m4_define([mym4_revision_dec],
- m4_esyscmd_s([echo $((0x$(echo ]mym4_revision[|head -c 4)))]))
-m4_define([mym4_betastring],
- m4_esyscmd_s([git describe --match 'libksba-[0-9].*[0-9]' --long|\
- awk -F- '$3!=0{print"-beta"$3}']))
-m4_define([mym4_isgit],m4_if(mym4_betastring,[],[no],[yes]))
-m4_define([mym4_full_version],[mym4_version[]mym4_betastring])
-
-AC_INIT([libksba],[mym4_full_version],[http://bugs.gnupg.org])
+m4_define([mym4_package],[libksba])
+m4_define([mym4_major], [1])
+m4_define([mym4_minor], [3])
+m4_define([mym4_micro], [2])
+
+# Below is m4 magic to extract and compute the git revision number,
+# the decimalized short revision number, a beta version string and a
+# flag indicating a development version (mym4_isbeta). Note that the
+# m4 processing is done by autoconf and not during the configure run.
+m4_define([mym4_verslist], m4_split(m4_esyscmd([./autogen.sh --find-version] \
+ mym4_package mym4_major mym4_minor mym4_micro),[:]))
+m4_define([mym4_isbeta], m4_argn(2, mym4_verslist))
+m4_define([mym4_version], m4_argn(4, mym4_verslist))
+m4_define([mym4_revision], m4_argn(7, mym4_verslist))
+m4_define([mym4_revision_dec], m4_argn(8, mym4_verslist))
+m4_esyscmd([echo ]mym4_version[>VERSION])
+AC_INIT([mym4_package],[mym4_version], [http://bugs.gnupg.org])
# LT Version numbers: Remember to change them just *before* a release.
# (Interfaces removed: CURRENT++, AGE=0, REVISION=0)
commit 86570994c43f193912b1c2e8f71ae24c72ccfaf8
Author: Werner Koch <wk at gnupg.org>
Date: Tue Nov 25 12:23:18 2014 +0100
build: Update gpg-error.m4 and libgcrypt.m4
--
diff --git a/m4/gpg-error.m4 b/m4/gpg-error.m4
index 35cbc78..1661204 100644
--- a/m4/gpg-error.m4
+++ b/m4/gpg-error.m4
@@ -1,5 +1,5 @@
# gpg-error.m4 - autoconf macro to detect libgpg-error.
-# Copyright (C) 2002, 2003, 2004, 2011 g10 Code GmbH
+# Copyright (C) 2002, 2003, 2004, 2011, 2014 g10 Code GmbH
#
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
@@ -8,38 +8,64 @@
# This file is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#
+# Last-changed: 2014-10-02
+
dnl AM_PATH_GPG_ERROR([MINIMUM-VERSION,
dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
-dnl Test for libgpg-error and define GPG_ERROR_CFLAGS and GPG_ERROR_LIBS
+dnl
+dnl Test for libgpg-error and define GPG_ERROR_CFLAGS, GPG_ERROR_LIBS,
+dnl GPG_ERROR_MT_CFLAGS, and GPG_ERROR_MT_LIBS. The _MT_ variants are
+dnl used for programs requireing real multi thread support.
+dnl
+dnl If a prefix option is not used, the config script is first
+dnl searched in $SYSROOT/bin and then along $PATH. If the used
+dnl config script does not match the host specification the script
+dnl is added to the gpg_config_script_warn variable.
dnl
AC_DEFUN([AM_PATH_GPG_ERROR],
[ AC_REQUIRE([AC_CANONICAL_HOST])
+ gpg_error_config_prefix=""
dnl --with-libgpg-error-prefix=PFX is the preferred name for this option,
dnl since that is consistent with how our three siblings use the directory/
dnl package name in --with-$dir_name-prefix=PFX.
AC_ARG_WITH(libgpg-error-prefix,
- AC_HELP_STRING([--with-libgpg-error-prefix=PFX],
- [prefix where GPG Error is installed (optional)]),
- gpg_error_config_prefix="$withval", gpg_error_config_prefix="")
+ AC_HELP_STRING([--with-libgpg-error-prefix=PFX],
+ [prefix where GPG Error is installed (optional)]),
+ [gpg_error_config_prefix="$withval"])
dnl Accept --with-gpg-error-prefix and make it work the same as
dnl --with-libgpg-error-prefix above, for backwards compatibility,
dnl but do not document this old, inconsistently-named option.
AC_ARG_WITH(gpg-error-prefix,,
- gpg_error_config_prefix="$withval", gpg_error_config_prefix="")
+ [gpg_error_config_prefix="$withval"])
- if test x$gpg_error_config_prefix != x ; then
- if test x${GPG_ERROR_CONFIG+set} != xset ; then
- GPG_ERROR_CONFIG=$gpg_error_config_prefix/bin/gpg-error-config
+ if test x"${GPG_ERROR_CONFIG}" = x ; then
+ if test x"${gpg_error_config_prefix}" != x ; then
+ GPG_ERROR_CONFIG="${gpg_error_config_prefix}/bin/gpg-error-config"
+ else
+ case "${SYSROOT}" in
+ /*)
+ if test -x "${SYSROOT}/bin/gpg-error-config" ; then
+ GPG_ERROR_CONFIG="${SYSROOT}/bin/gpg-error-config"
+ fi
+ ;;
+ '')
+ ;;
+ *)
+ AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.])
+ ;;
+ esac
fi
fi
- AC_PATH_TOOL(GPG_ERROR_CONFIG, gpg-error-config, no)
+ AC_PATH_PROG(GPG_ERROR_CONFIG, gpg-error-config, no)
min_gpg_error_version=ifelse([$1], ,0.0,$1)
AC_MSG_CHECKING(for GPG Error - version >= $min_gpg_error_version)
ok=no
- if test "$GPG_ERROR_CONFIG" != "no" ; then
+ if test "$GPG_ERROR_CONFIG" != "no" \
+ && test -f "$GPG_ERROR_CONFIG" ; then
req_major=`echo $min_gpg_error_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)/\1/'`
req_minor=`echo $min_gpg_error_version | \
@@ -62,6 +88,8 @@ AC_DEFUN([AM_PATH_GPG_ERROR],
if test $ok = yes; then
GPG_ERROR_CFLAGS=`$GPG_ERROR_CONFIG $gpg_error_config_args --cflags`
GPG_ERROR_LIBS=`$GPG_ERROR_CONFIG $gpg_error_config_args --libs`
+ GPG_ERROR_MT_CFLAGS=`$GPG_ERROR_CONFIG $gpg_error_config_args --mt --cflags 2>/dev/null`
+ GPG_ERROR_MT_LIBS=`$GPG_ERROR_CONFIG $gpg_error_config_args --mt --libs 2>/dev/null`
AC_MSG_RESULT([yes ($gpg_error_config_version)])
ifelse([$2], , :, [$2])
gpg_error_config_host=`$GPG_ERROR_CONFIG $gpg_error_config_args --host 2>/dev/null || echo none`
@@ -73,16 +101,21 @@ AC_DEFUN([AM_PATH_GPG_ERROR],
*** built for $gpg_error_config_host and thus may not match the
*** used host $host.
*** You may want to use the configure option --with-gpg-error-prefix
-*** to specify a matching config script.
+*** to specify a matching config script or use \$SYSROOT.
***]])
+ gpg_config_script_warn="$gpg_config_script_warn libgpg-error"
fi
fi
else
GPG_ERROR_CFLAGS=""
GPG_ERROR_LIBS=""
+ GPG_ERROR_MT_CFLAGS=""
+ GPG_ERROR_MT_LIBS=""
AC_MSG_RESULT(no)
ifelse([$3], , :, [$3])
fi
AC_SUBST(GPG_ERROR_CFLAGS)
AC_SUBST(GPG_ERROR_LIBS)
+ AC_SUBST(GPG_ERROR_MT_CFLAGS)
+ AC_SUBST(GPG_ERROR_MT_LIBS)
])
diff --git a/m4/libgcrypt.m4 b/m4/libgcrypt.m4
index 6cf482f..c67cfec 100644
--- a/m4/libgcrypt.m4
+++ b/m4/libgcrypt.m4
@@ -1,13 +1,15 @@
-dnl Autoconf macros for libgcrypt
-dnl Copyright (C) 2002, 2004, 2011 Free Software Foundation, Inc.
-dnl
-dnl This file is free software; as a special exception the author gives
-dnl unlimited permission to copy and/or distribute it, with or without
-dnl modifications, as long as this notice is preserved.
-dnl
-dnl This file is distributed in the hope that it will be useful, but
-dnl WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
-dnl implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+# libgcrypt.m4 - Autoconf macros to detect libgcrypt
+# Copyright (C) 2002, 2003, 2004, 2011, 2014 g10 Code GmbH
+#
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#
+# Last-changed: 2014-10-02
dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION,
@@ -20,19 +22,37 @@ dnl version of libgcrypt is at least 1.2.5 *and* the API number is 1. Using
dnl this features allows to prevent build against newer versions of libgcrypt
dnl with a changed API.
dnl
+dnl If a prefix option is not used, the config script is first
+dnl searched in $SYSROOT/bin and then along $PATH. If the used
+dnl config script does not match the host specification the script
+dnl is added to the gpg_config_script_warn variable.
+dnl
AC_DEFUN([AM_PATH_LIBGCRYPT],
[ AC_REQUIRE([AC_CANONICAL_HOST])
AC_ARG_WITH(libgcrypt-prefix,
AC_HELP_STRING([--with-libgcrypt-prefix=PFX],
[prefix where LIBGCRYPT is installed (optional)]),
libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="")
- if test x$libgcrypt_config_prefix != x ; then
- if test x${LIBGCRYPT_CONFIG+set} != xset ; then
- LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config
+ if test x"${LIBGCRYPT_CONFIG}" = x ; then
+ if test x"${libgcrypt_config_prefix}" != x ; then
+ LIBGCRYPT_CONFIG="${libgcrypt_config_prefix}/bin/libgcrypt-config"
+ else
+ case "${SYSROOT}" in
+ /*)
+ if test -x "${SYSROOT}/bin/libgcrypt-config" ; then
+ LIBGCRYPT_CONFIG="${SYSROOT}/bin/libgcrypt-config"
+ fi
+ ;;
+ '')
+ ;;
+ *)
+ AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.])
+ ;;
+ esac
fi
fi
- AC_PATH_TOOL(LIBGCRYPT_CONFIG, libgcrypt-config, no)
+ AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no)
tmp=ifelse([$1], ,1:1.2.0,$1)
if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'`
@@ -108,8 +128,9 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
*** built for $libgcrypt_config_host and thus may not match the
*** used host $host.
*** You may want to use the configure option --with-libgcrypt-prefix
-*** to specify a matching config script.
+*** to specify a matching config script or use \$SYSROOT.
***]])
+ gpg_config_script_warn="$gpg_config_script_warn libgcrypt"
fi
fi
else
commit f715b9e156dfa99ae829fc694e5a0abd23ef97d7
Author: Werner Koch <wk at gnupg.org>
Date: Tue Nov 25 11:47:28 2014 +0100
Fix buffer overflow in ksba_oid_to_str.
* src/oid.c (ksba_oid_to_str): Fix unsigned underflow.
* tests/Makefile.am (noinst_PROGRAMS): Move t-oid to ..
(TESTS): here.
* tests/t-oid.c (test_oid_to_str): New.
(main): Run the new tests by default. The former functionality
requires the use of one of the new options.
--
The code has an obvious error by not considering invalid encoding for
arc-2. A first byte of 0x80 can be used to make a value of less then
80 and we then subtract 80 from that value as required by the OID
encoding rules. Due to the unsigned integer this results in a pretty
long value which won't fit anymore into the allocated buffer.
The fix is obvious. Also added a few simple test cases. Note that we
keep on using sprintf instead of snprintf because managing the
remaining length of the buffer would probably be more error prone than
assuring that the buffer is large enough. Getting rid of sprintf
altogether by using direct conversion along with membuf_t like code
might be possible.
Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/src/oid.c b/src/oid.c
index d98f740..9061a4a 100644
--- a/src/oid.c
+++ b/src/oid.c
@@ -94,6 +94,8 @@ ksba_oid_to_str (const char *buffer, size_t length)
val <<= 7;
val |= buf[n] & 0x7f;
}
+ if (val < 80)
+ goto badoid;
val -= 80;
sprintf (p, "2.%lu", val);
p += strlen (p);
diff --git a/tests/Makefile.am b/tests/Makefile.am
index bb32172..759b626 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -39,13 +39,13 @@ EXTRA_DIST = $(test_certs) samples/README mkoidtbl.awk
BUILT_SOURCES = oidtranstbl.h
CLEANFILES = oidtranstbl.h
-TESTS = cert-basic t-crl-parser t-dnparser
+TESTS = cert-basic t-crl-parser t-dnparser t-oid
AM_CFLAGS = $(GPG_ERROR_CFLAGS)
AM_LDFLAGS = -no-install
noinst_HEADERS = t-common.h
-noinst_PROGRAMS = $(TESTS) t-cms-parser t-crl-parser t-dnparser t-ocsp t-oid
+noinst_PROGRAMS = $(TESTS) t-cms-parser t-crl-parser t-dnparser t-ocsp
LDADD = ../src/libksba.la $(GPG_ERROR_LIBS)
t_ocsp_SOURCES = t-ocsp.c sha1.c
diff --git a/tests/t-dnparser.c b/tests/t-dnparser.c
index c8d4b0d..ef4ab5d 100644
--- a/tests/t-dnparser.c
+++ b/tests/t-dnparser.c
@@ -143,7 +143,7 @@ main (int argc, char **argv)
if (!feof (stdin))
fail ("read error or input too large");
- fail ("no yet implemented");
+ fail ("not yet implemented");
}
else if (argc == 2 && !strcmp (argv[1], "--to-der") )
diff --git a/tests/t-oid.c b/tests/t-oid.c
index 95fc7f5..be68d52 100644
--- a/tests/t-oid.c
+++ b/tests/t-oid.c
@@ -27,6 +27,9 @@
#include "../src/ksba.h"
+#define PGM "t-oid"
+#define BADOID "1.3.6.1.4.1.11591.2.12242973"
+
static void *
read_into_buffer (FILE *fp, size_t *r_length)
@@ -68,23 +71,104 @@ read_into_buffer (FILE *fp, size_t *r_length)
}
+static void
+test_oid_to_str (void)
+{
+ struct {
+ unsigned int binlen;
+ unsigned char *bin;
+ char *str;
+ } tests[] = {
+
+ { 7, "\x02\x82\x06\x01\x0A\x0C\x00",
+ "0.2.262.1.10.12.0"
+ },
+ { 7, "\x02\x82\x06\x01\x0A\x0C\x01",
+ "0.2.262.1.10.12.1"
+ },
+ { 7, "\x2A\x86\x48\xCE\x38\x04\x01",
+ "1.2.840.10040.4.1"
+ },
+ { 7, "\x2A\x86\x48\xCE\x38\x04\x03",
+ "1.2.840.10040.4.3"
+ },
+ { 10, "\x2B\x06\x01\x04\x01\xDA\x47\x02\x01\x01",
+ "1.3.6.1.4.1.11591.2.1.1"
+ },
+ { 3, "\x55\x1D\x0E",
+ "2.5.29.14"
+ },
+ { 9, "\x80\x02\x70\x50\x25\x46\xfd\x0c\xc0",
+ BADOID
+ },
+ { 1, "\x80",
+ BADOID
+ },
+ { 2, "\x81\x00",
+ "2.48"
+ },
+ { 2, "\x81\x01",
+ "2.49"
+ },
+ { 2, "\x81\x7f",
+ "2.175"
+ },
+ { 2, "\x81\x80", /* legal encoding? */
+ "2.48"
+ },
+ { 2, "\x81\x81\x01", /* legal encoding? */
+ "2.49"
+ },
+ { 0, "",
+ ""
+ },
+
+ { 0, NULL, NULL }
+ };
+ int tidx;
+ char *str;
+
+ for (tidx=0; tests[tidx].bin; tidx++)
+ {
+ str = ksba_oid_to_str (tests[tidx].bin, tests[tidx].binlen);
+ if (!str)
+ {
+ perror ("ksba_oid_to_str failed");
+ exit (1);
+ }
+ if (strcmp (tests[tidx].str, str))
+ {
+ fprintf (stderr, "ksba_oid_to_str test %d failed\n", tidx);
+ fprintf (stderr, " got=%s\n", str);
+ fprintf (stderr, " want=%s\n", tests[tidx].str);
+ exit (1);
+ }
+ }
+}
+
int
main (int argc, char **argv)
{
gpg_error_t err;
+
if (argc)
{
argc--;
argv++;
}
- if (argc)
+
+ if (!argc)
+ {
+ test_oid_to_str ();
+ }
+ else if (!strcmp (*argv, "--from-str"))
{
unsigned char *buffer;
size_t n, buflen;
- for ( ;argc ; argc--, argv++)
+ for (argv++,argc-- ; argc; argc--, argv++)
{
err = ksba_oid_from_str (*argv, &buffer, &buflen);
if (err)
@@ -100,18 +184,25 @@ main (int argc, char **argv)
free (buffer);
}
}
- else
+ else if (!strcmp (*argv, "--to-str"))
{
char *buffer;
size_t buflen;
char *result;
+ argv++;argc--;
+
buffer = read_into_buffer (stdin, &buflen);
result = ksba_oid_to_str (buffer, buflen);
free (buffer);
printf ("%s\n", result? result:"[malloc failed]");
free (result);
}
+ else
+ {
+ fputs ("usage: "PGM" [--from-str|--to-str]\n", stderr);
+ return 1;
+ }
return 0;
}
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 1 +
Makefile.am | 1 -
NEWS | 8 +++-
autogen.sh | 113 ++++++++++++++++++++++++++++++++++++++++++++--------
configure.ac | 36 ++++++++---------
m4/gpg-error.m4 | 57 ++++++++++++++++++++------
m4/libgcrypt.m4 | 51 +++++++++++++++++-------
src/oid.c | 2 +
tests/Makefile.am | 4 +-
tests/t-dnparser.c | 2 +-
tests/t-oid.c | 97 ++++++++++++++++++++++++++++++++++++++++++--
11 files changed, 303 insertions(+), 69 deletions(-)
hooks/post-receive
--
KSBA is a library to access X.509 certificates and CMS data.
http://git.gnupg.org
More information about the Gnupg-commits
mailing list