[git] KSBA - branch, master, updated. libksba-1.3.4-5-gb60e514
by Werner Koch
cvs at cvs.gnupg.org
Mon Jun 27 16:06:43 CEST 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "KSBA is a library to access X.509 certificates and CMS data.".
The branch, master has been updated
via b60e5140f85fc00cd131ab635d4202693759abe1 (commit)
via 7243a3c6ed1635eef45b567b37a025e4a5e0dc51 (commit)
from 43f890f37b514757db5653608ec59b5a74e8e092 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b60e5140f85fc00cd131ab635d4202693759abe1
Author: Werner Koch <wk at gnupg.org>
Date: Mon Jun 27 16:04:44 2016 +0200
Use modern error macros and fix a missing assignment.
* src/ocsp.c: Remove errno.h. Replace gpg_error_from_errno(errno) by
gpg_error_from_syserror ().
(parse_response): Ditto. Return direct becuase static analyzer may
not grasp that gpg_error_from_syserror will never return false.
(ksba_ocsp_get_responder_id): Actually return an error for NO_DATA.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/src/ocsp.c b/src/ocsp.c
index c053b18..56d2b55 100644
--- a/src/ocsp.c
+++ b/src/ocsp.c
@@ -33,7 +33,6 @@
#include <stdlib.h>
#include <string.h>
#include <assert.h>
-#include <errno.h>
#include "util.h"
@@ -207,7 +206,7 @@ parse_object_id_into_str (unsigned char const **buf, size_t *len, char **oid)
else if (ti.length > *len)
err = gpg_error (GPG_ERR_BAD_BER);
else if (!(*oid = ksba_oid_to_str (*buf, ti.length)))
- err = gpg_error_from_errno (errno);
+ err = gpg_error_from_syserror ();
else
{
*buf += ti.length;
@@ -269,7 +268,7 @@ ksba_ocsp_new (ksba_ocsp_t *r_ocsp)
{
*r_ocsp = xtrycalloc (1, sizeof **r_ocsp);
if (!*r_ocsp)
- return gpg_error_from_errno (errno);
+ return gpg_error_from_syserror ();
return 0;
}
@@ -340,7 +339,7 @@ ksba_ocsp_set_digest_algo (ksba_ocsp_t ocsp, const char *oid)
xfree (ocsp->digest_oid);
ocsp->digest_oid = xtrystrdup (oid);
if (!ocsp->digest_oid)
- return gpg_error_from_errno (errno);
+ return gpg_error_from_syserror ();
return 0;
}
@@ -369,7 +368,7 @@ ksba_ocsp_add_target (ksba_ocsp_t ocsp,
ri = xtrycalloc (1, sizeof *ri);
if (!ri)
- return gpg_error_from_errno (errno);
+ return gpg_error_from_syserror ();
ksba_cert_ref (cert);
ri->cert = cert;
ksba_cert_ref (issuer_cert);
@@ -629,9 +628,10 @@ ksba_ocsp_prepare_request (ksba_ocsp_t ocsp)
xfree (ri->serialno);
ri->serialno = xtrymalloc (derlen);
if (!ri->serialno)
- err = gpg_error_from_errno (errno);
- if (err)
- goto leave;
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
memcpy (ri->serialno, der, derlen);
ri->serialnolen = derlen;
@@ -919,7 +919,7 @@ parse_response_extensions (ksba_ocsp_t ocsp,
ex = xtrymalloc (sizeof *ex + strlen (oid) + ti.length);
if (!ex)
{
- err = gpg_error_from_errno (errno);
+ err = gpg_error_from_syserror ();
goto leave;
}
ex->crit = is_crit;
@@ -986,7 +986,7 @@ parse_single_extensions (struct ocsp_reqitem_s *ri,
ex = xtrymalloc (sizeof *ex + strlen (oid) + ti.length);
if (!ex)
{
- err = gpg_error_from_errno (errno);
+ err = gpg_error_from_syserror ();
goto leave;
}
ex->crit = is_crit;
@@ -1428,7 +1428,7 @@ parse_response_data (ksba_ocsp_t ocsp,
return gpg_error (GPG_ERR_INV_OBJ); /* Zero length key id. */
ocsp->responder_id.keyid = xtrymalloc (ti.length);
if (!ocsp->responder_id.keyid)
- return gpg_error_from_errno (errno);
+ return gpg_error_from_syserror ();
memcpy (ocsp->responder_id.keyid, *data, ti.length);
ocsp->responder_id.keyidlen = ti.length;
parse_skip (data, datalen, &ti);
@@ -1591,12 +1591,12 @@ parse_response (ksba_ocsp_t ocsp, const unsigned char *msg, size_t msglen)
parse_skip (&msg, &msglen, &ti);
cl = xtrycalloc (1, sizeof *cl);
if (!cl)
- err = gpg_error_from_errno (errno);
- if (err)
{
+ err = gpg_error_from_syserror ();
ksba_cert_release (cert);
- return gpg_error (GPG_ERR_ENOMEM);
+ return err;
}
+
cl->cert = cert;
*cl_tail = cl;
@@ -1750,7 +1750,7 @@ ksba_ocsp_get_responder_id (ksba_ocsp_t ocsp,
{
*r_name = xtrystrdup (ocsp->responder_id.name);
if (!*r_name)
- return gpg_error_from_errno (errno);
+ return gpg_error_from_syserror ();
}
else if (ocsp->responder_id.keyid && r_keyid)
{
@@ -1761,7 +1761,7 @@ ksba_ocsp_get_responder_id (ksba_ocsp_t ocsp,
numbuflen = strlen (numbuf);
*r_keyid = xtrymalloc (numbuflen + ocsp->responder_id.keyidlen + 2);
if (!*r_keyid)
- return gpg_error_from_errno (errno);
+ return gpg_error_from_syserror ();
strcpy (*r_keyid, numbuf);
memcpy (*r_keyid+numbuflen,
ocsp->responder_id.keyid, ocsp->responder_id.keyidlen);
@@ -1769,7 +1769,7 @@ ksba_ocsp_get_responder_id (ksba_ocsp_t ocsp,
(*r_keyid)[numbuflen + ocsp->responder_id.keyidlen + 1] = 0;
}
else
- gpg_error (GPG_ERR_NO_DATA);
+ return gpg_error (GPG_ERR_NO_DATA);
return 0;
}
commit 7243a3c6ed1635eef45b567b37a025e4a5e0dc51
Author: Werner Koch <wk at gnupg.org>
Date: Mon Jun 27 15:54:20 2016 +0200
Detect invalid RDN names and avoid a read from uninitialized variable.
* src/dn.c (parse_rdn): Bail out for an invalid name.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/src/dn.c b/src/dn.c
index cea18a1..958850b 100644
--- a/src/dn.c
+++ b/src/dn.c
@@ -1014,6 +1014,9 @@ parse_rdn (const unsigned char *string, const char **endp,
oid = oid_name_tbl[i].oid;
oidlen = oid_name_tbl[i].oidlen;
}
+ else
+ return gpg_error (GPG_ERR_INV_NAME);
+
s++;
while (*s == ' ')
s++;
-----------------------------------------------------------------------
Summary of changes:
src/dn.c | 3 +++
src/ocsp.c | 34 +++++++++++++++++-----------------
2 files changed, 20 insertions(+), 17 deletions(-)
hooks/post-receive
--
KSBA is a library to access X.509 certificates and CMS data.
http://git.gnupg.org
More information about the Gnupg-commits
mailing list