diff options
Diffstat (limited to 'krl.c')
| -rw-r--r-- | krl.c | 15 |
1 files changed, 9 insertions, 6 deletions
| @@ -14,7 +14,7 @@ | |||
| 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| 15 | */ | 15 | */ |
| 16 | 16 | ||
| 17 | /* $OpenBSD: krl.c,v 1.14 2014/01/31 16:39:19 tedu Exp $ */ | 17 | /* $OpenBSD: krl.c,v 1.17 2014/06/24 01:13:21 djm Exp $ */ |
| 18 | 18 | ||
| 19 | #include "includes.h" | 19 | #include "includes.h" |
| 20 | 20 | ||
| @@ -366,7 +366,7 @@ plain_key_blob(const Key *key, u_char **blob, u_int *blen) | |||
| 366 | } | 366 | } |
| 367 | r = key_to_blob(kcopy, blob, blen); | 367 | r = key_to_blob(kcopy, blob, blen); |
| 368 | free(kcopy); | 368 | free(kcopy); |
| 369 | return r == 0 ? -1 : 0; | 369 | return r; |
| 370 | } | 370 | } |
| 371 | 371 | ||
| 372 | /* Revoke a key blob. Ownership of blob is transferred to the tree */ | 372 | /* Revoke a key blob. Ownership of blob is transferred to the tree */ |
| @@ -394,7 +394,7 @@ ssh_krl_revoke_key_explicit(struct ssh_krl *krl, const Key *key) | |||
| 394 | u_int len; | 394 | u_int len; |
| 395 | 395 | ||
| 396 | debug3("%s: revoke type %s", __func__, key_type(key)); | 396 | debug3("%s: revoke type %s", __func__, key_type(key)); |
| 397 | if (plain_key_blob(key, &blob, &len) != 0) | 397 | if (plain_key_blob(key, &blob, &len) < 0) |
| 398 | return -1; | 398 | return -1; |
| 399 | return revoke_blob(&krl->revoked_keys, blob, len); | 399 | return revoke_blob(&krl->revoked_keys, blob, len); |
| 400 | } | 400 | } |
| @@ -575,6 +575,7 @@ revoked_certs_generate(struct revoked_certs *rc, Buffer *buf) | |||
| 575 | buffer_put_char(buf, state); | 575 | buffer_put_char(buf, state); |
| 576 | buffer_put_string(buf, | 576 | buffer_put_string(buf, |
| 577 | buffer_ptr(§), buffer_len(§)); | 577 | buffer_ptr(§), buffer_len(§)); |
| 578 | buffer_clear(§); | ||
| 578 | } | 579 | } |
| 579 | 580 | ||
| 580 | /* If we are starting a new section then prepare it now */ | 581 | /* If we are starting a new section then prepare it now */ |
| @@ -753,7 +754,8 @@ static int | |||
| 753 | parse_revoked_certs(Buffer *buf, struct ssh_krl *krl) | 754 | parse_revoked_certs(Buffer *buf, struct ssh_krl *krl) |
| 754 | { | 755 | { |
| 755 | int ret = -1, nbits; | 756 | int ret = -1, nbits; |
| 756 | u_char type, *blob; | 757 | u_char type; |
| 758 | const u_char *blob; | ||
| 757 | u_int blen; | 759 | u_int blen; |
| 758 | Buffer subsect; | 760 | Buffer subsect; |
| 759 | u_int64_t serial, serial_lo, serial_hi; | 761 | u_int64_t serial, serial_lo, serial_hi; |
| @@ -887,7 +889,8 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp, | |||
| 887 | char timestamp[64]; | 889 | char timestamp[64]; |
| 888 | int ret = -1, r, sig_seen; | 890 | int ret = -1, r, sig_seen; |
| 889 | Key *key = NULL, **ca_used = NULL; | 891 | Key *key = NULL, **ca_used = NULL; |
| 890 | u_char type, *blob, *rdata = NULL; | 892 | u_char type, *rdata = NULL; |
| 893 | const u_char *blob; | ||
| 891 | u_int i, j, sig_off, sects_off, rlen, blen, format_version, nca_used; | 894 | u_int i, j, sig_off, sects_off, rlen, blen, format_version, nca_used; |
| 892 | 895 | ||
| 893 | nca_used = 0; | 896 | nca_used = 0; |
| @@ -1127,7 +1130,7 @@ is_key_revoked(struct ssh_krl *krl, const Key *key) | |||
| 1127 | 1130 | ||
| 1128 | /* Next, explicit keys */ | 1131 | /* Next, explicit keys */ |
| 1129 | memset(&rb, 0, sizeof(rb)); | 1132 | memset(&rb, 0, sizeof(rb)); |
| 1130 | if (plain_key_blob(key, &rb.blob, &rb.len) != 0) | 1133 | if (plain_key_blob(key, &rb.blob, &rb.len) < 0) |
| 1131 | return -1; | 1134 | return -1; |
| 1132 | erb = RB_FIND(revoked_blob_tree, &krl->revoked_keys, &rb); | 1135 | erb = RB_FIND(revoked_blob_tree, &krl->revoked_keys, &rb); |
| 1133 | free(rb.blob); | 1136 | free(rb.blob); |