2006-10-21 Havoc Pennington <hp@redhat.com>

[platform/upstream/dbus.git] / dbus / dbus-keyring.c

diff --git a/dbus/dbus-keyring.c b/dbus/dbus-keyring.c
index 99de65c..018f45a 100644 (file)
--- a/dbus/dbus-keyring.c
+++ b/dbus/dbus-keyring.c
@@ -1,9 +1,9 @@
 /* -*- mode: C; c-file-style: "gnu" -*- */
 /* dbus-keyring.c Store secret cookies in your homedir
  *
- * Copyright (C) 2003  Red Hat Inc.
+ * Copyright (C) 2003, 2004  Red Hat Inc.
  *
- * Licensed under the Academic Free License version 1.2
+ * Licensed under the Academic Free License version 2.1
  * 
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -23,6 +23,7 @@
 
 #include "dbus-keyring.h"
 #include "dbus-userdb.h"
+#include "dbus-protocol.h"
 #include <dbus/dbus-string.h>
 #include <dbus/dbus-list.h>
 #include <dbus/dbus-sysdeps.h>
@@ -290,7 +291,7 @@ add_new_key (DBusKey  **keys_p,
   DBusKey *new;
   DBusString bytes;
   int id;
-  unsigned long timestamp;
+  long timestamp;
   const unsigned char *s;
   dbus_bool_t retval;
   DBusKey *keys;
@@ -414,6 +415,9 @@ _dbus_keyring_reload (DBusKeyring *keyring,
 
   _DBUS_ASSERT_ERROR_IS_CLEAR (error);
   
+  if (!_dbus_check_dir_is_private_to_user (&keyring->directory, error))
+    return FALSE;
+    
   if (!_dbus_string_init (&contents))
     {
       dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
@@ -426,7 +430,7 @@ _dbus_keyring_reload (DBusKeyring *keyring,
       _dbus_string_free (&contents);
       return FALSE;
     }
-
+   
   keys = NULL;
   n_keys = 0;
   retval = FALSE;
@@ -474,10 +478,11 @@ _dbus_keyring_reload (DBusKeyring *keyring,
       int id;
       long timestamp;
       int len;
+      int end;
       DBusKey *new;
 
       /* Don't load more than the max. */
-      if (n_keys >= (add_new ? MAX_KEYS_IN_FILE : MAX_KEYS_IN_FILE - 1))
+      if (n_keys >= (add_new ? MAX_KEYS_IN_FILE - 1 : MAX_KEYS_IN_FILE))
         break;
       
       next = 0;
@@ -487,7 +492,7 @@ _dbus_keyring_reload (DBusKeyring *keyring,
           continue;
         }
 
-      if (val > _DBUS_INT_MAX || val < 0)
+      if (val > _DBUS_INT32_MAX || val < 0)
         {
           _dbus_verbose ("invalid secret key ID at start of line\n");
           continue;
@@ -542,13 +547,20 @@ _dbus_keyring_reload (DBusKeyring *keyring,
       
       keys[n_keys-1].id = id;
       keys[n_keys-1].creation_time = timestamp;
-      if (!_dbus_string_hex_decode (&line, next,
-                                    &keys[n_keys-1].secret,
-                                    0))
-        {
-          dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
-          goto out;
-        }
+      if (!_dbus_string_hex_decode (&line, next, &end,
+                                    &keys[n_keys-1].secret, 0))
+       {
+         dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
+         goto out;
+       }
+
+      if (_dbus_string_get_length (&line) != end)
+       {
+         _dbus_verbose ("invalid hex encoding in keyring file\n");
+         _dbus_string_free (&keys[n_keys - 1].secret);
+         n_keys -= 1;
+         continue;
+       }
     }
 
   _dbus_verbose ("Successfully loaded %d existing keys\n",
@@ -559,7 +571,7 @@ _dbus_keyring_reload (DBusKeyring *keyring,
       if (!add_new_key (&keys, &n_keys, error))
         {
           _dbus_verbose ("Failed to generate new key: %s\n",
-                         error ? "(unknown)" : error->message);
+                         error ? error->message : "(unknown)");
           goto out;
         }
 
@@ -718,7 +730,7 @@ _dbus_keyring_new_homedir (const DBusString *username,
   if (!_dbus_string_init (&homedir))
     {
       dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
-      return FALSE;
+      return NULL;
     }
 
   _dbus_string_init_const (&dotdir, ".dbus-keyrings");
@@ -750,7 +762,7 @@ _dbus_keyring_new_homedir (const DBusString *username,
      {
        _dbus_string_set_length (&homedir, 0);
        if (!_dbus_string_append (&homedir, override))
-         _dbus_assert_not_reached ("no memory");
+         goto failed;
 
        _dbus_verbose ("Using fake homedir for testing: %s\n",
                       _dbus_string_get_const_data (&homedir));
@@ -843,7 +855,7 @@ _dbus_keyring_new_homedir (const DBusString *username,
   if (keyring)
     _dbus_keyring_unref (keyring);
   _dbus_string_free (&homedir);
-  return FALSE;
+  return NULL;
 
 }