From: DongHun Kwak Date: Thu, 23 Dec 2021 01:56:03 +0000 (+0900) Subject: Imported Upstream version 1.3.5 X-Git-Tag: upstream/1.3.5^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=3665537392fecfd5061130b6622351db4dea3499;p=platform%2Fupstream%2Flibksba.git Imported Upstream version 1.3.5 --- diff --git a/ChangeLog b/ChangeLog index 3892fcc..302cb71 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,55 @@ +2016-08-22 Werner Koch + + Release 1.3.5. + * configure.ac: Set LT version to C19/A/11/R6. + + Use size_t for the result of fread. + * src/reader.c (ksba_reader_read): Make 'n' and size_t. + + Limit allocation in the BER decoder to 16 MiB. + * src/ber-decoder.c (MAX_IMAGE_LENGTH): New. + (decoder_next): Limit allcoation to MAX_IMAGE_LENGTH. + (_ksba_ber_decoder_dump, _ksba_ber_decoder_decode): Ditto. + +2016-07-17 Tomáš Trnka + + Encode OCSP nonce value as an octet string (RFC 6960) + * src/ocsp.c (ksba_ocsp_set_nonce): Stop removing the sign bit. + (write_request_extensions): Encode nonce as octet string. + (parse_response_extensions): Decode nonce as octet string. + +2016-07-13 Werner Koch + + build: Update config.{guess,sub} to {2016-05-15,2016-06-20}. + * build-aux/config.guess: Update. + * build-aux/config.sub: Update. + +2016-06-27 Werner Koch + + tests: Fix a memory leak. + * tests/t-oid.c (test_oid_to_str): Free STR. + + Use modern error macros and fix a missing assignment. + * src/ocsp.c: Remove errno.h. Replace gpg_error_from_errno(errno) by + gpg_error_from_syserror (). + (parse_response): Ditto. Return direct becuase static analyzer may + not grasp that gpg_error_from_syserror will never return false. + (ksba_ocsp_get_responder_id): Actually return an error for NO_DATA. + + Detect invalid RDN names and avoid a read from uninitialized variable. + * src/dn.c (parse_rdn): Bail out for an invalid name. + +2016-05-25 Werner Koch + Pascal Cuoq + + Fix OOB read in parse_distribution_point. + * src/cert.c (parse_distribution_point): Check TI.length. + +2016-05-11 Werner Koch + + Make sure that ASN.1 data is stored in an all-initialized buffer. + * src/ber-decoder.c (decoder_next): Clear the image buffer. + 2016-05-03 Werner Koch Release 1.3.4. diff --git a/NEWS b/NEWS index 3b9abb0..22aeead 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,18 @@ -Noteworthy changes in version 1.3.4 (2016-05-03) [C19/A11/R4] +Noteworthy changes in version 1.3.5 (2016-08-22) [C19/A11/R6] +------------------------------------------------ + + * Limit the allowed size of complex ASN.1 objects (e.g. certificates) + to 16MiB. + + * Avoid read access to unitialized memory. + + * Improve detection of invalid RDNs. + + * Encode the OCSP nonce value as an octet string as described by + RFC-6960. + + +Noteworthy changes in version 1.3.4 (2016-05-03) [C19/A11/R5] ------------------------------------------------ * Fixed two OOB read access bugs which could be used to force a DoS. diff --git a/build-aux/config.guess b/build-aux/config.guess index 0967f2a..c4bd827 100755 --- a/build-aux/config.guess +++ b/build-aux/config.guess @@ -2,7 +2,7 @@ # Attempt to guess a canonical system name. # Copyright 1992-2016 Free Software Foundation, Inc. -timestamp='2016-04-02' +timestamp='2016-05-15' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -186,9 +186,12 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched - # to ELF recently, or will in the future. + # to ELF recently (or will in the future) and ABI. case "${UNAME_MACHINE_ARCH}" in - arm*|earm*|i386|m68k|ns32k|sh3*|sparc|vax) + earm*) + os=netbsdelf + ;; + arm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ELF__ @@ -1408,18 +1411,17 @@ esac cat >&2 < in order to provide the needed -information to handle your system. +If $0 has already been updated, send the following data and any +information you think might be pertinent to config-patches@gnu.org to +provide the necessary information to handle your system. config.guess timestamp = $timestamp diff --git a/build-aux/config.sub b/build-aux/config.sub index 8d39c4b..9feb73b 100755 --- a/build-aux/config.sub +++ b/build-aux/config.sub @@ -2,7 +2,7 @@ # Configuration validation subroutine script. # Copyright 1992-2016 Free Software Foundation, Inc. -timestamp='2016-03-30' +timestamp='2016-06-20' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -643,6 +643,14 @@ case $basic_machine in basic_machine=m68k-bull os=-sysv3 ;; + e500v[12]) + basic_machine=powerpc-unknown + os=$os"spe" + ;; + e500v[12]-*) + basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` + os=$os"spe" + ;; ebmon29k) basic_machine=a29k-amd os=-ebmon @@ -1389,7 +1397,7 @@ case $os in | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | -chorusos* | -chorusrdb* | -cegcc* \ | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ + | -midipix* | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ | -linux-newlib* | -linux-musl* | -linux-uclibc* \ | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ @@ -1399,7 +1407,7 @@ case $os in | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \ - | -onefs* | -tirtos*) + | -onefs* | -tirtos* | -phoenix*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) diff --git a/configure b/configure index 151774d..8f35533 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for libksba 1.3.4. +# Generated by GNU Autoconf 2.69 for libksba 1.3.5. # # Report bugs to . # @@ -590,8 +590,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='libksba' PACKAGE_TARNAME='libksba' -PACKAGE_VERSION='1.3.4' -PACKAGE_STRING='libksba 1.3.4' +PACKAGE_VERSION='1.3.5' +PACKAGE_STRING='libksba 1.3.5' PACKAGE_BUGREPORT='http://bugs.gnupg.org' PACKAGE_URL='' @@ -1355,7 +1355,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures libksba 1.3.4 to adapt to many kinds of systems. +\`configure' configures libksba 1.3.5 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1425,7 +1425,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of libksba 1.3.4:";; + short | recursive ) echo "Configuration of libksba 1.3.5:";; esac cat <<\_ACEOF @@ -1552,7 +1552,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -libksba configure 1.3.4 +libksba configure 1.3.5 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2158,7 +2158,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by libksba $as_me 1.3.4, which was +It was created by libksba $as_me 1.3.5, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2514,7 +2514,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu # Please remember to document interface changes in the NEWS file. LIBKSBA_LT_CURRENT=19 LIBKSBA_LT_AGE=11 -LIBKSBA_LT_REVISION=5 +LIBKSBA_LT_REVISION=6 #------------------- # If the API is changed in an incompatible way: increment the next counter. KSBA_CONFIG_API_VERSION=1 @@ -3042,7 +3042,7 @@ fi # Define the identity of the package. PACKAGE='libksba' - VERSION='1.3.4' + VERSION='1.3.5' cat >>confdefs.h <<_ACEOF @@ -14900,11 +14900,11 @@ fi # Generate extended version information for W32. if test "$have_w32_system" = yes; then BUILD_FILEVERSION=`echo "$VERSION" | sed 's/\([0-9.]*\).*/\1./;s/\./,/g'` - BUILD_FILEVERSION="${BUILD_FILEVERSION}14994" + BUILD_FILEVERSION="${BUILD_FILEVERSION}9676" fi -BUILD_REVISION="3a92e8c" +BUILD_REVISION="25cc42c" cat >>confdefs.h <<_ACEOF @@ -15487,7 +15487,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by libksba $as_me 1.3.4, which was +This file was extended by libksba $as_me 1.3.5, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -15553,7 +15553,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -libksba config.status 1.3.4 +libksba config.status 1.3.5 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -17549,7 +17549,7 @@ fi echo " Libksba v${VERSION} has been configured as follows: - Revision: 3a92e8c (14994) + Revision: 25cc42c (9676) Platform: $host " diff --git a/configure.ac b/configure.ac index 7cdcf19..e5e8764 100644 --- a/configure.ac +++ b/configure.ac @@ -30,7 +30,7 @@ min_automake_version="1.14" m4_define([mym4_package],[libksba]) m4_define([mym4_major], [1]) m4_define([mym4_minor], [3]) -m4_define([mym4_micro], [4]) +m4_define([mym4_micro], [5]) # Below is m4 magic to extract and compute the git revision number, # the decimalized short revision number, a beta version string and a @@ -52,7 +52,7 @@ AC_INIT([mym4_package],[mym4_version], [http://bugs.gnupg.org]) # Please remember to document interface changes in the NEWS file. LIBKSBA_LT_CURRENT=19 LIBKSBA_LT_AGE=11 -LIBKSBA_LT_REVISION=5 +LIBKSBA_LT_REVISION=6 #------------------- # If the API is changed in an incompatible way: increment the next counter. KSBA_CONFIG_API_VERSION=1 diff --git a/doc/ksba.info b/doc/ksba.info index d3bf952..dc6677a 100644 --- a/doc/ksba.info +++ b/doc/ksba.info @@ -8,8 +8,8 @@ END-INFO-DIR-ENTRY This file documents the KSBA library to access X.509 and CMS data structures. - This is edition 1.3.4, last updated 15 March 2013, of 'The KSBA -Reference Manual', for Version 1.3.4. + This is edition 1.3.5, last updated 15 March 2013, of 'The KSBA +Reference Manual', for Version 1.3.5. Copyright (C) 2002, 2003, 2004 g10 Code GmbH @@ -25,8 +25,8 @@ File: ksba.info, Node: Top, Next: Introduction, Up: (dir) Main Menu ********* -This is edition 1.3.4, last updated 15 March 2013, of 'The KSBA -Reference Manual', for Version 1.3.4 of the KSBA library. +This is edition 1.3.5, last updated 15 March 2013, of 'The KSBA +Reference Manual', for Version 1.3.5 of the KSBA library. Copyright (C) 2002, 2003, 2004 g10 Code GmbH diff --git a/doc/stamp-vti b/doc/stamp-vti index 4a06fa8..294851a 100644 --- a/doc/stamp-vti +++ b/doc/stamp-vti @@ -1,4 +1,4 @@ @set UPDATED 15 March 2013 @set UPDATED-MONTH March 2013 -@set EDITION 1.3.4 -@set VERSION 1.3.4 +@set EDITION 1.3.5 +@set VERSION 1.3.5 diff --git a/doc/version.texi b/doc/version.texi index 4a06fa8..294851a 100644 --- a/doc/version.texi +++ b/doc/version.texi @@ -1,4 +1,4 @@ @set UPDATED 15 March 2013 @set UPDATED-MONTH March 2013 -@set EDITION 1.3.4 -@set VERSION 1.3.4 +@set EDITION 1.3.5 +@set VERSION 1.3.5 diff --git a/src/ber-decoder.c b/src/ber-decoder.c index 9e70d92..20a91b1 100644 --- a/src/ber-decoder.c +++ b/src/ber-decoder.c @@ -42,6 +42,11 @@ #include "ber-help.h" +/* The maximum length we allow for an image, that is for a BER encoded + * object. */ +#define MAX_IMAGE_LENGTH (16 * 1024 * 1024) + + struct decoder_state_item_s { AsnNode node; int went_up; @@ -857,12 +862,19 @@ decoder_next (BerDecoder d) if (!d->image.buf) { /* We need some extra bytes to store the stuff we read ahead - at the end of the module which is later pushed back. */ + * at the end of the module which is later pushed back. We + * also clear the buffer because there is no guarantee that + * we will copy data to all bytes of the buffer: A broken + * ASN.1 encoding may thus lead to access of uninitialized + * data even if we make sure that that access is not our of + * bounds. */ d->image.used = 0; d->image.length = ti.length + 100; if (d->image.length < ti.length) return gpg_error (GPG_ERR_BAD_BER); - d->image.buf = xtrymalloc (d->image.length); + if (d->image.length > MAX_IMAGE_LENGTH) + return gpg_error (GPG_ERR_TOO_LARGE); + d->image.buf = xtrycalloc (1, d->image.length); if (!d->image.buf) return gpg_error (GPG_ERR_ENOMEM); } @@ -1106,9 +1118,12 @@ _ksba_ber_decoder_dump (BerDecoder d, FILE *fp) if (!buf || buflen < d->val.length) { xfree (buf); + buf = NULL; buflen = d->val.length + 100; if (buflen < d->val.length) err = gpg_error (GPG_ERR_BAD_BER); /* Overflow */ + else if (buflen > MAX_IMAGE_LENGTH) + err = gpg_error (GPG_ERR_TOO_LARGE); else { buf = xtrymalloc (buflen); @@ -1133,7 +1148,7 @@ _ksba_ber_decoder_dump (BerDecoder d, FILE *fp) p = ksba_oid_to_str (buf, n); break; default: - for (i=0; i < n && i < 20; i++) + for (i=0; i < n && (d->debug || i < 20); i++) fprintf (fp,"%02x", buf[i]); if (i < n) fputs ("..more..", fp); @@ -1242,9 +1257,12 @@ _ksba_ber_decoder_decode (BerDecoder d, const char *start_name, if (!buf || buflen < d->val.length) { xfree (buf); + buf = NULL; buflen = d->val.length + 100; if (buflen < d->val.length) err = gpg_error (GPG_ERR_BAD_BER); + else if (buflen > MAX_IMAGE_LENGTH) + err = gpg_error (GPG_ERR_TOO_LARGE); else { buf = xtrymalloc (buflen); diff --git a/src/cert.c b/src/cert.c index dc97f83..d8dabb6 100644 --- a/src/cert.c +++ b/src/cert.c @@ -1586,6 +1586,8 @@ parse_distribution_point (const unsigned char *der, size_t derlen, unsigned int bits, mask; int i, unused, full; + if (!ti.length || ti.length > derlen) + return gpg_error (GPG_ERR_ENCODING_PROBLEM); unused = *der++; derlen--; ti.length--; if ((!ti.length && unused) || unused/8 > ti.length) diff --git a/src/dn.c b/src/dn.c index cea18a1..958850b 100644 --- a/src/dn.c +++ b/src/dn.c @@ -1014,6 +1014,9 @@ parse_rdn (const unsigned char *string, const char **endp, oid = oid_name_tbl[i].oid; oidlen = oid_name_tbl[i].oidlen; } + else + return gpg_error (GPG_ERR_INV_NAME); + s++; while (*s == ' ') s++; diff --git a/src/ocsp.c b/src/ocsp.c index c053b18..4b26f8d 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -33,7 +33,6 @@ #include #include #include -#include #include "util.h" @@ -207,7 +206,7 @@ parse_object_id_into_str (unsigned char const **buf, size_t *len, char **oid) else if (ti.length > *len) err = gpg_error (GPG_ERR_BAD_BER); else if (!(*oid = ksba_oid_to_str (*buf, ti.length))) - err = gpg_error_from_errno (errno); + err = gpg_error_from_syserror (); else { *buf += ti.length; @@ -269,7 +268,7 @@ ksba_ocsp_new (ksba_ocsp_t *r_ocsp) { *r_ocsp = xtrycalloc (1, sizeof **r_ocsp); if (!*r_ocsp) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); return 0; } @@ -340,7 +339,7 @@ ksba_ocsp_set_digest_algo (ksba_ocsp_t ocsp, const char *oid) xfree (ocsp->digest_oid); ocsp->digest_oid = xtrystrdup (oid); if (!ocsp->digest_oid) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); return 0; } @@ -369,7 +368,7 @@ ksba_ocsp_add_target (ksba_ocsp_t ocsp, ri = xtrycalloc (1, sizeof *ri); if (!ri) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); ksba_cert_ref (cert); ri->cert = cert; ksba_cert_ref (issuer_cert); @@ -402,10 +401,6 @@ ksba_ocsp_set_nonce (ksba_ocsp_t ocsp, unsigned char *nonce, size_t noncelen) if (noncelen) { memcpy (ocsp->nonce, nonce, noncelen); - /* Reset the high bit. We do this to make sure that we have a - positive integer and thus we don't need to prepend a leading - zero which would be needed then. */ - ocsp->nonce[0] &= 0x7f; } ocsp->noncelen = noncelen; return noncelen; @@ -493,7 +488,7 @@ write_request_extensions (ksba_ocsp_t ocsp, ksba_writer_t wout) err = _ksba_ber_write_tl (w1, TYPE_OCTET_STRING, CLASS_UNIVERSAL, 0, 2+ocsp->noncelen); if (!err) - err = _ksba_ber_write_tl (w1, TYPE_INTEGER, CLASS_UNIVERSAL, 0, + err = _ksba_ber_write_tl (w1, TYPE_OCTET_STRING, CLASS_UNIVERSAL, 0, ocsp->noncelen); if (!err) err = ksba_writer_write (w1, ocsp->nonce, ocsp->noncelen); @@ -629,9 +624,10 @@ ksba_ocsp_prepare_request (ksba_ocsp_t ocsp) xfree (ri->serialno); ri->serialno = xtrymalloc (derlen); if (!ri->serialno) - err = gpg_error_from_errno (errno); - if (err) - goto leave; + { + err = gpg_error_from_syserror (); + goto leave; + } memcpy (ri->serialno, der, derlen); ri->serialnolen = derlen; @@ -907,7 +903,7 @@ parse_response_extensions (ksba_ocsp_t ocsp, goto leave; if (!strcmp (oid, oidstr_ocsp_nonce)) { - err = parse_integer (&data, &datalen, &ti); + err = parse_octet_string (&data, &datalen, &ti); if (err) goto leave; if (ocsp->noncelen != ti.length @@ -919,7 +915,7 @@ parse_response_extensions (ksba_ocsp_t ocsp, ex = xtrymalloc (sizeof *ex + strlen (oid) + ti.length); if (!ex) { - err = gpg_error_from_errno (errno); + err = gpg_error_from_syserror (); goto leave; } ex->crit = is_crit; @@ -986,7 +982,7 @@ parse_single_extensions (struct ocsp_reqitem_s *ri, ex = xtrymalloc (sizeof *ex + strlen (oid) + ti.length); if (!ex) { - err = gpg_error_from_errno (errno); + err = gpg_error_from_syserror (); goto leave; } ex->crit = is_crit; @@ -1428,7 +1424,7 @@ parse_response_data (ksba_ocsp_t ocsp, return gpg_error (GPG_ERR_INV_OBJ); /* Zero length key id. */ ocsp->responder_id.keyid = xtrymalloc (ti.length); if (!ocsp->responder_id.keyid) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); memcpy (ocsp->responder_id.keyid, *data, ti.length); ocsp->responder_id.keyidlen = ti.length; parse_skip (data, datalen, &ti); @@ -1591,12 +1587,12 @@ parse_response (ksba_ocsp_t ocsp, const unsigned char *msg, size_t msglen) parse_skip (&msg, &msglen, &ti); cl = xtrycalloc (1, sizeof *cl); if (!cl) - err = gpg_error_from_errno (errno); - if (err) { + err = gpg_error_from_syserror (); ksba_cert_release (cert); - return gpg_error (GPG_ERR_ENOMEM); + return err; } + cl->cert = cert; *cl_tail = cl; @@ -1750,7 +1746,7 @@ ksba_ocsp_get_responder_id (ksba_ocsp_t ocsp, { *r_name = xtrystrdup (ocsp->responder_id.name); if (!*r_name) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); } else if (ocsp->responder_id.keyid && r_keyid) { @@ -1761,7 +1757,7 @@ ksba_ocsp_get_responder_id (ksba_ocsp_t ocsp, numbuflen = strlen (numbuf); *r_keyid = xtrymalloc (numbuflen + ocsp->responder_id.keyidlen + 2); if (!*r_keyid) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); strcpy (*r_keyid, numbuf); memcpy (*r_keyid+numbuflen, ocsp->responder_id.keyid, ocsp->responder_id.keyidlen); @@ -1769,7 +1765,7 @@ ksba_ocsp_get_responder_id (ksba_ocsp_t ocsp, (*r_keyid)[numbuflen + ocsp->responder_id.keyidlen + 1] = 0; } else - gpg_error (GPG_ERR_NO_DATA); + return gpg_error (GPG_ERR_NO_DATA); return 0; } diff --git a/src/reader.c b/src/reader.c index 0f8bad5..c59978d 100644 --- a/src/reader.c +++ b/src/reader.c @@ -366,7 +366,7 @@ ksba_reader_read (ksba_reader_t r, char *buffer, size_t length, size_t *nread) } else if (r->type == READER_TYPE_FILE) { - int n; + size_t n; if (r->eof) return gpg_error (GPG_ERR_EOF); @@ -378,7 +378,7 @@ ksba_reader_read (ksba_reader_t r, char *buffer, size_t length, size_t *nread) } n = fread (buffer, 1, length, r->u.file); - if (n > 0) + if (n) { r->nread += n; *nread = n; @@ -388,9 +388,9 @@ ksba_reader_read (ksba_reader_t r, char *buffer, size_t length, size_t *nread) if (n < length) { if (ferror(r->u.file)) - r->error = errno; + r->error = errno; r->eof = 1; - if (n <= 0) + if (!n) return gpg_error (GPG_ERR_EOF); } } diff --git a/tests/t-oid.c b/tests/t-oid.c index be68d52..0fe5944 100644 --- a/tests/t-oid.c +++ b/tests/t-oid.c @@ -143,6 +143,7 @@ test_oid_to_str (void) fprintf (stderr, " want=%s\n", tests[tidx].str); exit (1); } + ksba_free (str); } }