summaryrefslogtreecommitdiffstats
path: root/crypto/openssh/krl.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssh/krl.c')
-rw-r--r--crypto/openssh/krl.c15
1 files changed, 9 insertions, 6 deletions
diff --git a/crypto/openssh/krl.c b/crypto/openssh/krl.c
index 3b4cded..eb31df9 100644
--- a/crypto/openssh/krl.c
+++ b/crypto/openssh/krl.c
@@ -14,7 +14,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $OpenBSD: krl.c,v 1.14 2014/01/31 16:39:19 tedu Exp $ */
+/* $OpenBSD: krl.c,v 1.17 2014/06/24 01:13:21 djm Exp $ */
#include "includes.h"
@@ -366,7 +366,7 @@ plain_key_blob(const Key *key, u_char **blob, u_int *blen)
}
r = key_to_blob(kcopy, blob, blen);
free(kcopy);
- return r == 0 ? -1 : 0;
+ return r;
}
/* Revoke a key blob. Ownership of blob is transferred to the tree */
@@ -394,7 +394,7 @@ ssh_krl_revoke_key_explicit(struct ssh_krl *krl, const Key *key)
u_int len;
debug3("%s: revoke type %s", __func__, key_type(key));
- if (plain_key_blob(key, &blob, &len) != 0)
+ if (plain_key_blob(key, &blob, &len) < 0)
return -1;
return revoke_blob(&krl->revoked_keys, blob, len);
}
@@ -575,6 +575,7 @@ revoked_certs_generate(struct revoked_certs *rc, Buffer *buf)
buffer_put_char(buf, state);
buffer_put_string(buf,
buffer_ptr(&sect), buffer_len(&sect));
+ buffer_clear(&sect);
}
/* If we are starting a new section then prepare it now */
@@ -753,7 +754,8 @@ static int
parse_revoked_certs(Buffer *buf, struct ssh_krl *krl)
{
int ret = -1, nbits;
- u_char type, *blob;
+ u_char type;
+ const u_char *blob;
u_int blen;
Buffer subsect;
u_int64_t serial, serial_lo, serial_hi;
@@ -887,7 +889,8 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp,
char timestamp[64];
int ret = -1, r, sig_seen;
Key *key = NULL, **ca_used = NULL;
- u_char type, *blob, *rdata = NULL;
+ u_char type, *rdata = NULL;
+ const u_char *blob;
u_int i, j, sig_off, sects_off, rlen, blen, format_version, nca_used;
nca_used = 0;
@@ -1127,7 +1130,7 @@ is_key_revoked(struct ssh_krl *krl, const Key *key)
/* Next, explicit keys */
memset(&rb, 0, sizeof(rb));
- if (plain_key_blob(key, &rb.blob, &rb.len) != 0)
+ if (plain_key_blob(key, &rb.blob, &rb.len) < 0)
return -1;
erb = RB_FIND(revoked_blob_tree, &krl->revoked_keys, &rb);
free(rb.blob);
OpenPOWER on IntegriCloud