From 029de6cfa49bd2db922274970d1b49c4e2b0334f Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Sun, 7 Oct 2012 06:33:13 -0700 Subject: [PATCH] pass back an heim_error from hx509_cert_init --- kdc/pkinit.c | 20 ++++++------ lib/base/db.c | 14 ++++----- lib/base/error.c | 18 +++++++++-- lib/base/heimbase.c | 2 +- lib/base/heimbase.h | 6 +++- lib/base/json.c | 14 ++++----- lib/base/version-script.map | 3 +- lib/hx509/ca.c | 8 +++-- lib/hx509/cert.c | 76 ++++++++++++++++++++++----------------------- lib/hx509/cms.c | 14 ++++++--- lib/hx509/ks_file.c | 8 +++-- lib/hx509/ks_keychain.c | 12 ++++--- lib/hx509/ks_p11.c | 10 ++++-- lib/hx509/ks_p12.c | 8 +++-- lib/hx509/revoke.c | 4 +-- lib/hx509/test_name.c | 16 +++++----- 16 files changed, 138 insertions(+), 95 deletions(-) diff --git a/kdc/pkinit.c b/kdc/pkinit.c index 619d4c4e9..46e34e3d1 100644 --- a/kdc/pkinit.c +++ b/kdc/pkinit.c @@ -540,11 +540,11 @@ _kdc_pk_rd_padata(krb5_context context, unsigned int i; for (i = 0; i < pc->len; i++) { - ret = hx509_cert_init_data(context->hx509ctx, - pc->val[i].cert.data, - pc->val[i].cert.length, - &cert); - if (ret) + cert = hx509_cert_init_data(context->hx509ctx, + pc->val[i].cert.data, + pc->val[i].cert.length, + NULL); + if (cert == NULL) continue; hx509_certs_add(context->hx509ctx, trust_anchors, cert); hx509_cert_free(cert); @@ -1742,11 +1742,11 @@ _kdc_pk_check_client(krb5_context context, size_t j; for (j = 0; j < pc->len; j++) { - ret = hx509_cert_init_data(context->hx509ctx, - pc->val[j].cert.data, - pc->val[j].cert.length, - &cert); - if (ret) + cert = hx509_cert_init_data(context->hx509ctx, + pc->val[j].cert.data, + pc->val[j].cert.length, + NULL); + if (cert == NULL) continue; ret = hx509_cert_cmp(cert, cp->cert); hx509_cert_free(cert); diff --git a/lib/base/db.c b/lib/base/db.c index 3ce577dfe..14e535f33 100644 --- a/lib/base/db.c +++ b/lib/base/db.c @@ -68,7 +68,7 @@ #define HEIM_ENOMEM(ep) \ (((ep) && !*(ep)) ? \ - heim_error_get_code((*(ep) = heim_error_enomem())) : ENOMEM) + heim_error_get_code((*(ep) = heim_error_create_enomem())) : ENOMEM) #define HEIM_ERROR_HELPER(ep, ec, args) \ (((ep) && !*(ep)) ? \ @@ -326,7 +326,7 @@ heim_db_create(const char *dbtype, const char *dbname, options = heim_dict_create(11); if (options == NULL) { if (error) - *error = heim_error_enomem(); + *error = heim_error_create_enomem(); return NULL; } } else { @@ -413,7 +413,7 @@ heim_db_create(const char *dbtype, const char *dbname, if (!db->dbtype || ! db->dbname) { heim_release(db); if (error) - *error = heim_error_enomem(); + *error = heim_error_create_enomem(); return NULL; } } @@ -456,7 +456,7 @@ heim_db_clone(heim_db_t db, heim_error_t *error) result = _heim_alloc_object(&db_object, sizeof(*result)); if (result == NULL) { if (error) - *error = heim_error_enomem(); + *error = heim_error_create_enomem(); return NULL; } @@ -763,7 +763,7 @@ heim_db_copy_value(heim_db_t db, heim_string_t table, heim_data_t key, key64 = to_base64(key, error); if (key64 == NULL) { if (error) - *error = heim_error_enomem(); + *error = heim_error_create_enomem(); return NULL; } @@ -1126,7 +1126,7 @@ heim_string_t to_base64(heim_data_t data, heim_error_t *error) enomem: free(b64); if (error) - *error = heim_error_enomem(); + *error = heim_error_create_enomem(); return NULL; } @@ -1150,7 +1150,7 @@ heim_data_t from_base64(heim_string_t s, heim_error_t *error) enomem: free(buf); if (error) - *error = heim_error_enomem(); + *error = heim_error_create_enomem(); return NULL; } diff --git a/lib/base/error.c b/lib/base/error.c index 54313698a..a1bbfa8a1 100644 --- a/lib/base/error.c +++ b/lib/base/error.c @@ -77,12 +77,24 @@ struct heim_type_data _heim_error_object = { }; heim_error_t -heim_error_enomem(void) +heim_error_create_enomem(void) { /* This is an immediate object; see heim_number_create() */ return (heim_error_t)heim_number_create(ENOMEM); } + +void +heim_error_create_opt(heim_error_t *error, int error_code, const char *fmt, ...) +{ + if (error) { + va_list ap; + va_start(ap, fmt); + *error = heim_error_createv(error_code, fmt, ap); + va_end(ap); + } +} + heim_error_t heim_error_create(int error_code, const char *fmt, ...) { @@ -107,7 +119,7 @@ heim_error_createv(int error_code, const char *fmt, va_list ap) str = malloc(1024); errno = save_errno; if (str == NULL) - return heim_error_enomem(); + return heim_error_create_enomem(); len = vsnprintf(str, 1024, fmt, ap); errno = save_errno; if (len < 0) { @@ -141,6 +153,8 @@ heim_error_copy_string(heim_error_t error) int heim_error_get_code(heim_error_t error) { + if (error == NULL) + return -1; if (heim_get_tid(error) != HEIM_TID_ERROR) { if (heim_get_tid(error) == heim_number_get_type_id()) return heim_number_get_int((heim_number_t)error); diff --git a/lib/base/heimbase.c b/lib/base/heimbase.c index 529f14703..4848bd5b7 100644 --- a/lib/base/heimbase.c +++ b/lib/base/heimbase.c @@ -894,7 +894,7 @@ heim_path_vcreate(heim_object_t ptr, size_t size, heim_object_t leaf, err: if (error && !*error) { if (ret == ENOMEM) - *error = heim_error_enomem(); + *error = heim_error_create_enomem(); else *error = heim_error_create(ret, "Could not set " "dict value"); diff --git a/lib/base/heimbase.h b/lib/base/heimbase.h index 7e99bd087..a99e10082 100644 --- a/lib/base/heimbase.h +++ b/lib/base/heimbase.h @@ -189,11 +189,15 @@ heim_string_t __heim_string_constant(const char *); */ typedef struct heim_error * heim_error_t; -heim_error_t heim_error_enomem(void); + +heim_error_t heim_error_create_enomem(void); heim_error_t heim_error_create(int, const char *, ...) HEIMDAL_PRINTF_ATTRIBUTE((printf, 2, 3)); +void heim_error_create_opt(heim_error_t *error, int error_code, const char *fmt, ...) + HEIMDAL_PRINTF_ATTRIBUTE((printf, 3, 4)); + heim_error_t heim_error_createv(int, const char *, va_list) HEIMDAL_PRINTF_ATTRIBUTE((printf, 2, 0)); diff --git a/lib/base/json.c b/lib/base/json.c index 1ebff209e..010ab333a 100644 --- a/lib/base/json.c +++ b/lib/base/json.c @@ -390,7 +390,7 @@ parse_string(struct parse_ctx *ctx) } else { o = heim_string_create_with_bytes(start, ctx->p - start); if (o == NULL) { - ctx->error = heim_error_enomem(); + ctx->error = heim_error_create_enomem(); return NULL; } @@ -407,7 +407,7 @@ parse_string(struct parse_ctx *ctx) buf = malloc(len); if (buf == NULL) { heim_release(o); - ctx->error = heim_error_enomem(); + ctx->error = heim_error_create_enomem(); return NULL; } len = base64_decode(s, buf); @@ -511,7 +511,7 @@ parse_dict(struct parse_ctx *ctx) dict = heim_dict_create(11); if (dict == NULL) { - ctx->error = heim_error_enomem(); + ctx->error = heim_error_create_enomem(); return NULL; } @@ -538,7 +538,7 @@ parse_dict(struct parse_ctx *ctx) if (buf == NULL) { heim_release(dict); heim_release(v); - ctx->error = heim_error_enomem(); + ctx->error = heim_error_create_enomem(); return NULL; } len = base64_decode(heim_string_get_utf8(v), buf); @@ -777,7 +777,7 @@ heim_serialize(heim_object_t obj, heim_json_flags_t flags, heim_error_t *error) strbuf.str = malloc(STRBUF_INIT_SZ); if (strbuf.str == NULL) { if (error) - *error = heim_error_enomem(); + *error = heim_error_create_enomem(); return NULL; } strbuf.len = 0; @@ -789,7 +789,7 @@ heim_serialize(heim_object_t obj, heim_json_flags_t flags, heim_error_t *error) if (ret || strbuf.enomem) { if (error) { if (strbuf.enomem || ret == ENOMEM) - *error = heim_error_enomem(); + *error = heim_error_create_enomem(); else *error = heim_error_create(1, "Impossible to JSON-encode " "object"); @@ -804,7 +804,7 @@ heim_serialize(heim_object_t obj, heim_json_flags_t flags, heim_error_t *error) str = heim_string_ref_create(strbuf.str, free); if (str == NULL) { if (error) - *error = heim_error_enomem(); + *error = heim_error_create_enomem(); free(strbuf.str); } return str; diff --git a/lib/base/version-script.map b/lib/base/version-script.map index 77848ada7..9560b349b 100644 --- a/lib/base/version-script.map +++ b/lib/base/version-script.map @@ -55,9 +55,10 @@ HEIMDAL_BASE_1.0 { heim_dict_set_value; heim_error_append; heim_error_copy_string; + heim_error_create_opt; heim_error_create; heim_error_createv; - heim_error_enomem; + heim_error_create_enomem; heim_error_get_code; heim_get_hash; heim_get_tid; diff --git a/lib/hx509/ca.c b/lib/hx509/ca.c index e2a95fe7e..9dc52f8c0 100644 --- a/lib/hx509/ca.c +++ b/lib/hx509/ca.c @@ -987,6 +987,7 @@ ca_sign(hx509_context context, const Name *issuername, hx509_cert *certificate) { + heim_error_t error = NULL; heim_octet_string data; Certificate c; TBSCertificate *tbsc; @@ -1408,9 +1409,12 @@ ca_sign(hx509_context context, if (ret) goto out; - ret = hx509_cert_init(context, &c, certificate); - if (ret) + *certificate = hx509_cert_init(context, &c, &error); + if (*certificate == NULL) { + ret = heim_error_get_code(error); + heim_release(error); goto out; + } free_Certificate(&c); diff --git a/lib/hx509/cert.c b/lib/hx509/cert.c index a33685c43..84d74ec85 100644 --- a/lib/hx509/cert.c +++ b/lib/hx509/cert.c @@ -218,42 +218,43 @@ _hx509_cert_get_version(const Certificate *t) * * @param context A hx509 context. * @param c - * @param cert + * @param error * - * @return Returns an hx509 error code. + * @return Returns an hx509 certificate * * @ingroup hx509_cert */ -int -hx509_cert_init(hx509_context context, const Certificate *c, hx509_cert *cert) +hx509_cert +hx509_cert_init(hx509_context context, const Certificate *c, heim_error_t *error) { + hx509_cert cert; int ret; - *cert = malloc(sizeof(**cert)); - if (*cert == NULL) - return ENOMEM; - (*cert)->ref = 1; - (*cert)->friendlyname = NULL; - (*cert)->attrs.len = 0; - (*cert)->attrs.val = NULL; - (*cert)->private_key = NULL; - (*cert)->basename = NULL; - (*cert)->release = NULL; - (*cert)->ctx = NULL; - - (*cert)->data = calloc(1, sizeof(*(*cert)->data)); - if ((*cert)->data == NULL) { - free(*cert); - return ENOMEM; - } - ret = copy_Certificate(c, (*cert)->data); + cert = malloc(sizeof(*cert)); + if (cert == NULL) + return heim_error_create_enomem(); + cert->ref = 1; + cert->friendlyname = NULL; + cert->attrs.len = 0; + cert->attrs.val = NULL; + cert->private_key = NULL; + cert->basename = NULL; + cert->release = NULL; + cert->ctx = NULL; + + cert->data = calloc(1, sizeof(*(cert->data))); + if (cert->data == NULL) { + free(cert); + return heim_error_create_enomem(); + } + ret = copy_Certificate(c, cert->data); if (ret) { - free((*cert)->data); - free(*cert); - *cert = NULL; + free(cert->data); + free(cert); + cert = NULL; } - return ret; + return cert; } /** @@ -268,39 +269,38 @@ hx509_cert_init(hx509_context context, const Certificate *c, hx509_cert *cert) * @param context A hx509 context. * @param ptr pointer to memory region containing encoded certificate. * @param len length of memory region. - * @param cert a return pointer to a hx509 certificate object, will - * contain NULL on error. + * @param error possibly returns an error * - * @return An hx509 error code, see hx509_get_error_string(). + * @return An hx509 certificate * * @ingroup hx509_cert */ -int +hx509_cert hx509_cert_init_data(hx509_context context, const void *ptr, size_t len, - hx509_cert *cert) + heim_error_t *error) { + hx509_cert cert; Certificate t; size_t size; int ret; ret = decode_Certificate(ptr, len, &t, &size); if (ret) { - hx509_set_error_string(context, 0, ret, "Failed to decode certificate"); - return ret; + *error = heim_error_create(ret, "Failed to decode certificate"); + return NULL; } if (size != len) { free_Certificate(&t); - hx509_set_error_string(context, 0, HX509_EXTRA_DATA_AFTER_STRUCTURE, - "Extra data after certificate"); - return HX509_EXTRA_DATA_AFTER_STRUCTURE; + return heim_error_create(HX509_EXTRA_DATA_AFTER_STRUCTURE, + "Extra data after certificate"); } - ret = hx509_cert_init(context, &t, cert); + cert = hx509_cert_init(context, &t, error); free_Certificate(&t); - return ret; + return cert; } void diff --git a/lib/hx509/cms.c b/lib/hx509/cms.c index 49a948570..c2438cc90 100644 --- a/lib/hx509/cms.c +++ b/lib/hx509/cms.c @@ -730,14 +730,18 @@ any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs) return 0; for (i = 0; i < sd->certificates->len; i++) { + heim_error_t error; hx509_cert c; - ret = hx509_cert_init_data(context, - sd->certificates->val[i].data, - sd->certificates->val[i].length, - &c); - if (ret) + c = hx509_cert_init_data(context, + sd->certificates->val[i].data, + sd->certificates->val[i].length, + &error); + if (c == NULL) { + ret = heim_error_get_code(error); + heim_release(error); return ret; + } ret = hx509_certs_add(context, certs, c); hx509_cert_free(c); if (ret) diff --git a/lib/hx509/ks_file.c b/lib/hx509/ks_file.c index d21d88928..3eaf69515 100644 --- a/lib/hx509/ks_file.c +++ b/lib/hx509/ks_file.c @@ -52,12 +52,16 @@ parse_certificate(hx509_context context, const char *fn, const void *data, size_t len, const AlgorithmIdentifier *ai) { + heim_error_t error = NULL; hx509_cert cert; int ret; - ret = hx509_cert_init_data(context, data, len, &cert); - if (ret) + cert = hx509_cert_init_data(context, data, len, &error); + if (cert == NULL) { + ret = heim_error_get_code(error); + heim_release(error); return ret; + } ret = _hx509_collector_certs_add(context, c, cert); hx509_cert_free(cert); diff --git a/lib/hx509/ks_keychain.c b/lib/hx509/ks_keychain.c index 0552d8f7e..db1eed771 100644 --- a/lib/hx509/ks_keychain.c +++ b/lib/hx509/ks_keychain.c @@ -420,8 +420,8 @@ keychain_iter_start(hx509_context context, SecCertificateGetData(cr, &cssm); - ret = hx509_cert_init_data(context, cssm.Data, cssm.Length, &cert); - if (ret) + cert = hx509_cert_init_data(context, cssm.Data, cssm.Length, NULL); + if (cert == NULL) continue; ret = hx509_certs_add(context, iter->certs, cert); @@ -470,6 +470,7 @@ keychain_iter(hx509_context context, UInt32 attrFormat[1] = { 0 }; SecKeychainItemRef itemRef; SecItemAttr item[1]; + heim_error_t error = NULL; struct iter *iter = cursor; OSStatus ret; UInt32 len; @@ -501,9 +502,12 @@ keychain_iter(hx509_context context, if (ret) return EINVAL; - ret = hx509_cert_init_data(context, ptr, len, cert); - if (ret) + cert = hx509_cert_init_data(context, ptr, len, &error); + if (cert == NULL) { + ret = heim_error_get_code(error); + heim_release(error); goto out; + } /* * Find related private key if there is one by looking at diff --git a/lib/hx509/ks_p11.c b/lib/hx509/ks_p11.c index bb70f8dfe..7874d998c 100644 --- a/lib/hx509/ks_p11.c +++ b/lib/hx509/ks_p11.c @@ -688,6 +688,7 @@ collect_cert(hx509_context context, void *ptr, CK_ATTRIBUTE *query, int num_query) { struct hx509_collector *collector = ptr; + heim_error_t error = NULL; hx509_cert cert; int ret; @@ -697,10 +698,13 @@ collect_cert(hx509_context context, return 0; } - ret = hx509_cert_init_data(context, query[1].pValue, - query[1].ulValueLen, &cert); - if (ret) + cert = hx509_cert_init_data(context, query[1].pValue, + query[1].ulValueLen, &error); + if (cert == NULL) { + ret = heim_error_get_code(error); + heim_release(error); return ret; + } if (p->ref == 0) _hx509_abort("pkcs11 ref == 0 on alloc"); diff --git a/lib/hx509/ks_p12.c b/lib/hx509/ks_p12.c index 098cb5ebe..b7df0be32 100644 --- a/lib/hx509/ks_p12.c +++ b/lib/hx509/ks_p12.c @@ -130,6 +130,7 @@ certBag_parser(hx509_context context, const void *data, size_t length, const PKCS12_Attributes *attrs) { + heim_error_t error = NULL; heim_octet_string os; hx509_cert cert; PKCS12_CertBag cb; @@ -152,10 +153,13 @@ certBag_parser(hx509_context context, if (ret) return ret; - ret = hx509_cert_init_data(context, os.data, os.length, &cert); + cert = hx509_cert_init_data(context, os.data, os.length, &error); der_free_octet_string(&os); - if (ret) + if (cert == NULL) { + ret = heim_error_get_code(error); + heim_release(error); return ret; + } ret = _hx509_collector_certs_add(context, c, cert); if (ret) { diff --git a/lib/hx509/revoke.c b/lib/hx509/revoke.c index 293228074..af10bce1c 100644 --- a/lib/hx509/revoke.c +++ b/lib/hx509/revoke.c @@ -361,8 +361,8 @@ load_ocsp(hx509_context context, struct revoke_ocsp *ocsp) for (i = 0; i < basic.certs->len; i++) { hx509_cert c; - ret = hx509_cert_init(context, &basic.certs->val[i], &c); - if (ret) + c = hx509_cert_init(context, &basic.certs->val[i], NULL); + if (c == NULL) continue; ret = hx509_certs_add(context, certs, c); diff --git a/lib/hx509/test_name.c b/lib/hx509/test_name.c index d932221dd..9d21a7f65 100644 --- a/lib/hx509/test_name.c +++ b/lib/hx509/test_name.c @@ -319,14 +319,14 @@ test_compare(hx509_context context) /* check transative properties of name compare function */ - ret = hx509_cert_init_data(context, certdata1, sizeof(certdata1) - 1, &c1); - if (ret) return 1; - - ret = hx509_cert_init_data(context, certdata2, sizeof(certdata2) - 1, &c2); - if (ret) return 1; - - ret = hx509_cert_init_data(context, certdata3, sizeof(certdata3) - 1, &c3); - if (ret) return 1; + c1 = hx509_cert_init_data(context, certdata1, sizeof(certdata1) - 1, NULL); + if (c1 == NULL) return 1; + + c2 = hx509_cert_init_data(context, certdata2, sizeof(certdata2) - 1, NULL); + if (c2 == NULL) return 1; + + c3 = hx509_cert_init_data(context, certdata3, sizeof(certdata3) - 1, NULL); + if (c3 == NULL) return 1; ret = compare_subject(c1, c1, &l0); if (ret) return 1; -- 2.11.4.GIT