static bool quiet;
#ifndef UCERT_STRIP_MESSAGES
-#define DPRINTF(format, ...) if (!quiet) fprintf(stderr, "%s(%d): " format, __func__, __LINE__, ## __VA_ARGS__)
+#define DPRINTF(format, ...) \
+ do { \
+ if (!quiet) \
+ fprintf(stderr, "%s(%d): " format, __func__, __LINE__, ## __VA_ARGS__); \
+ } while (0)
#else
-#define DPRINTF(format, ...)
+#define DPRINTF(format, ...) do { } while (0)
#endif
/*
};
/* write buffer to file */
-static int write_file(const char *filename, void *buf, size_t len, bool append) {
+static bool write_file(const char *filename, void *buf, size_t len, bool append) {
FILE *f;
size_t outlen;
f = fopen(filename, append?"a":"w");
if (!f)
- return 1;
+ return false;
outlen = fwrite(buf, 1, len, f);
fclose(f);
struct cert_object *cobj;
char filebuf[CERT_BUF_LEN];
int ret = 0, pret = 0;
- int len, pos = 0;
+ size_t len, pos = 0;
f = fopen(certfile, "r");
if (!f)
bufpt = (struct blob_attr *)filebuf;
do {
- pret = blob_parse(bufpt, certtb, cert_policy, CERT_ATTR_MAX);
+ pret = blob_parse_untrusted(bufpt, len, certtb, cert_policy, CERT_ATTR_MAX);
if (pret <= 0)
/* no attributes found */
break;
list_add_tail(&cobj->list, chain);
ret += pret;
- bufpt = blob_next(bufpt);
/* repeat parsing while there is still enough remaining data in buffer */
- } while(len > pos + sizeof(struct blob_attr));
+ } while(len > pos + sizeof(struct blob_attr) && (bufpt = blob_next(bufpt)));
return (ret <= 0);
}
static int cert_append(const char *certfile, const char *sigfile) {
FILE *fs;
char filebuf[CERT_BUF_LEN];
- struct blob_buf sigbuf;
+ struct blob_buf sigbuf = {0};
int len;
int ret;
list_for_each_entry(cobj, chain, list) {
/* blob has payload, verify that using signature */
if (cobj->cert[CERT_ATTR_PAYLOAD]) {
- uint64_t validfrom;
- uint64_t expiresat;
+ time_t validfrom;
+ time_t expiresat;
uint32_t certtype;
ret = cert_verify_blob(cobj->cert, chainedpubkey[0]?chainedpubkey:pubkeyfile, pubkeydir);
/* dump single chain element to console */
static void cert_dump_blob(struct blob_attr *cert[CERT_ATTR_MAX]) {
int i;
+ char *json = NULL;
for (i = 0; i < CERT_ATTR_MAX; i++) {
struct blob_attr *v = cert[i];
switch(cert_policy[i].type) {
case BLOB_ATTR_BINARY:
- fprintf(stdout, "signature:\n---\n%s---\n", (char *) blob_data(v));
+ printf("signature:\n---\n%s---\n", (char *) blob_data(v));
break;
case BLOB_ATTR_NESTED:
- fprintf(stdout, "payload:\n---\n%s\n---\n", blobmsg_format_json_indent(blob_data(v), false, 0));
+ json = blobmsg_format_json_indent(blob_data(v), false, 0);
+ if (!json) {
+ DPRINTF("cannot parse payload\n");
+ continue;
+ }
+ printf("payload:\n---\n%s\n---\n", json);
+ free(json);
break;
}
}
}
list_for_each_entry(cobj, &certchain, list) {
- fprintf(stdout, "=== CHAIN ELEMENT %02u ===\n", ++count);
+ printf("=== CHAIN ELEMENT %02u ===\n", ++count);
cert_dump_blob(cobj->cert);
}
/* issue an auth certificate for pubkey */
static int cert_issue(const char *certfile, const char *pubkeyfile, const char *seckeyfile) {
- struct blob_buf certbuf;
- struct blob_buf payloadbuf;
+ struct blob_buf payloadbuf = {0};
+ struct blob_buf certbuf = {0};
struct timeval tv;
int pklen, siglen;
int revoker = 1;
void *c;
FILE *pkf, *sigf;
char pkb[512];
- char sigb[512];
+ char sigb[1024];
char fname[256], sfname[256];
char pkfp[17];
char tmpdir[] = "/tmp/ucert-XXXXXX";
struct blob_attr *payloadtb[CERT_PL_ATTR_MAX];
struct stat st;
struct timeval tv;
- uint64_t validfrom;
- uint32_t certtype;
+ time_t validfrom;
+ enum certtype_id certtype;
char *fingerprint;
char rfname[512];
- int ret;
+ int ret = -1;
if (cert_load(certfile, &certchain)) {
DPRINTF("cannot parse cert\n");