s4:heimdal: import lorikeet-heimdal-200911122202 (commit 9291fd2d101f3eecec550178634faa94ead3e9a1)

10 files changed, 144 insertions, 79 deletions

diff --git a/source4/heimdal/lib/hx509/ca.c b/source4/heimdal/lib/hx509/ca.c
index 552a869809..8ec6eae22a 100644
--- a/source4/heimdal/lib/hx509/ca.c
+++ b/source4/heimdal/lib/hx509/ca.c
@@ -692,7 +692,7 @@ add_utf8_san(hx509_context context,
 	     const heim_oid *oid,
 	     const char *string)
 {
-    const PKIXXmppAddr ustring = string;
+    const PKIXXmppAddr ustring = (const PKIXXmppAddr)string;
     heim_octet_string os;
     size_t size;
     int ret;
diff --git a/source4/heimdal/lib/hx509/cert.c b/source4/heimdal/lib/hx509/cert.c
index 7eaf6eb3c8..ebf02a99e3 100644
--- a/source4/heimdal/lib/hx509/cert.c
+++ b/source4/heimdal/lib/hx509/cert.c
@@ -283,6 +283,7 @@ hx509_cert_init_data(hx509_context context,
 	return ret;
     }
     if (size != len) {
+	free_Certificate(&t);
 	hx509_set_error_string(context, 0, HX509_EXTRA_DATA_AFTER_STRUCTURE,
 			       "Extra data after certificate");
 	return HX509_EXTRA_DATA_AFTER_STRUCTURE;
@@ -445,7 +446,7 @@ hx509_verify_attach_anchors(hx509_verify_ctx ctx, hx509_certs set)
 {
     if (ctx->trust_anchors)
 	hx509_certs_free(&ctx->trust_anchors);
-    ctx->trust_anchors = _hx509_certs_ref(set);
+    ctx->trust_anchors = hx509_certs_ref(set);
 }
 
 /**
@@ -1926,9 +1927,9 @@ hx509_verify_path(hx509_context context,
      *
      */
     if (ctx->trust_anchors)
-	anchors = _hx509_certs_ref(ctx->trust_anchors);
+	anchors = hx509_certs_ref(ctx->trust_anchors);
     else if (context->default_trust_anchors && ALLOW_DEF_TA(ctx))
-	anchors = _hx509_certs_ref(context->default_trust_anchors);
+	anchors = hx509_certs_ref(context->default_trust_anchors);
     else {
 	ret = hx509_certs_init(context, "MEMORY:no-TA", 0, NULL, &anchors);
 	if (ret)
@@ -3451,3 +3452,66 @@ out:
     hx509_env_free(&envcert);
     return ret;
 }
+
+/**
+ * Print a simple representation of a certificate
+ *
+ * @param context A hx509 context, can be NULL
+ * @param cert certificate to print
+ * @param out the stdio output stream, if NULL, stdout is used
+ *
+ * @return An hx509 error code
+ *
+ * @ingroup hx509_cert
+ */
+
+int
+hx509_print_cert(hx509_context context, hx509_cert cert, FILE *out)
+{
+    hx509_name name;
+    char *str;
+    int ret;
+
+    if (out == NULL)
+	out = stderr;
+
+    ret = hx509_cert_get_issuer(cert, &name);
+    if (ret)
+	return ret;
+    hx509_name_to_string(name, &str);
+    hx509_name_free(&name);
+    fprintf(out, "    issuer:  \"%s\"\n", str);
+    free(str);
+
+    ret = hx509_cert_get_subject(cert, &name);
+    if (ret)
+	return ret;
+    hx509_name_to_string(name, &str);
+    hx509_name_free(&name);
+    fprintf(out, "    subject: \"%s\"\n", str);
+    free(str);
+
+    {
+	heim_integer serialNumber;
+
+	ret = hx509_cert_get_serialnumber(cert, &serialNumber);
+	if (ret)
+	    return ret;
+	ret = der_print_hex_heim_integer(&serialNumber, &str);
+	if (ret)
+	    return ret;
+	der_free_heim_integer(&serialNumber);
+	fprintf(out, "    serial: %s\n", str);
+	free(str);
+    }
+
+    printf("    keyusage: ");
+    ret = hx509_cert_keyusage_print(context, cert, &str);
+    if (ret == 0) {
+	fprintf(out, "%s\n", str);
+	free(str);
+    } else
+	fprintf(out, "no");
+
+    return 0;
+}
diff --git a/source4/heimdal/lib/hx509/error.c b/source4/heimdal/lib/hx509/error.c
index 45813efb38..fc3cf90b32 100644
--- a/source4/heimdal/lib/hx509/error.c
+++ b/source4/heimdal/lib/hx509/error.c
@@ -67,8 +67,10 @@ free_error_string(hx509_error msg)
 void
 hx509_clear_error_string(hx509_context context)
 {
-    free_error_string(context->error);
-    context->error = NULL;
+    if (context) {
+	free_error_string(context->error);
+	context->error = NULL;
+    }
 }
 
 /**
@@ -91,6 +93,9 @@ hx509_set_error_stringv(hx509_context context, int flags, int code,
 {
     hx509_error msg;
 
+    if (context == NULL)
+	return;
+
     msg = calloc(1, sizeof(*msg));
     if (msg == NULL) {
 	hx509_clear_error_string(context);
diff --git a/source4/heimdal/lib/hx509/file.c b/source4/heimdal/lib/hx509/file.c
index 674d2706ce..56e25766ef 100644
--- a/source4/heimdal/lib/hx509/file.c
+++ b/source4/heimdal/lib/hx509/file.c
@@ -66,7 +66,7 @@ _hx509_write_file(const char *fn, const void *data, size_t length)
  */
 
 static void
-header(FILE *f, const char *type, const char *str)
+print_pem_stamp(FILE *f, const char *type, const char *str)
 {
     fprintf(f, "-----%s %s-----\n", type, str);
 }
@@ -82,7 +82,7 @@ hx509_pem_write(hx509_context context, const char *type,
 
 #define ENCODE_LINE_LENGTH	54
 
-    header(f, "BEGIN", type);
+    print_pem_stamp(f, "BEGIN", type);
 
     while (headers) {
 	fprintf(f, "%s: %s\n%s",
@@ -110,7 +110,7 @@ hx509_pem_write(hx509_context context, const char *type,
 	free(line);
     }
 
-    header(f, "END", type);
+    print_pem_stamp(f, "END", type);
 
     return 0;
 }
@@ -121,14 +121,14 @@ hx509_pem_write(hx509_context context, const char *type,
 
 int
 hx509_pem_add_header(hx509_pem_header **headers,
-		     const char *hdr, const char *value)
+		     const char *header, const char *value)
 {
     hx509_pem_header *h;
 
     h = calloc(1, sizeof(*h));
     if (h == NULL)
 	return ENOMEM;
-    h->header = strdup(hdr);
+    h->header = strdup(header);
     if (h->header == NULL) {
 	free(h);
 	return ENOMEM;
@@ -164,10 +164,10 @@ hx509_pem_free_header(hx509_pem_header *headers)
  */
 
 const char *
-hx509_pem_find_header(const hx509_pem_header *h, const char *hdr)
+hx509_pem_find_header(const hx509_pem_header *h, const char *header)
 {
     while(h) {
-	if (strcmp(hdr, h->header) == 0)
+	if (strcmp(header, h->header) == 0)
 	    return h->value;
 	h = h->next;
     }
diff --git a/source4/heimdal/lib/hx509/keyset.c b/source4/heimdal/lib/hx509/keyset.c
index c4f035ab87..4a96cff530 100644
--- a/source4/heimdal/lib/hx509/keyset.c
+++ b/source4/heimdal/lib/hx509/keyset.c
@@ -198,7 +198,7 @@ hx509_certs_store(hx509_context context,
 
 
 hx509_certs
-_hx509_certs_ref(hx509_certs certs)
+hx509_certs_ref(hx509_certs certs)
 {
     if (certs == NULL)
 	return NULL;
diff --git a/source4/heimdal/lib/hx509/ks_file.c b/source4/heimdal/lib/hx509/ks_file.c
index 3955820aef..f137b84641 100644
--- a/source4/heimdal/lib/hx509/ks_file.c
+++ b/source4/heimdal/lib/hx509/ks_file.c
@@ -367,7 +367,7 @@ file_init_common(hx509_context context,
 		 const char *residue, hx509_lock lock, outformat format)
 {
     char *p, *pnext;
-    struct ks_file *f = NULL;
+    struct ks_file *ksf = NULL;
     hx509_private_key *keys = NULL;
     int ret;
     struct pem_ctx pem_ctx;
@@ -380,15 +380,15 @@ file_init_common(hx509_context context,
     if (lock == NULL)
 	lock = _hx509_empty_lock;
 
-    f = calloc(1, sizeof(*f));
-    if (f == NULL) {
+    ksf = calloc(1, sizeof(*ksf));
+    if (ksf == NULL) {
 	hx509_clear_error_string(context);
 	return ENOMEM;
     }
-    f->format = format;
+    ksf->format = format;
 
-    f->fn = strdup(residue);
-    if (f->fn == NULL) {
+    ksf->fn = strdup(residue);
+    if (ksf->fn == NULL) {
 	hx509_clear_error_string(context);
 	ret = ENOMEM;
 	goto out;
@@ -401,10 +401,10 @@ file_init_common(hx509_context context,
 
     if (flags & HX509_CERTS_CREATE) {
 	ret = hx509_certs_init(context, "MEMORY:ks-file-create",
-			       0, lock, &f->certs);
+			       0, lock, &ksf->certs);
 	if (ret)
 	    goto out;
-	*data = f;
+	*data = ksf;
 	return 0;
     }
 
@@ -412,25 +412,25 @@ file_init_common(hx509_context context,
     if (ret)
 	goto out;
 
-    for (p = f->fn; p != NULL; p = pnext) {
-	FILE *f2;
+    for (p = ksf->fn; p != NULL; p = pnext) {
+	FILE *f;
 
 	pnext = strchr(p, ',');
 	if (pnext)
 	    *pnext++ = '\0';
 	
 
-	if ((f2 = fopen(p, "r")) == NULL) {
+	if ((f = fopen(p, "r")) == NULL) {
 	    ret = ENOENT;
 	    hx509_set_error_string(context, 0, ret,
 				   "Failed to open PEM file \"%s\": %s",
 				   p, strerror(errno));
 	    goto out;
 	}
-	rk_cloexec_file(f2);
+	rk_cloexec_file(f);
 
-	ret = hx509_pem_read(context, f2, pem_func, &pem_ctx);
-	fclose(f2);
+	ret = hx509_pem_read(context, f, pem_func, &pem_ctx);
+	fclose(f);		
 	if (ret != 0 && ret != HX509_PARSING_KEY_FAILED)
 	    goto out;
 	else if (ret == HX509_PARSING_KEY_FAILED) {
@@ -461,7 +461,7 @@ file_init_common(hx509_context context,
 	}
     }
 
-    ret = _hx509_collector_collect_certs(context, pem_ctx.c, &f->certs);
+    ret = _hx509_collector_collect_certs(context, pem_ctx.c, &ksf->certs);
     if (ret)
 	goto out;
 
@@ -470,17 +470,17 @@ file_init_common(hx509_context context,
 	int i;
 
 	for (i = 0; keys[i]; i++)
-	    _hx509_certs_keys_add(context, f->certs, keys[i]);
+	    _hx509_certs_keys_add(context, ksf->certs, keys[i]);
 	_hx509_certs_keys_free(context, keys);
     }
 
 out:
     if (ret == 0)
-	*data = f;
+	*data = ksf;
     else {
-	if (f->fn)
-	    free(f->fn);
-	free(f);
+	if (ksf->fn)
+	    free(ksf->fn);
+	free(ksf);
     }
     if (pem_ctx.c)
 	_hx509_collector_free(pem_ctx.c);
@@ -507,10 +507,10 @@ file_init_der(hx509_context context,
 static int
 file_free(hx509_certs certs, void *data)
 {
-    struct ks_file *f = data;
-    hx509_certs_free(&f->certs);
-    free(f->fn);
-    free(f);
+    struct ks_file *ksf = data;
+    hx509_certs_free(&ksf->certs);
+    free(ksf->fn);
+    free(ksf);
     return 0;
 }
 
@@ -558,20 +558,20 @@ static int
 file_store(hx509_context context,
 	   hx509_certs certs, void *data, int flags, hx509_lock lock)
 {
-    struct ks_file *f = data;
+    struct ks_file *ksf = data;
     struct store_ctx sc;
     int ret;
 
-    sc.f = fopen(f->fn, "w");
+    sc.f = fopen(ksf->fn, "w");
     if (sc.f == NULL) {
 	hx509_set_error_string(context, 0, ENOENT,
 			       "Failed to open file %s for writing");
 	return ENOENT;
     }
     rk_cloexec_file(sc.f);
-    sc.format = f->format;
+    sc.format = ksf->format;
 
-    ret = hx509_certs_iter(context, f->certs, store_func, &sc);
+    ret = hx509_certs_iter(context, ksf->certs, store_func, &sc);
     fclose(sc.f);
     return ret;
 }
@@ -579,24 +579,24 @@ file_store(hx509_context context,
 static int
 file_add(hx509_context context, hx509_certs certs, void *data, hx509_cert c)
 {
-    struct ks_file *f = data;
-    return hx509_certs_add(context, f->certs, c);
+    struct ks_file *ksf = data;
+    return hx509_certs_add(context, ksf->certs, c);
 }
 
 static int
 file_iter_start(hx509_context context,
 		hx509_certs certs, void *data, void **cursor)
 {
-    struct ks_file *f = data;
-    return hx509_certs_start_seq(context, f->certs, cursor);
+    struct ks_file *ksf = data;
+    return hx509_certs_start_seq(context, ksf->certs, cursor);
 }
 
 static int
 file_iter(hx509_context context,
 	  hx509_certs certs, void *data, void *iter, hx509_cert *cert)
 {
-    struct ks_file *f = data;
-    return hx509_certs_next_cert(context, f->certs, iter, cert);
+    struct ks_file *ksf = data;
+    return hx509_certs_next_cert(context, ksf->certs, iter, cert);
 }
 
 static int
@@ -605,8 +605,8 @@ file_iter_end(hx509_context context,
 	      void *data,
 	      void *cursor)
 {
-    struct ks_file *f = data;
-    return hx509_certs_end_seq(context, f->certs, cursor);
+    struct ks_file *ksf = data;
+    return hx509_certs_end_seq(context, ksf->certs, cursor);
 }
 
 static int
@@ -615,8 +615,8 @@ file_getkeys(hx509_context context,
 	     void *data,
 	     hx509_private_key **keys)
 {
-    struct ks_file *f = data;
-    return _hx509_certs_keys_get(context, f->certs, keys);
+    struct ks_file *ksf = data;
+    return _hx509_certs_keys_get(context, ksf->certs, keys);
 }
 
 static int
@@ -625,8 +625,8 @@ file_addkey(hx509_context context,
 	     void *data,
 	     hx509_private_key key)
 {
-    struct ks_file *f = data;
-    return _hx509_certs_keys_add(context, f->certs, key);
+    struct ks_file *ksf = data;
+    return _hx509_certs_keys_add(context, ksf->certs, key);
 }
 
 static struct hx509_keyset_ops keyset_file = {
diff --git a/source4/heimdal/lib/hx509/lock.c b/source4/heimdal/lib/hx509/lock.c
index 219a301928..07e9d36125 100644
--- a/source4/heimdal/lib/hx509/lock.c
+++ b/source4/heimdal/lib/hx509/lock.c
@@ -214,10 +214,12 @@ hx509_lock_prompt(hx509_lock lock, hx509_prompt *prompt)
 void
 hx509_lock_free(hx509_lock lock)
 {
-    hx509_certs_free(&lock->certs);
-    hx509_lock_reset_passwords(lock);
-    memset(lock, 0, sizeof(*lock));
-    free(lock);
+    if (lock) {
+	hx509_certs_free(&lock->certs);
+	hx509_lock_reset_passwords(lock);
+	memset(lock, 0, sizeof(*lock));
+	free(lock);
+    }
 }
 
 int
diff --git a/source4/heimdal/lib/hx509/name.c b/source4/heimdal/lib/hx509/name.c
index c5844f98cc..b544ecb7ff 100644
--- a/source4/heimdal/lib/hx509/name.c
+++ b/source4/heimdal/lib/hx509/name.c
@@ -243,11 +243,7 @@ _hx509_Name_to_string(const Name *n, char **str)
 		break;
 	    }
 	    case choice_DirectoryString_teletexString:
-		ss = malloc(ds->u.teletexString.length + 1);
-		if (ss == NULL)
-		    _hx509_abort("allocation failure"); /* XXX */
-		memcpy(ss, ds->u.teletexString.data, ds->u.teletexString.length);
-		ss[ds->u.teletexString.length] = '\0';
+		ss = ds->u.teletexString;
 		break;
 	    case choice_DirectoryString_universalString: {
 	        const uint32_t *uni = ds->u.universalString.data;
@@ -279,8 +275,7 @@ _hx509_Name_to_string(const Name *n, char **str)
 	    len = strlen(ss);
 	    append_string(str, &total_len, ss, len, 1);
 	    if (ds->element == choice_DirectoryString_universalString ||
-		ds->element == choice_DirectoryString_bmpString ||
-		ds->element == choice_DirectoryString_teletexString)
+		ds->element == choice_DirectoryString_bmpString)
 	    {
 		free(ss);
 	    }
@@ -341,7 +336,7 @@ dsstringprep(const DirectoryString *ds, uint32_t **rname, size_t *rlen)
 	COPYCHARARRAY(ds, printableString, len, name);
 	break;
     case choice_DirectoryString_teletexString:
-	COPYVOIDARRAY(ds, teletexString, len, name);
+	COPYCHARARRAY(ds, teletexString, len, name);
 	break;
     case choice_DirectoryString_bmpString:
 	COPYVALARRAY(ds, bmpString, len, name);
@@ -930,12 +925,12 @@ hx509_general_name_unparse(GeneralName *name, char **str)
 
     switch (name->element) {
     case choice_GeneralName_otherName: {
-	char *str2;
-	hx509_oid_sprint(&name->u.otherName.type_id, &str2);
-	if (str2 == NULL)
+	char *oid;
+	hx509_oid_sprint(&name->u.otherName.type_id, &oid);
+	if (oid == NULL)
 	    return ENOMEM;
-	strpool = rk_strpoolprintf(strpool, "otherName: %s", str2);
-	free(str2);
+	strpool = rk_strpoolprintf(strpool, "otherName: %s", oid);
+	free(oid);
 	break;
     }
     case choice_GeneralName_rfc822Name:
@@ -990,12 +985,12 @@ hx509_general_name_unparse(GeneralName *name, char **str)
 	break;
     }
     case choice_GeneralName_registeredID: {
-	char *str2;
-	hx509_oid_sprint(&name->u.registeredID, &str2);
-	if (str2 == NULL)
+	char *oid;
+	hx509_oid_sprint(&name->u.registeredID, &oid);
+	if (oid == NULL)
 	    return ENOMEM;
-	strpool = rk_strpoolprintf(strpool, "registeredID: %s", str2);
-	free(str2);
+	strpool = rk_strpoolprintf(strpool, "registeredID: %s", oid);
+	free(oid);
 	break;
     }
     default:
diff --git a/source4/heimdal/lib/hx509/revoke.c b/source4/heimdal/lib/hx509/revoke.c
index 74f2d74679..21140b3c7e 100644
--- a/source4/heimdal/lib/hx509/revoke.c
+++ b/source4/heimdal/lib/hx509/revoke.c
@@ -1004,17 +1004,17 @@ hx509_ocsp_request(hx509_context context,
 
 	es = req.tbsRequest.requestExtensions;
 	
-	es->val = calloc(es->len, sizeof(es->val[0]));
+	es->val = calloc(1, sizeof(es->val[0]));
 	if (es->val == NULL) {
 	    ret = ENOMEM;
 	    goto out;
 	}
-	es->len = 1;
 	ret = der_copy_oid(&asn1_oid_id_pkix_ocsp_nonce, &es->val[0].extnID);
 	if (ret) {
 	    free_OCSPRequest(&req);
 	    return ret;
 	}
+	es->len = 1;
 
 	es->val[0].extnValue.data = malloc(10);
 	if (es->val[0].extnValue.data == NULL) {
diff --git a/source4/heimdal/lib/hx509/sel.c b/source4/heimdal/lib/hx509/sel.c
index c5e760569a..5932ce84c3 100644
--- a/source4/heimdal/lib/hx509/sel.c
+++ b/source4/heimdal/lib/hx509/sel.c
@@ -176,7 +176,6 @@ _hx509_expr_eval(hx509_context context, hx509_env env, struct hx_expr *expr)
     default:
 	_hx509_abort("hx509 eval expr with unknown op: %d", (int)expr->op);
     }
-    return 0;
 }
 
 void