2011-05-10 NIIBE Yutaka <gniibe@fsij.org>
+ Bug fixes.
+ * src/openpgp.c (cmd_reset_user_password, cmd_change_password)
+ * src/openpgp-do.c (proc_resetting_code): Fix check of return value.
+ * src/ac.c (ac_fini): Clear keystring_md_pw3.
+
Prevent observation of PW3 is emptiness by PW3's error counter.
Support verify_admin by PW1 when PW3 is empty.
* src/ac.c (admin_authorized): New.
(verify_admin_0): Set admin_authorized.
+
* src/openpgp-do.c (proc_resetting_code): Use admin_authorized.
(gpg_do_write_prvkey): Clear dek_encrypted_3 when keystring_admin
is NULL.
void
ac_fini (void)
{
- auth_status = AC_NONE_AUTHORIZED;
+ memset (keystring_md_pw3, 0, KEYSTRING_MD_SIZE);
gpg_do_clear_prvkey (GPG_KEY_FOR_SIGNING);
gpg_do_clear_prvkey (GPG_KEY_FOR_DECRYPTION);
gpg_do_clear_prvkey (GPG_KEY_FOR_AUTHENTICATION);
+ auth_status = AC_NONE_AUTHORIZED;
}
new_ks0[0] = newpw_len;
r = gpg_change_keystring (who, old_ks, who, new_ks);
- if (r < -2)
+ if (r <= -2)
{
DEBUG_INFO ("memory error.\r\n");
GPG_MEMORY_FAILURE ();
sha1 (newpw, newpw_len, new_ks);
new_ks0[0] = newpw_len;
r = gpg_change_keystring (BY_RESETCODE, old_ks, BY_USER, new_ks);
- if (r < -2)
+ if (r <= -2)
{
DEBUG_INFO ("memory error.\r\n");
GPG_MEMORY_FAILURE ();
sha1 (newpw, newpw_len, new_ks);
new_ks0[0] = newpw_len;
r = gpg_change_keystring (admin_authorized, old_ks, BY_USER, new_ks);
- if (r < -2)
+ if (r <= -2)
{
DEBUG_INFO ("memory error.\r\n");
GPG_MEMORY_FAILURE ();
projects / gnuk / gnuk.git / commitdiff