Bug fixes

ChangeLog

@@ -1,9 +1,15 @@
 2011-05-10  NIIBE Yutaka  <gniibe@fsij.org>
 
+	Bug fixes.
+	* src/openpgp.c (cmd_reset_user_password, cmd_change_password)
+	* src/openpgp-do.c (proc_resetting_code): Fix check of return value.
+	* src/ac.c (ac_fini): Clear keystring_md_pw3.
+
 	Prevent observation of PW3 is emptiness by PW3's error counter.
 	Support verify_admin by PW1 when PW3 is empty.
 	* src/ac.c (admin_authorized): New.
 	(verify_admin_0): Set admin_authorized.
+
 	* src/openpgp-do.c (proc_resetting_code): Use admin_authorized.
 	(gpg_do_write_prvkey): Clear dek_encrypted_3 when keystring_admin
 	is NULL.

src/ac.c

@@ -282,8 +282,9 @@ ac_reset_admin (void)
 void
 ac_fini (void)
 {
-  auth_status = AC_NONE_AUTHORIZED;
+  memset (keystring_md_pw3, 0, KEYSTRING_MD_SIZE);
   gpg_do_clear_prvkey (GPG_KEY_FOR_SIGNING);
   gpg_do_clear_prvkey (GPG_KEY_FOR_DECRYPTION);
   gpg_do_clear_prvkey (GPG_KEY_FOR_AUTHENTICATION);
+  auth_status = AC_NONE_AUTHORIZED;
 }

src/openpgp.c

@@ -353,7 +353,7 @@ cmd_change_password (void)
   new_ks0[0] = newpw_len;
 
   r = gpg_change_keystring (who, old_ks, who, new_ks);
-  if (r < -2)
+  if (r <= -2)
     {
       DEBUG_INFO ("memory error.\r\n");
       GPG_MEMORY_FAILURE ();
@@ -487,7 +487,7 @@ cmd_reset_user_password (void)
       sha1 (newpw, newpw_len, new_ks);
       new_ks0[0] = newpw_len;
       r = gpg_change_keystring (BY_RESETCODE, old_ks, BY_USER, new_ks);
-      if (r < -2)
+      if (r <= -2)
 	{
 	  DEBUG_INFO ("memory error.\r\n");
 	  GPG_MEMORY_FAILURE ();
@@ -538,7 +538,7 @@ cmd_reset_user_password (void)
       sha1 (newpw, newpw_len, new_ks);
       new_ks0[0] = newpw_len;
       r = gpg_change_keystring (admin_authorized, old_ks, BY_USER, new_ks);
-      if (r < -2)
+      if (r <= -2)
 	{
 	  DEBUG_INFO ("memory error.\r\n");
 	  GPG_MEMORY_FAILURE ();