1 files changed, 59 insertions, 48 deletions

diff --git a/src/gpg.c b/src/gpg.c
index 8979e9c..814be6f 100644
--- a/src/gpg.c
+++ b/src/gpg.c
@@ -138,95 +138,105 @@ create_gpg_homedir ()
       logmsg (LOG_CRIT, _("cannot create GPG home directory (%s): %s"),
 	      temp_homedir, strerror (errno));
       return 1;
     }
   atexit (remove_homedir);
   if (debug_level > 1)
     logmsg (LOG_DEBUG, _("GNUPG home directory: %s"), temp_homedir);
   setenv ("GNUPGHOME", temp_homedir, 1);
   return 0;
 }
 
 static int
+checksig (gpgme_signature_t sig, const char *uid, struct file_triplet *trp)
+{
+  switch (gpg_err_code (sig->status))
+    {
+    case GPG_ERR_NO_ERROR:
+      if (debug_level)
+	logmsg (LOG_NOTICE, _("Good signature from %s"), uid);
+      trp->uploader = uploader_find_frp (trp->uploader_list, sig->fpr);
+      if (!trp->uploader)
+	{
+	  logmsg (LOG_ERR,
+		  _("good signature from %s, "
+		    "but the uploader info for %s not found"),
+		  uid, sig->fpr);
+	  return 1;
+	}
+      break;
+
+    case GPG_ERR_BAD_SIGNATURE:
+      UPDATE_STATS (STAT_BAD_SIGNATURE);
+      logmsg (LOG_ERR, _("BAD signature from %s"), uid);
+      return 0;
+
+    case GPG_ERR_NO_PUBKEY:
+      UPDATE_STATS (STAT_ACCESS_VIOLATIONS);
+      logmsg (LOG_ERR, _("No public key"));
+      return 0;
+
+    case GPG_ERR_NO_DATA:
+      UPDATE_STATS (STAT_BAD_TRIPLETS);
+      logmsg (LOG_ERR, _("No signature"));
+      return 0;
+
+    case GPG_ERR_SIG_EXPIRED:
+      UPDATE_STATS (STAT_BAD_SIGNATURE);
+      logmsg (LOG_ERR, _("Expired signature from %s"), uid);
+      return 0;
+
+    case GPG_ERR_KEY_EXPIRED:
+      UPDATE_STATS (STAT_BAD_SIGNATURE);
+      logmsg (LOG_ERR, _("Key expired (%s)"), uid);
+      return 0;
+      
+    default:
+      logmsg (LOG_ERR, _("Unknown signature error"));
+      return 0;
+    }
+  return -1;
+}
+
+static int
 gpg_verify_signature (gpgme_ctx_t ctx, gpgme_signature_t sig,
 		      struct file_triplet *trp)
 {
   if (!sig)
     return 0;
 
   for (; sig; sig = sig->next)
     {
       const char *uid;
       gpgme_key_t key;
-
+      int rc;
+      
       if (gpgme_get_key (ctx, sig->fpr, &key, 0) == GPG_ERR_NO_ERROR)
 	uid = key->uids->uid;
       else
 	uid = sig->fpr;
-
-      switch (gpg_err_code (sig->status))
-	{
-	case GPG_ERR_NO_ERROR:
-	  if (debug_level)
-	    logmsg (LOG_NOTICE, _("Good signature from %s"), uid);
-	  trp->uploader = uploader_find_frp (trp->uploader_list, sig->fpr);
-	  if (!trp->uploader)
-	    {
-	      logmsg (LOG_ERR,
-		      _("good signature from %s, "
-			"but the uploader info for %s not found"),
-		      uid, sig->fpr);
-	      return 1;
-	    }
-	  break;
-
-	case GPG_ERR_BAD_SIGNATURE:
-	  UPDATE_STATS (STAT_BAD_SIGNATURE);
-	  logmsg (LOG_ERR, _("BAD signature from %s"), uid);
-	  return 0;
-
-	case GPG_ERR_NO_PUBKEY:
-	  UPDATE_STATS (STAT_ACCESS_VIOLATIONS);
-	  logmsg (LOG_ERR, _("No public key"));
-	  return 0;
-
-	case GPG_ERR_NO_DATA:
-	  UPDATE_STATS (STAT_BAD_TRIPLETS);
-	  logmsg (LOG_ERR, _("No signature"));
-	  return 0;
-
-	case GPG_ERR_SIG_EXPIRED:
-	  UPDATE_STATS (STAT_BAD_SIGNATURE);
-	  logmsg (LOG_ERR, _("Expired signature from %s"), uid);
-	  return 0;
-
-	case GPG_ERR_KEY_EXPIRED:
-	  UPDATE_STATS (STAT_BAD_SIGNATURE);
-	  logmsg (LOG_ERR, _("Key expired (%s)"), uid);
-	  return 0;
-
-	default:
-	  logmsg (LOG_ERR, _("Unknown signature error"));
-	  return 0;
-	}
+      rc = checksig (sig, uid, trp);
+      gpgme_key_unref (key);
+      if (rc != -1)
+	return rc;
     }
   return 1;
 }
 
 /* Verify the directive file from TRP using public key PUBKEY */
 int
 verify_directive_signature (struct file_triplet *trp)
 {
   gpgme_ctx_t ctx;
-  gpgme_data_t key_data, directive_data, plain;
+  gpgme_data_t key_data, directive_data, plain = NULL;
   gpgme_error_t ec;
   int rc;
   struct uploader_info *uptr;
 
   create_gpg_homedir ();
   fail_if_err (gpgme_new (&ctx));
 
   for (uptr = trp->uploader_list; uptr; uptr = uptr->next)
     {
       gpgme_import_result_t res;
       gpgme_import_status_t pstat;
       
@@ -260,24 +270,25 @@ verify_directive_signature (struct file_triplet *trp)
 	}
       else
 	rc = 0;
     }
   else
     {
       rc = 1;
       UPDATE_STATS (STAT_BAD_SIGNATURE);
       logmsg (LOG_ERR, _("%s: directive verification failed: %s"),
 	      trp->name, gpgme_strerror (ec));
     }
 
+  gpgme_data_release (plain);
   gpgme_data_release (directive_data);
   gpgme_data_release (key_data);
   gpgme_release (ctx);
   
   return rc;
 }
 
 /* Verify the detached signature of TRP.
    NOTE: It is assumed that the public key is already registered (by
    a previous call to verify_directive_signature). */
 int
 verify_detached_signature (struct file_triplet *trp)