Merge pull request #5481 from garlick/issue#5480

libzmqutil: fix portability to libzmq-4.1.5

src/common/libzmqutil/cert.c

@@ -100,14 +100,32 @@ struct cert *cert_create (void)
     return NULL;
 }
 
+static int copy_z85_key (char *dst, const char *src, int size)
+{
+    const char *xtra = ".-:+=^!/*?&<>()[]{}@%$#";
+    const char *cp = src;
+
+    if (!cp || strlen (cp) != size - 1)
+        return -1;
+    while (*cp) {
+        if (!isalnum (*cp) && !strchr (xtra, *cp))
+            return -1;
+        cp++;
+    }
+    (void)strlcpy (dst, src, size);
+    return 0;
+}
+
 // assumes both keys are valid
 static bool valid_keypair (struct cert *cert)
 {
+#if (ZMQ_VERSION >= ZMQ_MAKE_VERSION(4,2,1))
     char pub[TXTSIZE];
-    if (zmq_curve_public (pub, cert->secret_txt) == 0
-        && streq (pub, cert->public_txt))
-        return true;
-    return false;
+    if (zmq_curve_public (pub, cert->secret_txt) < 0
+        || !streq (pub, cert->public_txt))
+        return false;
+#endif
+    return true;
 }
 
 struct cert *cert_create_from (const char *public_txt, const char *secret_txt)
@@ -117,18 +135,14 @@ struct cert *cert_create_from (const char *public_txt, const char *secret_txt)
     if (!(cert = cert_create_empty ()))
         return NULL;
     if (public_txt) {
-        if (strlen (public_txt) != TXTSIZE - 1)
-            goto inval;
-         strcpy (cert->public_txt, public_txt);
-         if (!zmq_z85_decode (cert->public_key, cert->public_txt))
+        if (copy_z85_key (cert->public_txt, public_txt, TXTSIZE) < 0
+            || !zmq_z85_decode (cert->public_key, cert->public_txt))
             goto inval;
         cert->public_valid = true;
     }
     if (secret_txt) {
-        if (strlen (secret_txt) != TXTSIZE - 1)
-            goto inval;
-        strcpy (cert->secret_txt, secret_txt);
-        if (!zmq_z85_decode (cert->secret_key, cert->secret_txt))
+        if (copy_z85_key (cert->secret_txt, secret_txt, TXTSIZE) < 0
+            || !zmq_z85_decode (cert->secret_key, cert->secret_txt))
             goto inval;
         cert->secret_valid = true;
     }
@@ -334,13 +348,13 @@ static int parse_curve (struct cert *cert, char *s)
     if (parse_keyval (s, &key, &val) < 0)
         return -1;
     if (streq (key, "public-key")) {
-        if (strlcpy (cert->public_txt, val, TXTSIZE) >= TXTSIZE
+        if (copy_z85_key (cert->public_txt, val, TXTSIZE) < 0
             || !zmq_z85_decode (cert->public_key, cert->public_txt))
             goto error;
         cert->public_valid = true;
     }
     else if (streq (key, "secret-key")) {
-        if (strlcpy (cert->secret_txt, val, TXTSIZE) >= TXTSIZE
+        if (copy_z85_key (cert->secret_txt, val, TXTSIZE) < 0
             || !zmq_z85_decode (cert->secret_key, cert->secret_txt))
             goto error;
         cert->secret_valid = true;

src/common/libzmqutil/test/cert.c

@@ -13,6 +13,7 @@
 #endif
 #include <stdbool.h>
 #include <errno.h>
+#include <zmq.h>
 
 #include "tap.h"
 #include "ccan/str/str.h"
@@ -160,6 +161,7 @@ static struct test_vec badvec[] = {
     " public-key = \"" PAIR1_PUB PAIR1_PUB "\"\n"
     " secret-key = \"" PAIR1_SEC "\"\n"
     },
+#if (ZMQ_VERSION >= ZMQ_MAKE_VERSION(4,2,1))
     {
         .name = "cert with mismatched keypair",
         .input =
@@ -168,6 +170,7 @@ static struct test_vec badvec[] = {
     " public-key = \"" "[email protected]$A<cid63q(WEnR+&y" "\"\n"
     " secret-key = \"" PAIR1_SEC "\"\n"
     },
+#endif
 };
 
 void test_basic (void)
@@ -350,8 +353,7 @@ void test_inval (void)
 
     if (!(cert = cert_create ()))
         BAIL_OUT ("could not create cert");
-    if (!(cpub = cert_create_from (cert_public_txt (cert),
-                                           NULL)))
+    if (!(cpub = cert_create_from (cert_public_txt (cert), NULL)))
         BAIL_OUT ("could not create cert");
 
     errno = 0;