RECLAIM: Various fixes (coverity)

6 files changed, 390 insertions, 187 deletions

diff --git a/src/reclaim-attribute/reclaim_attribute.c b/src/reclaim-attribute/reclaim_attribute.c
index b9465bef7..96e61d431 100644
--- a/src/reclaim-attribute/reclaim_attribute.c
+++ b/src/reclaim-attribute/reclaim_attribute.c
@@ -495,12 +495,18 @@ GNUNET_RECLAIM_ATTRIBUTE_deserialize (const char *data, size_t data_size)
   attr_ser = (struct Attribute *) data;
   data_len = ntohs (attr_ser->data_size);
   name_len = ntohs (attr_ser->name_len);
+  if (data_size < sizeof (struct Attribute) + data_len + name_len)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Buffer too small to deserialize\n");
+    return NULL;
+  }
   attr = GNUNET_malloc (sizeof (struct GNUNET_RECLAIM_ATTRIBUTE_Claim) +
                         data_len + name_len + 1);
   attr->type = ntohs (attr_ser->attribute_type);
   attr->version = ntohl (attr_ser->attribute_version);
   attr->id = GNUNET_ntohll (attr_ser->attribute_id);
-  attr->data_size = ntohs (attr_ser->data_size);
+  attr->data_size = data_len;
 
   write_ptr = (char *) &attr[1];
   GNUNET_memcpy (write_ptr, &attr_ser[1], name_len);
diff --git a/src/reclaim/gnunet-reclaim.c b/src/reclaim/gnunet-reclaim.c
index 4b4b73008..fcb7b9bc6 100644
--- a/src/reclaim/gnunet-reclaim.c
+++ b/src/reclaim/gnunet-reclaim.c
@@ -267,6 +267,8 @@ ticket_iter (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket)
   ref = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd, sizeof (uint64_t));
 
   fprintf (stdout, "Ticket ID: %s | Audience: %s\n", ref, aud);
+  GNUNET_free (aud);
+  GNUNET_free (ref);
   GNUNET_RECLAIM_ticket_iteration_next (ticket_iterator);
 }
 
@@ -448,8 +450,13 @@ start_process ()
     return;
   }
 
-  if (NULL != rp)
-    GNUNET_CRYPTO_ecdsa_public_key_from_string (rp, strlen (rp), &rp_key);
+  if ((NULL != rp) &&
+      GNUNET_OK != GNUNET_CRYPTO_ecdsa_public_key_from_string (rp, strlen (rp), &rp_key))
+  {
+    fprintf (stderr, "%s is not a public key!\n", rp);
+    cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
+    return;
+  }
   if (NULL != consume_ticket)
     GNUNET_STRINGS_string_to_data (consume_ticket, strlen (consume_ticket),
                                    &ticket,
diff --git a/src/reclaim/gnunet-service-reclaim.c b/src/reclaim/gnunet-service-reclaim.c
index ffc67c5ae..322063fd9 100644
--- a/src/reclaim/gnunet-service-reclaim.c
+++ b/src/reclaim/gnunet-service-reclaim.c
@@ -947,6 +947,7 @@ attr_store_task (void *cls)
                                                &attr_store_cont,
                                                ash);
   GNUNET_free (buf);
+  GNUNET_free (label);
 }
 
 
@@ -1126,10 +1127,17 @@ update_tickets (void *cls)
                                le);
   struct GNUNET_GNSRECORD_Data rd[le->rd_count];
   struct GNUNET_GNSRECORD_Data rd_new[le->rd_count - 1];
-  GNUNET_GNSRECORD_records_deserialize (le->data_size,
+  if (GNUNET_OK != GNUNET_GNSRECORD_records_deserialize (le->data_size,
                                         le->data,
                                         le->rd_count,
-                                        rd);
+                                        rd))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Unable to deserialize record data!\n");
+    send_delete_response (adh, GNUNET_SYSERR);
+    cleanup_adh (adh);
+    return;
+  }
   int j = 0;
   for (int i = 0; i < le->rd_count; i++) {
     if ((GNUNET_GNSRECORD_TYPE_RECLAIM_ATTR_REF == rd[i].record_type)
diff --git a/src/reclaim/gnunet-service-reclaim_tickets.c b/src/reclaim/gnunet-service-reclaim_tickets.c
index d20a4e3bf..9a595447d 100644
--- a/src/reclaim/gnunet-service-reclaim_tickets.c
+++ b/src/reclaim/gnunet-service-reclaim_tickets.c
@@ -312,7 +312,7 @@ move_attrs (struct RECLAIM_TICKETS_RevokeHandle *rh);
 static void
 move_attrs_cont (void *cls)
 {
-  move_attrs ((struct RECLAIM_TICKETS_RevokeHandle *)cls);
+  move_attrs ((struct RECLAIM_TICKETS_RevokeHandle *) cls);
 }
 
 /**
@@ -329,13 +329,16 @@ cleanup_rvk (struct RECLAIM_TICKETS_RevokeHandle *rh)
     GNUNET_NAMESTORE_cancel (rh->ns_qe);
   if (NULL != rh->ns_it)
     GNUNET_NAMESTORE_zone_iteration_stop (rh->ns_it);
-  while (NULL != (ae = rh->attrs_head)) {
+  while (NULL != (ae = rh->attrs_head))
+  {
     GNUNET_CONTAINER_DLL_remove (rh->attrs_head, rh->attrs_tail, ae);
     GNUNET_free (ae);
   }
-  while (NULL != (le = rh->tickets_to_update_head)) {
+  while (NULL != (le = rh->tickets_to_update_head))
+  {
     GNUNET_CONTAINER_DLL_remove (rh->tickets_to_update_head,
-                                 rh->tickets_to_update_head, le);
+                                 rh->tickets_to_update_head,
+                                 le);
     if (NULL != le->data)
       GNUNET_free (le->data);
     if (NULL != le->label)
@@ -350,8 +353,10 @@ del_attr_finished (void *cls, int32_t success, const char *emsg)
 {
   struct RECLAIM_TICKETS_RevokeHandle *rvk = cls;
   rvk->ns_qe = NULL;
-  if (GNUNET_SYSERR == success) {
-    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error removing attribute: %s\n",
+  if (GNUNET_SYSERR == success)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Error removing attribute: %s\n",
                 emsg);
     rvk->cb (rvk->cb_cls, GNUNET_SYSERR);
     cleanup_rvk (rvk);
@@ -367,7 +372,8 @@ move_attr_finished (void *cls, int32_t success, const char *emsg)
   struct RECLAIM_TICKETS_RevokeHandle *rvk = cls;
   char *label;
   rvk->ns_qe = NULL;
-  if (GNUNET_SYSERR == success) {
+  if (GNUNET_SYSERR == success)
+  {
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error moving attribute: %s\n", emsg);
     rvk->cb (rvk->cb_cls, GNUNET_SYSERR);
     cleanup_rvk (rvk);
@@ -375,15 +381,24 @@ move_attr_finished (void *cls, int32_t success, const char *emsg)
   }
   label = GNUNET_STRINGS_data_to_string_alloc (&rvk->move_attr->old_id,
                                                sizeof (uint64_t));
+  GNUNET_assert (NULL != label);
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Removing attribute %s\n", label);
-  rvk->ns_qe = GNUNET_NAMESTORE_records_store (nsh, &rvk->identity, label, 0,
-                                               NULL, &del_attr_finished, rvk);
+  rvk->ns_qe = GNUNET_NAMESTORE_records_store (nsh,
+                                               &rvk->identity,
+                                               label,
+                                               0,
+                                               NULL,
+                                               &del_attr_finished,
+                                               rvk);
+  GNUNET_free (label);
 }
 
 
 static void
-rvk_move_attr_cb (void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
-                  const char *label, unsigned int rd_count,
+rvk_move_attr_cb (void *cls,
+                  const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                  const char *label,
+                  unsigned int rd_count,
                   const struct GNUNET_GNSRECORD_Data *rd)
 {
   struct RECLAIM_TICKETS_RevokeHandle *rvk = cls;
@@ -393,9 +408,11 @@ rvk_move_attr_cb (void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
   char *new_label;
   char *attr_data;
   rvk->ns_qe = NULL;
-  if (0 == rd_count) {
+  if (0 == rd_count)
+  {
     GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
-                "The attribute %s no longer exists!\n", label);
+                "The attribute %s no longer exists!\n",
+                label);
     le = rvk->move_attr;
     rvk->move_attr = le->next;
     GNUNET_CONTAINER_DLL_remove (rvk->attrs_head, rvk->attrs_tail, le);
@@ -409,7 +426,8 @@ rvk_move_attr_cb (void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
   new_rd = *rd;
   claim = GNUNET_RECLAIM_ATTRIBUTE_deserialize (rd->data, rd->data_size);
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "Attribute to update: Name=%s, ID=%" PRIu64 "\n", claim->name,
+              "Attribute to update: Name=%s, ID=%" PRIu64 "\n",
+              claim->name,
               claim->id);
   claim->id = rvk->move_attr->new_id;
   new_rd.data_size = GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (claim);
@@ -419,8 +437,13 @@ rvk_move_attr_cb (void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
   new_label = GNUNET_STRINGS_data_to_string_alloc (&rvk->move_attr->new_id,
                                                    sizeof (uint64_t));
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute %s\n", new_label);
-  rvk->ns_qe = GNUNET_NAMESTORE_records_store (
-                                               nsh, &rvk->identity, new_label, 1, &new_rd, &move_attr_finished, rvk);
+  rvk->ns_qe = GNUNET_NAMESTORE_records_store (nsh,
+                                               &rvk->identity,
+                                               new_label,
+                                               1,
+                                               &new_rd,
+                                               &move_attr_finished,
+                                               rvk);
   GNUNET_free (new_label);
   GNUNET_free (claim);
   GNUNET_free (attr_data);
@@ -428,8 +451,10 @@ rvk_move_attr_cb (void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
 
 
 static void
-rvk_ticket_update (void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
-                   const char *label, unsigned int rd_count,
+rvk_ticket_update (void *cls,
+                   const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                   const char *label,
+                   unsigned int rd_count,
                    const struct GNUNET_GNSRECORD_Data *rd)
 {
   struct RECLAIM_TICKETS_RevokeHandle *rvk = cls;
@@ -438,10 +463,12 @@ rvk_ticket_update (void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
   int has_changed = GNUNET_NO;
 
   /** Let everything point to the old record **/
-  for (int i = 0; i < rd_count; i++) {
+  for (int i = 0; i < rd_count; i++)
+  {
     if (GNUNET_GNSRECORD_TYPE_RECLAIM_ATTR_REF != rd[i].record_type)
       continue;
-    for (ae = rvk->attrs_head; NULL != ae; ae = ae->next) {
+    for (ae = rvk->attrs_head; NULL != ae; ae = ae->next)
+    {
       if (0 != memcmp (rd[i].data, &ae->old_id, sizeof (uint64_t)))
         continue;
       has_changed = GNUNET_YES;
@@ -450,7 +477,8 @@ rvk_ticket_update (void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
     if (GNUNET_YES == has_changed)
       break;
   }
-  if (GNUNET_YES == has_changed) {
+  if (GNUNET_YES == has_changed)
+  {
     le = GNUNET_new (struct TicketRecordsEntry);
     le->data_size = GNUNET_GNSRECORD_records_get_size (rd_count, rd);
     le->data = GNUNET_malloc (le->data_size);
@@ -458,7 +486,8 @@ rvk_ticket_update (void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
     le->label = GNUNET_strdup (label);
     GNUNET_GNSRECORD_records_serialize (rd_count, rd, le->data_size, le->data);
     GNUNET_CONTAINER_DLL_insert (rvk->tickets_to_update_head,
-                                 rvk->tickets_to_update_tail, le);
+                                 rvk->tickets_to_update_tail,
+                                 le);
   }
   GNUNET_NAMESTORE_zone_iterator_next (rvk->ns_it, 1);
 }
@@ -482,7 +511,8 @@ process_tickets (void *cls)
   struct RECLAIM_TICKETS_RevokeHandle *rvk = cls;
   struct TicketRecordsEntry *le;
   struct RevokedAttributeEntry *ae;
-  if (NULL == rvk->tickets_to_update_head) {
+  if (NULL == rvk->tickets_to_update_head)
+  {
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                 "Finished updatding tickets, success\n");
     rvk->cb (rvk->cb_cls, GNUNET_OK);
@@ -491,21 +521,38 @@ process_tickets (void *cls)
   }
   le = rvk->tickets_to_update_head;
   GNUNET_CONTAINER_DLL_remove (rvk->tickets_to_update_head,
-                               rvk->tickets_to_update_tail, le);
+                               rvk->tickets_to_update_tail,
+                               le);
   struct GNUNET_GNSRECORD_Data rd[le->rd_count];
-  GNUNET_GNSRECORD_records_deserialize (le->data_size, le->data, le->rd_count,
-                                        rd);
-  for (int i = 0; i < le->rd_count; i++) {
+  if (GNUNET_OK != GNUNET_GNSRECORD_records_deserialize (le->data_size,
+                                                         le->data,
+                                                         le->rd_count,
+                                                         rd))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Unable to deserialize ticket record(s)\n");
+    rvk->cb (rvk->cb_cls, GNUNET_SYSERR);
+    cleanup_rvk (rvk);
+    return;
+  }
+  for (int i = 0; i < le->rd_count; i++)
+  {
     if (GNUNET_GNSRECORD_TYPE_RECLAIM_ATTR_REF != rd[i].record_type)
       continue;
-    for (ae = rvk->attrs_head; NULL != ae; ae = ae->next) {
+    for (ae = rvk->attrs_head; NULL != ae; ae = ae->next)
+    {
       if (0 != memcmp (rd[i].data, &ae->old_id, sizeof (uint64_t)))
         continue;
       rd[i].data = &ae->new_id;
     }
   }
-  rvk->ns_qe = GNUNET_NAMESTORE_records_store (
-                                               nsh, &rvk->identity, le->label, le->rd_count, rd, &ticket_processed, rvk);
+  rvk->ns_qe = GNUNET_NAMESTORE_records_store (nsh,
+                                               &rvk->identity,
+                                               le->label,
+                                               le->rd_count,
+                                               rd,
+                                               &ticket_processed,
+                                               rvk);
   GNUNET_free (le->label);
   GNUNET_free (le->data);
   GNUNET_free (le);
@@ -551,19 +598,31 @@ move_attrs (struct RECLAIM_TICKETS_RevokeHandle *rvk)
 {
   char *label;
 
-  if (NULL == rvk->move_attr) {
+  if (NULL == rvk->move_attr)
+  {
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Finished moving attributes\n");
-    rvk->ns_it = GNUNET_NAMESTORE_zone_iteration_start (
-                                                        nsh, &rvk->identity, &rvk_ns_iter_err, rvk, &rvk_ticket_update, rvk,
-                                                        &rvk_ticket_update_finished, rvk);
+    rvk->ns_it =
+      GNUNET_NAMESTORE_zone_iteration_start (nsh,
+                                             &rvk->identity,
+                                             &rvk_ns_iter_err,
+                                             rvk,
+                                             &rvk_ticket_update,
+                                             rvk,
+                                             &rvk_ticket_update_finished,
+                                             rvk);
     return;
   }
   label = GNUNET_STRINGS_data_to_string_alloc (&rvk->move_attr->old_id,
                                                sizeof (uint64_t));
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Moving attribute %s\n", label);
 
-  rvk->ns_qe = GNUNET_NAMESTORE_records_lookup (
-                                                nsh, &rvk->identity, label, &rvk_ns_err, rvk, &rvk_move_attr_cb, rvk);
+  rvk->ns_qe = GNUNET_NAMESTORE_records_lookup (nsh,
+                                                &rvk->identity,
+                                                label,
+                                                &rvk_ns_err,
+                                                rvk,
+                                                &rvk_move_attr_cb,
+                                                rvk);
   GNUNET_free (label);
 }
 
@@ -573,14 +632,16 @@ remove_ticket_cont (void *cls, int32_t success, const char *emsg)
 {
   struct RECLAIM_TICKETS_RevokeHandle *rvk = cls;
   rvk->ns_qe = NULL;
-  if (GNUNET_SYSERR == success) {
+  if (GNUNET_SYSERR == success)
+  {
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", emsg);
     rvk->cb (rvk->cb_cls, GNUNET_SYSERR);
     cleanup_rvk (rvk);
     return;
   }
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Deleted ticket\n");
-  if (0 == rvk->ticket_attrs) {
+  if (0 == rvk->ticket_attrs)
+  {
     GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                 "No attributes to move... strange\n");
     rvk->cb (rvk->cb_cls, GNUNET_OK);
@@ -593,26 +654,34 @@ remove_ticket_cont (void *cls, int32_t success, const char *emsg)
 
 
 static void
-revoke_attrs_cb (void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
-                 const char *label, unsigned int rd_count,
+revoke_attrs_cb (void *cls,
+                 const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                 const char *label,
+                 unsigned int rd_count,
                  const struct GNUNET_GNSRECORD_Data *rd)
 
 {
   struct RECLAIM_TICKETS_RevokeHandle *rvk = cls;
   struct RevokedAttributeEntry *le;
   rvk->ns_qe = NULL;
-  for (int i = 0; i < rd_count; i++) {
+  for (int i = 0; i < rd_count; i++)
+  {
     if (GNUNET_GNSRECORD_TYPE_RECLAIM_ATTR_REF != rd[i].record_type)
       continue;
     le = GNUNET_new (struct RevokedAttributeEntry);
-    le->old_id = *((uint64_t *)rd[i].data);
+    le->old_id = *((uint64_t *) rd[i].data);
     GNUNET_CONTAINER_DLL_insert (rvk->attrs_head, rvk->attrs_tail, le);
     rvk->ticket_attrs++;
   }
 
   /** Now, remove ticket **/
-  rvk->ns_qe = GNUNET_NAMESTORE_records_store (nsh, &rvk->identity, label, 0,
-                                               NULL, &remove_ticket_cont, rvk);
+  rvk->ns_qe = GNUNET_NAMESTORE_records_store (nsh,
+                                               &rvk->identity,
+                                               label,
+                                               0,
+                                               NULL,
+                                               &remove_ticket_cont,
+                                               rvk);
 }
 
 
@@ -628,7 +697,8 @@ rvk_attrs_err_cb (void *cls)
 struct RECLAIM_TICKETS_RevokeHandle *
 RECLAIM_TICKETS_revoke (const struct GNUNET_RECLAIM_Ticket *ticket,
                         const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
-                        RECLAIM_TICKETS_RevokeCallback cb, void *cb_cls)
+                        RECLAIM_TICKETS_RevokeCallback cb,
+                        void *cb_cls)
 {
   struct RECLAIM_TICKETS_RevokeHandle *rvk;
   char *label;
@@ -641,9 +711,14 @@ RECLAIM_TICKETS_revoke (const struct GNUNET_RECLAIM_Ticket *ticket,
   GNUNET_CRYPTO_ecdsa_key_get_public (&rvk->identity, &rvk->ticket.identity);
   /** Get shared attributes **/
   label = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd, sizeof (uint64_t));
-
-  rvk->ns_qe = GNUNET_NAMESTORE_records_lookup (
-                                                nsh, identity, label, &rvk_attrs_err_cb, rvk, &revoke_attrs_cb, rvk);
+  GNUNET_assert (NULL != label);
+  rvk->ns_qe = GNUNET_NAMESTORE_records_lookup (nsh,
+                                                identity,
+                                                label,
+                                                &rvk_attrs_err_cb,
+                                                rvk,
+                                                &revoke_attrs_cb,
+                                                rvk);
   return rvk;
 }
 
@@ -669,12 +744,14 @@ cleanup_cth (struct RECLAIM_TICKETS_ConsumeHandle *cth)
     GNUNET_GNS_lookup_cancel (cth->lookup_request);
   if (NULL != cth->kill_task)
     GNUNET_SCHEDULER_cancel (cth->kill_task);
-  while (NULL != (lu = cth->parallel_lookups_head)) {
+  while (NULL != (lu = cth->parallel_lookups_head))
+  {
     if (NULL != lu->lookup_request)
       GNUNET_GNS_lookup_cancel (lu->lookup_request);
     GNUNET_free_non_null (lu->label);
     GNUNET_CONTAINER_DLL_remove (cth->parallel_lookups_head,
-                                 cth->parallel_lookups_tail, lu);
+                                 cth->parallel_lookups_tail,
+                                 lu);
     GNUNET_free (lu);
   }
 
@@ -685,23 +762,27 @@ cleanup_cth (struct RECLAIM_TICKETS_ConsumeHandle *cth)
 
 
 static void
-process_parallel_lookup_result (void *cls, uint32_t rd_count,
+process_parallel_lookup_result (void *cls,
+                                uint32_t rd_count,
                                 const struct GNUNET_GNSRECORD_Data *rd)
 {
   struct ParallelLookup *parallel_lookup = cls;
   struct RECLAIM_TICKETS_ConsumeHandle *cth = parallel_lookup->handle;
   struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *attr_le;
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parallel lookup finished (count=%u)\n",
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Parallel lookup finished (count=%u)\n",
               rd_count);
 
   GNUNET_CONTAINER_DLL_remove (cth->parallel_lookups_head,
-                               cth->parallel_lookups_tail, parallel_lookup);
+                               cth->parallel_lookups_tail,
+                               parallel_lookup);
   GNUNET_free (parallel_lookup->label);
 
-  GNUNET_STATISTICS_update (
-                            stats, "attribute_lookup_time_total",
-                            GNUNET_TIME_absolute_get_duration (parallel_lookup->lookup_start_time)
-                            .rel_value_us,
+  GNUNET_STATISTICS_update (stats,
+                            "attribute_lookup_time_total",
+                            GNUNET_TIME_absolute_get_duration (
+                              parallel_lookup->lookup_start_time)
+                              .rel_value_us,
                             GNUNET_YES);
   GNUNET_STATISTICS_update (stats, "attribute_lookups_count", 1, GNUNET_YES);
 
@@ -709,11 +790,13 @@ process_parallel_lookup_result (void *cls, uint32_t rd_count,
   GNUNET_free (parallel_lookup);
   if (1 != rd_count)
     GNUNET_break (0); // TODO
-  if (rd->record_type == GNUNET_GNSRECORD_TYPE_RECLAIM_ATTR) {
+  if (rd->record_type == GNUNET_GNSRECORD_TYPE_RECLAIM_ATTR)
+  {
     attr_le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
     attr_le->claim =
       GNUNET_RECLAIM_ATTRIBUTE_deserialize (rd->data, rd->data_size);
-    GNUNET_CONTAINER_DLL_insert (cth->attrs->list_head, cth->attrs->list_tail,
+    GNUNET_CONTAINER_DLL_insert (cth->attrs->list_head,
+                                 cth->attrs->list_tail,
                                  attr_le);
   }
   if (NULL != cth->parallel_lookups_head)
@@ -733,12 +816,14 @@ abort_parallel_lookups (void *cls)
   struct ParallelLookup *tmp;
 
   cth->kill_task = NULL;
-  for (lu = cth->parallel_lookups_head; NULL != lu;) {
+  for (lu = cth->parallel_lookups_head; NULL != lu;)
+  {
     GNUNET_GNS_lookup_cancel (lu->lookup_request);
     GNUNET_free (lu->label);
     tmp = lu->next;
     GNUNET_CONTAINER_DLL_remove (cth->parallel_lookups_head,
-                                 cth->parallel_lookups_tail, lu);
+                                 cth->parallel_lookups_tail,
+                                 lu);
     GNUNET_free (lu);
     lu = tmp;
   }
@@ -747,7 +832,8 @@ abort_parallel_lookups (void *cls)
 
 
 static void
-lookup_authz_cb (void *cls, uint32_t rd_count,
+lookup_authz_cb (void *cls,
+                 uint32_t rd_count,
                  const struct GNUNET_GNSRECORD_Data *rd)
 {
   struct RECLAIM_TICKETS_ConsumeHandle *cth = cls;
@@ -756,14 +842,19 @@ lookup_authz_cb (void *cls, uint32_t rd_count,
 
   cth->lookup_request = NULL;
 
-  GNUNET_STATISTICS_update (
-                            stats, "reclaim_authz_lookup_time_total",
-                            GNUNET_TIME_absolute_get_duration (cth->lookup_start_time).rel_value_us,
+  GNUNET_STATISTICS_update (stats,
+                            "reclaim_authz_lookup_time_total",
+                            GNUNET_TIME_absolute_get_duration (
+                              cth->lookup_start_time)
+                              .rel_value_us,
                             GNUNET_YES);
-  GNUNET_STATISTICS_update (stats, "reclaim_authz_lookups_count", 1,
+  GNUNET_STATISTICS_update (stats,
+                            "reclaim_authz_lookups_count",
+                            1,
                             GNUNET_YES);
 
-  for (int i = 0; i < rd_count; i++) {
+  for (int i = 0; i < rd_count; i++)
+  {
     if (GNUNET_GNSRECORD_TYPE_RECLAIM_ATTR_REF != rd[i].record_type)
       continue;
     lbl = GNUNET_STRINGS_data_to_string_alloc (rd[i].data, rd[i].data_size);
@@ -772,17 +863,24 @@ lookup_authz_cb (void *cls, uint32_t rd_count,
     parallel_lookup->handle = cth;
     parallel_lookup->label = lbl;
     parallel_lookup->lookup_start_time = GNUNET_TIME_absolute_get ();
-    parallel_lookup->lookup_request = GNUNET_GNS_lookup (
-                                                         gns, lbl, &cth->ticket.identity, GNUNET_GNSRECORD_TYPE_RECLAIM_ATTR,
-                                                         GNUNET_GNS_LO_DEFAULT, &process_parallel_lookup_result,
-                                                         parallel_lookup);
+    parallel_lookup->lookup_request =
+      GNUNET_GNS_lookup (gns,
+                         lbl,
+                         &cth->ticket.identity,
+                         GNUNET_GNSRECORD_TYPE_RECLAIM_ATTR,
+                         GNUNET_GNS_LO_DEFAULT,
+                         &process_parallel_lookup_result,
+                         parallel_lookup);
     GNUNET_CONTAINER_DLL_insert (cth->parallel_lookups_head,
-                                 cth->parallel_lookups_tail, parallel_lookup);
+                                 cth->parallel_lookups_tail,
+                                 parallel_lookup);
   }
-  if (NULL != cth->parallel_lookups_head) {
+  if (NULL != cth->parallel_lookups_head)
+  {
     cth->kill_task = GNUNET_SCHEDULER_add_delayed (
-                                                   GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 3),
-                                                   &abort_parallel_lookups, cth);
+      GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 3),
+      &abort_parallel_lookups,
+      cth);
     return;
   }
   cth->cb (cth->cb_cls, &cth->ticket.identity, cth->attrs, GNUNET_OK, NULL);
@@ -793,7 +891,8 @@ lookup_authz_cb (void *cls, uint32_t rd_count,
 struct RECLAIM_TICKETS_ConsumeHandle *
 RECLAIM_TICKETS_consume (const struct GNUNET_CRYPTO_EcdsaPrivateKey *id,
                          const struct GNUNET_RECLAIM_Ticket *ticket,
-                         RECLAIM_TICKETS_ConsumeCallback cb, void *cb_cls)
+                         RECLAIM_TICKETS_ConsumeCallback cb,
+                         void *cb_cls)
 {
   struct RECLAIM_TICKETS_ConsumeHandle *cth;
   char *label;
@@ -807,12 +906,18 @@ RECLAIM_TICKETS_consume (const struct GNUNET_CRYPTO_EcdsaPrivateKey *id,
   cth->cb_cls = cb_cls;
   label =
     GNUNET_STRINGS_data_to_string_alloc (&cth->ticket.rnd, sizeof (uint64_t));
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Looking for AuthZ info under %s\n",
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Looking for AuthZ info under %s\n",
               label);
   cth->lookup_start_time = GNUNET_TIME_absolute_get ();
-  cth->lookup_request = GNUNET_GNS_lookup (
-                                           gns, label, &cth->ticket.identity, GNUNET_GNSRECORD_TYPE_RECLAIM_ATTR_REF,
-                                           GNUNET_GNS_LO_DEFAULT, &lookup_authz_cb, cth);
+  cth->lookup_request =
+    GNUNET_GNS_lookup (gns,
+                       label,
+                       &cth->ticket.identity,
+                       GNUNET_GNSRECORD_TYPE_RECLAIM_ATTR_REF,
+                       GNUNET_GNS_LO_DEFAULT,
+                       &lookup_authz_cb,
+                       cth);
   GNUNET_free (label);
   return cth;
 }
@@ -848,8 +953,11 @@ store_ticket_issue_cont (void *cls, int32_t success, const char *emsg)
   struct TicketIssueHandle *handle = cls;
 
   handle->ns_qe = NULL;
-  if (GNUNET_SYSERR == success) {
-    handle->cb (handle->cb_cls, &handle->ticket, GNUNET_SYSERR,
+  if (GNUNET_SYSERR == success)
+  {
+    handle->cb (handle->cb_cls,
+                &handle->ticket,
+                GNUNET_SYSERR,
                 "Error storing AuthZ ticket in GNS");
     return;
   }
@@ -873,7 +981,8 @@ issue_ticket (struct TicketIssueHandle *ih)
   attrs_record =
     GNUNET_malloc (list_len * sizeof (struct GNUNET_GNSRECORD_Data));
   i = 0;
-  for (le = ih->attrs->list_head; NULL != le; le = le->next) {
+  for (le = ih->attrs->list_head; NULL != le; le = le->next)
+  {
     attrs_record[i].data = &le->claim->id;
     attrs_record[i].data_size = sizeof (le->claim->id);
     //FIXME: Should this be the attribute expiration time or ticket refresh intv
@@ -892,9 +1001,13 @@ issue_ticket (struct TicketIssueHandle *ih)
   label =
     GNUNET_STRINGS_data_to_string_alloc (&ih->ticket.rnd, sizeof (uint64_t));
   // Publish record
-  ih->ns_qe = GNUNET_NAMESTORE_records_store (nsh, &ih->identity, label,
-                                              list_len, attrs_record,
-                                              &store_ticket_issue_cont, ih);
+  ih->ns_qe = GNUNET_NAMESTORE_records_store (nsh,
+                                              &ih->identity,
+                                              label,
+                                              list_len,
+                                              attrs_record,
+                                              &store_ticket_issue_cont,
+                                              ih);
   GNUNET_free (attrs_record);
   GNUNET_free (label);
 }
@@ -904,7 +1017,8 @@ void
 RECLAIM_TICKETS_issue (const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
                        const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
                        const struct GNUNET_CRYPTO_EcdsaPublicKey *audience,
-                       RECLAIM_TICKETS_TicketResult cb, void *cb_cls)
+                       RECLAIM_TICKETS_TicketResult cb,
+                       void *cb_cls)
 {
   struct TicketIssueHandle *tih;
   tih = GNUNET_new (struct TicketIssueHandle);
@@ -933,16 +1047,19 @@ cleanup_iter (struct RECLAIM_TICKETS_Iterator *iter)
 
 
 static void
-collect_tickets_cb (void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
-                    const char *label, unsigned int rd_count,
+collect_tickets_cb (void *cls,
+                    const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                    const char *label,
+                    unsigned int rd_count,
                     const struct GNUNET_GNSRECORD_Data *rd)
 {
   struct RECLAIM_TICKETS_Iterator *iter = cls;
 
-  for (int i = 0; i < rd_count; i++) {
+  for (int i = 0; i < rd_count; i++)
+  {
     if (GNUNET_GNSRECORD_TYPE_RECLAIM_TICKET != rd[i].record_type)
       continue;
-    iter->cb (iter->cb_cls, (struct GNUNET_RECLAIM_Ticket *)rd[i].data);
+    iter->cb (iter->cb_cls, (struct GNUNET_RECLAIM_Ticket *) rd[i].data);
     return;
   }
   GNUNET_NAMESTORE_zone_iterator_next (iter->ns_it, 1);
@@ -986,17 +1103,24 @@ RECLAIM_TICKETS_iteration_stop (struct RECLAIM_TICKETS_Iterator *iter)
 
 struct RECLAIM_TICKETS_Iterator *
 RECLAIM_TICKETS_iteration_start (
-                                 const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
-                                 RECLAIM_TICKETS_TicketIter cb, void *cb_cls)
+  const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
+  RECLAIM_TICKETS_TicketIter cb,
+  void *cb_cls)
 {
   struct RECLAIM_TICKETS_Iterator *iter;
 
   iter = GNUNET_new (struct RECLAIM_TICKETS_Iterator);
   iter->cb = cb;
   iter->cb_cls = cb_cls;
-  iter->ns_it = GNUNET_NAMESTORE_zone_iteration_start (
-                                                       nsh, identity, &collect_tickets_error_cb, iter, &collect_tickets_cb, iter,
-                                                       &collect_tickets_finished_cb, iter);
+  iter->ns_it =
+    GNUNET_NAMESTORE_zone_iteration_start (nsh,
+                                           identity,
+                                           &collect_tickets_error_cb,
+                                           iter,
+                                           &collect_tickets_cb,
+                                           iter,
+                                           &collect_tickets_finished_cb,
+                                           iter);
   return iter;
 }
 
@@ -1005,28 +1129,32 @@ int
 RECLAIM_TICKETS_init (const struct GNUNET_CONFIGURATION_Handle *c)
 {
   // Get ticket expiration time (relative) from config
-  if (GNUNET_OK
-      == GNUNET_CONFIGURATION_get_value_time (c,
-                                              "reclaim",
-                                              "TICKET_REFRESH_INTERVAL",
-                                              &ticket_refresh_interval)) {
-    GNUNET_log (
-                GNUNET_ERROR_TYPE_DEBUG,
+  if (GNUNET_OK ==
+      GNUNET_CONFIGURATION_get_value_time (c,
+                                           "reclaim",
+                                           "TICKET_REFRESH_INTERVAL",
+                                           &ticket_refresh_interval))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                 "Configured refresh interval for tickets: %s\n",
                 GNUNET_STRINGS_relative_time_to_string (ticket_refresh_interval,
                                                         GNUNET_YES));
-  } else {
+  }
+  else
+  {
     ticket_refresh_interval = DEFAULT_TICKET_REFRESH_INTERVAL;
   }
   // Connect to identity and namestore services
   nsh = GNUNET_NAMESTORE_connect (c);
-  if (NULL == nsh) {
+  if (NULL == nsh)
+  {
     GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR,
                          "error connecting to namestore");
     return GNUNET_SYSERR;
   }
   gns = GNUNET_GNS_connect (c);
-  if (NULL == gns) {
+  if (NULL == gns)
+  {
     GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "error connecting to gns");
     return GNUNET_SYSERR;
   }
@@ -1043,7 +1171,8 @@ RECLAIM_TICKETS_deinit (void)
   if (NULL != gns)
     GNUNET_GNS_disconnect (gns);
   gns = NULL;
-  if (NULL != stats) {
+  if (NULL != stats)
+  {
     GNUNET_STATISTICS_destroy (stats, GNUNET_NO);
     stats = NULL;
   }
diff --git a/src/reclaim/json_reclaim.c b/src/reclaim/json_reclaim.c
index 3ba4300bb..222cf1dbf 100644
--- a/src/reclaim/json_reclaim.c
+++ b/src/reclaim/json_reclaim.c
@@ -55,24 +55,37 @@ parse_attr (void *cls, json_t *root, struct GNUNET_JSON_Specification *spec)
 
   GNUNET_assert (NULL != root);
 
-  if (!json_is_object (root)) {
+  if (! json_is_object (root))
+  {
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                 "Error json is not array nor object!\n");
     return GNUNET_SYSERR;
   }
   // interpret single attribute
-  unpack_state =
-    json_unpack (root, "{s:s, s?s, s:s, s:s!}", "name", &name_str, "id",
-                 &id_str, "type", &type_str, "value", &val_str);
+  unpack_state = json_unpack (root,
+                              "{s:s, s?s, s:s, s:s!}",
+                              "name",
+                              &name_str,
+                              "id",
+                              &id_str,
+                              "type",
+                              &type_str,
+                              "value",
+                              &val_str);
   if ((0 != unpack_state) || (NULL == name_str) || (NULL == val_str) ||
-      (NULL == type_str)) {
+      (NULL == type_str))
+  {
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                 "Error json object has a wrong format!\n");
     return GNUNET_SYSERR;
   }
   type = GNUNET_RECLAIM_ATTRIBUTE_typename_to_number (type_str);
-  if (GNUNET_SYSERR == (GNUNET_RECLAIM_ATTRIBUTE_string_to_value (
-                                                                  type, val_str, (void **)&data, &data_size))) {
+  if (GNUNET_SYSERR ==
+      (GNUNET_RECLAIM_ATTRIBUTE_string_to_value (type,
+                                                 val_str,
+                                                 (void **) &data,
+                                                 &data_size)))
+  {
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Attribute value invalid!\n");
     return GNUNET_SYSERR;
   }
@@ -80,10 +93,12 @@ parse_attr (void *cls, json_t *root, struct GNUNET_JSON_Specification *spec)
   if ((NULL == id_str) || (0 == strlen (id_str)))
     attr->id = 0;
   else
-    GNUNET_STRINGS_string_to_data (id_str, strlen (id_str), &attr->id,
+    GNUNET_STRINGS_string_to_data (id_str,
+                                   strlen (id_str),
+                                   &attr->id,
                                    sizeof (uint64_t));
 
-  *(struct GNUNET_RECLAIM_ATTRIBUTE_Claim **)spec->ptr = attr;
+  *(struct GNUNET_RECLAIM_ATTRIBUTE_Claim **) spec->ptr = attr;
   return GNUNET_OK;
 }
 
@@ -97,8 +112,9 @@ static void
 clean_attr (void *cls, struct GNUNET_JSON_Specification *spec)
 {
   struct GNUNET_RECLAIM_ATTRIBUTE_Claim **attr;
-  attr = (struct GNUNET_RECLAIM_ATTRIBUTE_Claim **)spec->ptr;
-  if (NULL != *attr) {
+  attr = (struct GNUNET_RECLAIM_ATTRIBUTE_Claim **) spec->ptr;
+  if (NULL != *attr)
+  {
     GNUNET_free (*attr);
     *attr = NULL;
   }
@@ -114,12 +130,12 @@ struct GNUNET_JSON_Specification
 GNUNET_RECLAIM_JSON_spec_claim (struct GNUNET_RECLAIM_ATTRIBUTE_Claim **attr)
 {
   struct GNUNET_JSON_Specification ret = {.parser = &parse_attr,
-    .cleaner = &clean_attr,
-    .cls = NULL,
-    .field = NULL,
-    .ptr = attr,
-    .ptr_size = 0,
-    .size_ptr = NULL};
+                                          .cleaner = &clean_attr,
+                                          .cls = NULL,
+                                          .field = NULL,
+                                          .ptr = attr,
+                                          .ptr_size = 0,
+                                          .size_ptr = NULL};
   *attr = NULL;
   return ret;
 }
@@ -142,44 +158,61 @@ parse_ticket (void *cls, json_t *root, struct GNUNET_JSON_Specification *spec)
 
   GNUNET_assert (NULL != root);
 
-  if (!json_is_object (root)) {
+  if (! json_is_object (root))
+  {
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                 "Error json is not array nor object!\n");
     return GNUNET_SYSERR;
   }
   // interpret single ticket
-  unpack_state = json_unpack (root, "{s:s, s:s, s:s!}", "rnd", &rnd_str,
-                              "audience", &aud_str, "identity", &id_str);
-  if (0 != unpack_state) {
+  unpack_state = json_unpack (root,
+                              "{s:s, s:s, s:s!}",
+                              "rnd",
+                              &rnd_str,
+                              "audience",
+                              &aud_str,
+                              "identity",
+                              &id_str);
+  if (0 != unpack_state)
+  {
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                 "Error json object has a wrong format!\n");
     return GNUNET_SYSERR;
   }
   ticket = GNUNET_new (struct GNUNET_RECLAIM_Ticket);
-  if (GNUNET_OK != GNUNET_STRINGS_string_to_data (rnd_str, strlen (rnd_str),
+  if (GNUNET_OK != GNUNET_STRINGS_string_to_data (rnd_str,
+                                                  strlen (rnd_str),
                                                   &ticket->rnd,
-                                                  sizeof (uint64_t))) {
+                                                  sizeof (uint64_t)))
+  {
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Rnd invalid\n");
     GNUNET_free (ticket);
     return GNUNET_SYSERR;
   }
-  GNUNET_STRINGS_string_to_data (id_str, strlen (id_str), &ticket->identity,
-                                 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+  if (GNUNET_OK !=
+      GNUNET_STRINGS_string_to_data (id_str,
+                                     strlen (id_str),
+                                     &ticket->identity,
+                                     sizeof (
+                                       struct GNUNET_CRYPTO_EcdsaPublicKey)))
   {
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Identity invalid\n");
     GNUNET_free (ticket);
     return GNUNET_SYSERR;
   }
 
-  GNUNET_STRINGS_string_to_data (aud_str, strlen (aud_str), &ticket->audience,
-                                 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+  if (GNUNET_OK !=
+      GNUNET_STRINGS_string_to_data (aud_str,
+                                 strlen (aud_str),
+                                 &ticket->audience,
+                                 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
   {
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Audience invalid\n");
     GNUNET_free (ticket);
     return GNUNET_SYSERR;
   }
 
-  *(struct GNUNET_RECLAIM_Ticket **)spec->ptr = ticket;
+  *(struct GNUNET_RECLAIM_Ticket **) spec->ptr = ticket;
   return GNUNET_OK;
 }
 
@@ -193,8 +226,9 @@ static void
 clean_ticket (void *cls, struct GNUNET_JSON_Specification *spec)
 {
   struct GNUNET_RECLAIM_Ticket **ticket;
-  ticket = (struct GNUNET_RECLAIM_Ticket **)spec->ptr;
-  if (NULL != *ticket) {
+  ticket = (struct GNUNET_RECLAIM_Ticket **) spec->ptr;
+  if (NULL != *ticket)
+  {
     GNUNET_free (*ticket);
     *ticket = NULL;
   }
@@ -210,12 +244,12 @@ struct GNUNET_JSON_Specification
 GNUNET_RECLAIM_JSON_spec_ticket (struct GNUNET_RECLAIM_Ticket **ticket)
 {
   struct GNUNET_JSON_Specification ret = {.parser = &parse_ticket,
-    .cleaner = &clean_ticket,
-    .cls = NULL,
-    .field = NULL,
-    .ptr = ticket,
-    .ptr_size = 0,
-    .size_ptr = NULL};
+                                          .cleaner = &clean_ticket,
+                                          .cls = NULL,
+                                          .field = NULL,
+                                          .ptr = ticket,
+                                          .ptr_size = 0,
+                                          .size_ptr = NULL};
   *ticket = NULL;
   return ret;
 }
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c
index 93e5ac864..e8561aed4 100644
--- a/src/reclaim/plugin_rest_openid_connect.c
+++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -209,12 +209,12 @@
  * OIDC ignored parameter array
  */
 static char *OIDC_ignored_parameter_array[] = {"display",
-  "prompt",
-  "ui_locales",
-  "response_mode",
-  "id_token_hint",
-  "login_hint",
-  "acr_values"};
+                                               "prompt",
+                                               "ui_locales",
+                                               "response_mode",
+                                               "id_token_hint",
+                                               "login_hint",
+                                               "acr_values"};
 
 /**
  * OIDC Hash map that keeps track of issued cookies
@@ -724,7 +724,7 @@ cookie_identity_interpretation (struct RequestHandle *handle)
                       strlen (OIDC_COOKIE_HEADER_KEY),
                       &cache_key);
   if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle
-                                                           ->header_param_map,
+                                                             ->header_param_map,
                                                            &cache_key))
   {
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "No cookie found\n");
@@ -772,9 +772,9 @@ cookie_identity_interpretation (struct RequestHandle *handle)
       GNUNET_CONTAINER_multihashmap_contains (OIDC_cookie_jar_map, &cache_key))
   {
     GNUNET_log (
-                GNUNET_ERROR_TYPE_WARNING,
-                "Found cookie `%s', but no corresponding expiration entry present...\n",
-                token);
+      GNUNET_ERROR_TYPE_WARNING,
+      "Found cookie `%s', but no corresponding expiration entry present...\n",
+      token);
     GNUNET_free (cookies);
     return;
   }
@@ -793,6 +793,7 @@ cookie_identity_interpretation (struct RequestHandle *handle)
   value = strtok (token, OIDC_COOKIE_HEADER_INFORMATION_KEY);
   GNUNET_assert (NULL != value);
   handle->oidc->login_identity = GNUNET_strdup (value);
+  GNUNET_free (cookies);
 }
 
 /**
@@ -1020,10 +1021,10 @@ code_redirect (void *cls)
     {
       if (GNUNET_OK !=
           GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc
-                                                      ->login_identity,
+                                                        ->login_identity,
                                                       strlen (
-                                                              handle->oidc
-                                                              ->login_identity),
+                                                        handle->oidc
+                                                          ->login_identity),
                                                       &pubkey))
       {
         handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_COOKIE);
@@ -1134,18 +1135,31 @@ lookup_redirect_uri_result (void *cls,
     if (NULL == strstr (tmp, handle->oidc->client_id))
     {
       GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                  "Redirect uri %s does not contain client_id %s",
+                  "Redirect uri %s does not contain client_id %s\n",
                   tmp,
                   handle->oidc->client_id);
     }
     else
     {
-
       pos = strrchr (tmp, (unsigned char) '.');
+      if (NULL == pos)
+      {
+        GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                    "Redirect uri %s contains client_id but is malformed\n",
+                    tmp);
+        continue;
+      }
       *pos = '\0';
       handle->redirect_prefix = GNUNET_strdup (tmp);
       tmp_key_str = pos + 1;
       pos = strchr (tmp_key_str, (unsigned char) '/');
+      if (NULL == pos)
+      {
+        GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                    "Redirect uri %s contains client_id but is malformed\n",
+                    tmp);
+        continue;
+      }
       *pos = '\0';
       handle->redirect_suffix = GNUNET_strdup (pos + 1);
 
@@ -1191,7 +1205,7 @@ get_url_parameter_copy (const struct RequestHandle *handle, const char *key)
   char *value;
   GNUNET_CRYPTO_hash (key, strlen (key), &hc);
   if (GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle
-                                                            ->url_param_map,
+                                                              ->url_param_map,
                                                             &hc))
     return NULL;
   value =
@@ -1264,7 +1278,7 @@ build_authz_response (void *cls)
                         &cache_key);
     if (GNUNET_YES ==
         GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle
-                                                ->url_param_map,
+                                                  ->url_param_map,
                                                 &cache_key))
     {
       handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_ACCESS_DENIED);
@@ -1370,7 +1384,7 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
   if (GNUNET_OK !=
       GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc->client_id,
                                                   strlen (
-                                                          handle->oidc->client_id),
+                                                    handle->oidc->client_id),
                                                   &handle->oidc->client_pkey))
   {
     handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT);
@@ -1455,8 +1469,8 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle,
   {
     current_time = GNUNET_new (struct GNUNET_TIME_Absolute);
     *current_time = GNUNET_TIME_relative_to_absolute (
-                                                      GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (),
-                                                                                     OIDC_COOKIE_EXPIRATION));
+      GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (),
+                                     OIDC_COOKIE_EXPIRATION));
     last_time =
       GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key);
     GNUNET_free_non_null (last_time);
@@ -1488,7 +1502,7 @@ check_authorization (struct RequestHandle *handle,
                       strlen (OIDC_AUTHORIZATION_HEADER_KEY),
                       &cache_key);
   if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle
-                                                           ->header_param_map,
+                                                             ->header_param_map,
                                                            &cache_key))
   {
     handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
@@ -1502,7 +1516,7 @@ check_authorization (struct RequestHandle *handle,
 
   // split header in "Basic" and [content]
   credentials = strtok (authorization, " ");
-  if (0 != strcmp ("Basic", credentials))
+  if ((NULL == credentials) || (0 != strcmp ("Basic", credentials)))
   {
     handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
     handle->response_code = MHD_HTTP_UNAUTHORIZED;
@@ -1568,8 +1582,7 @@ check_authorization (struct RequestHandle *handle,
   }
 
   // check client_id
-  for (handle->ego_entry = handle->ego_head;
-       NULL != handle->ego_entry;
+  for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry;
        handle->ego_entry = handle->ego_entry->next)
   {
     if (0 == strcmp (handle->ego_entry->keystring, client_id))
@@ -1619,11 +1632,12 @@ persist_access_token (const struct RequestHandle *handle,
   GNUNET_CRYPTO_hash (access_token, strlen (access_token), &hc);
   ticketbuf = GNUNET_new (struct GNUNET_RECLAIM_Ticket);
   *ticketbuf = *ticket;
-  GNUNET_CONTAINER_multihashmap_put (
-                                     OIDC_access_token_map,
-                                     &hc,
-                                     ticketbuf,
-                                     GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY);
+  GNUNET_assert (GNUNET_SYSERR !=
+                 GNUNET_CONTAINER_multihashmap_put (
+                   OIDC_access_token_map,
+                   &hc,
+                   ticketbuf,
+                   GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
 }
 
 /**
@@ -1690,10 +1704,11 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
   {
     handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE);
     handle->response_code = MHD_HTTP_BAD_REQUEST;
+    GNUNET_free (grant_type);
     GNUNET_SCHEDULER_add_now (&do_error, handle);
     return;
   }
-
+  GNUNET_free (grant_type);
   // REQUIRED code
   code = get_url_parameter_copy (handle, OIDC_CODE_KEY);
   if (NULL == code)
@@ -1710,7 +1725,9 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
     handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
     handle->edesc = GNUNET_strdup ("Unknown client");
     handle->response_code = MHD_HTTP_BAD_REQUEST;
+    GNUNET_free (code);
     GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
   }
   privkey = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
   // decode code
@@ -1719,9 +1736,11 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
     handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST);
     handle->edesc = GNUNET_strdup ("invalid code");
     handle->response_code = MHD_HTTP_BAD_REQUEST;
+    GNUNET_free (code);
     GNUNET_SCHEDULER_add_now (&do_error, handle);
     return;
   }
+  GNUNET_free (code);
 
   // create jwt
   if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_time (cfg,
@@ -1826,7 +1845,7 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
                       strlen (OIDC_AUTHORIZATION_HEADER_KEY),
                       &cache_key);
   if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle
-                                                           ->header_param_map,
+                                                             ->header_param_map,
                                                            &cache_key))
   {
     handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN);
@@ -1915,16 +1934,16 @@ init_cont (struct RequestHandle *handle)
 {
   struct GNUNET_REST_RequestHandlerError err;
   static const struct GNUNET_REST_RequestHandler handlers[] =
-  {{MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint},
-    {MHD_HTTP_METHOD_POST,
+    {{MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint},
+     {MHD_HTTP_METHOD_POST,
       GNUNET_REST_API_NS_AUTHORIZE,
       &authorize_endpoint}, // url-encoded
-    {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_LOGIN, &login_cont},
-    {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_endpoint},
-    {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint},
-    {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint},
-    {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_OIDC, &options_cont},
-    GNUNET_REST_HANDLER_END};
+     {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_LOGIN, &login_cont},
+     {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_endpoint},
+     {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint},
+     {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint},
+     {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_OIDC, &options_cont},
+     GNUNET_REST_HANDLER_END};
 
   if (GNUNET_NO ==
       GNUNET_REST_handle_request (handle->rest_handle, handlers, &err, handle))