[svn] GnuPG - r4012 - trunk/g10
svn author dshaw
cvs at cvs.gnupg.org
Tue Feb 21 23:23:38 CET 2006
Author: dshaw
Date: 2006-02-21 23:23:35 +0100 (Tue, 21 Feb 2006)
New Revision: 4012
Modified:
trunk/g10/ChangeLog
trunk/g10/getkey.c
trunk/g10/gpgv.c
trunk/g10/keyserver-internal.h
trunk/g10/keyserver.c
Log:
* getkey.c (get_pubkey_byname): Fix minor security problem with PKA when
importing at -r time. The URL in the PKA record may point to a key put in
by an attacker. Fix is to use the fingerprint from the PKA record as the
recipient. This ensures that the PKA record is followed.
* keyserver-internal.h, keyserver.c (keyserver_import_pka): Return the
fingerprint we requested.
Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog 2006-02-21 16:16:09 UTC (rev 4011)
+++ trunk/g10/ChangeLog 2006-02-21 22:23:35 UTC (rev 4012)
@@ -1,5 +1,14 @@
2006-02-21 David Shaw <dshaw at jabberwocky.com>
+ * getkey.c (get_pubkey_byname): Fix minor security problem with
+ PKA when importing at -r time. The URL in the PKA record may
+ point to a key put in by an attacker. Fix is to use the
+ fingerprint from the PKA record as the recipient. This ensures
+ that the PKA record is followed.
+
+ * keyserver-internal.h, keyserver.c (keyserver_import_pka): Return
+ the fingerprint we requested.
+
* gpgv.c: Stub keyserver_import_ldap.
* keyserver-internal.h, keyserver.c (keyserver_import_ldap):
Modified: trunk/g10/getkey.c
===================================================================
--- trunk/g10/getkey.c 2006-02-21 16:16:09 UTC (rev 4011)
+++ trunk/g10/getkey.c 2006-02-21 22:23:35 UTC (rev 4012)
@@ -938,6 +938,7 @@
&& opt.allow_pka_lookup
&& (opt.keyserver_options.options&KEYSERVER_AUTO_PKA_RETRIEVE))
{
+ unsigned char fpr[MAX_FINGERPRINT_LEN];
/* If the requested name resembles a valid mailbox and
automatic retrieval via PKA records has been enabled, we
try to import the key via the URI and try again. */
@@ -945,13 +946,25 @@
tried_pka=1;
glo_ctrl.in_auto_key_retrieve++;
- res=keyserver_import_pka(name);
+ res=keyserver_import_pka(name,fpr);
glo_ctrl.in_auto_key_retrieve--;
if(res==0)
{
+ int i;
+ char fpr_string[2+(MAX_FINGERPRINT_LEN*2)+1];
+
log_info(_("Automatically retrieved `%s' via %s\n"),
name,"PKA");
+
+ free_strlist(namelist);
+ namelist=NULL;
+
+ for(i=0;i<MAX_FINGERPRINT_LEN;i++)
+ sprintf(fpr_string+2*i,"%02X",fpr[i]);
+
+ add_to_strlist( &namelist, fpr_string );
+
goto retry;
}
}
Modified: trunk/g10/gpgv.c
===================================================================
--- trunk/g10/gpgv.c 2006-02-21 16:16:09 UTC (rev 4011)
+++ trunk/g10/gpgv.c 2006-02-21 22:23:35 UTC (rev 4012)
@@ -284,7 +284,7 @@
keyserver_import_cert(const char *name) { return -1; }
int
-keyserver_import_pka(const char *name) { return -1; }
+keyserver_import_pka(const char *name,unsigned char *fpr) { return -1; }
int
keyserver_import_name(const char *name) { return -1; }
Modified: trunk/g10/keyserver-internal.h
===================================================================
--- trunk/g10/keyserver-internal.h 2006-02-21 16:16:09 UTC (rev 4011)
+++ trunk/g10/keyserver-internal.h 2006-02-21 22:23:35 UTC (rev 4012)
@@ -42,7 +42,7 @@
int keyserver_search(STRLIST tokens);
int keyserver_fetch(STRLIST urilist);
int keyserver_import_cert(const char *name);
-int keyserver_import_pka(const char *name);
+int keyserver_import_pka(const char *name,unsigned char *fpr);
int keyserver_import_name(const char *name);
int keyserver_import_ldap(const char *name);
Modified: trunk/g10/keyserver.c
===================================================================
--- trunk/g10/keyserver.c 2006-02-21 16:16:09 UTC (rev 4011)
+++ trunk/g10/keyserver.c 2006-02-21 22:23:35 UTC (rev 4012)
@@ -1979,12 +1979,11 @@
/* Import key pointed to by a PKA record */
int
-keyserver_import_pka(const char *name)
+keyserver_import_pka(const char *name,unsigned char *fpr)
{
- unsigned char fpr[MAX_FINGERPRINT_LEN];
char *uri;
int rc=-1;
-
+
uri = get_pka_info (name, fpr);
if (uri)
{
More information about the Gnupg-commits
mailing list