[svn] GnuPG - r4066 - trunk/g10
svn author dshaw
cvs at cvs.gnupg.org
Tue Mar 14 04:16:23 CET 2006
Author: dshaw
Date: 2006-03-14 04:16:21 +0100 (Tue, 14 Mar 2006)
New Revision: 4066
Modified:
trunk/g10/ChangeLog
trunk/g10/getkey.c
trunk/g10/keyserver-internal.h
trunk/g10/keyserver.c
Log:
* keyserver-internal.h, keyserver.c (keyserver_import_pka): Use the
same API as the other auto-key-locate fetchers.
* getkey.c (get_pubkey_byname): Use the fingerprint of the key that we
actually fetched. This helps prevent problems where the key that we
fetched doesn't have the same name that we used to fetch it. In the
case of CERT and PKA, this is an actual security requirement as the
URL might point to a key put in by an attacker. By forcing the use of
the fingerprint, we won't use the attacker's key here.
Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog 2006-03-14 02:42:02 UTC (rev 4065)
+++ trunk/g10/ChangeLog 2006-03-14 03:16:21 UTC (rev 4066)
@@ -1,5 +1,16 @@
2006-03-13 David Shaw <dshaw at jabberwocky.com>
+ * keyserver-internal.h, keyserver.c (keyserver_import_pka): Use
+ the same API as the other auto-key-locate fetchers.
+
+ * getkey.c (get_pubkey_byname): Use the fingerprint of the key
+ that we actually fetched. This helps prevent problems where the
+ key that we fetched doesn't have the same name that we used to
+ fetch it. In the case of CERT and PKA, this is an actual security
+ requirement as the URL might point to a key put in by an attacker.
+ By forcing the use of the fingerprint, we won't use the attacker's
+ key here.
+
* keyserver-internal.h, keyserver.c (keyserver_spawn,
keyserver_work, keyserver_import_cert, keyserver_import_name,
keyserver_import_ldap): Pass fingerprint info through.
Modified: trunk/g10/getkey.c
===================================================================
--- trunk/g10/getkey.c 2006-03-14 02:42:02 UTC (rev 4065)
+++ trunk/g10/getkey.c 2006-03-14 03:16:21 UTC (rev 4066)
@@ -922,11 +922,14 @@
for(akl=opt.auto_key_locate;akl;akl=akl->next)
{
+ unsigned char *fpr;
+ size_t fpr_len;
+
switch(akl->type)
{
case AKL_CERT:
glo_ctrl.in_auto_key_retrieve++;
- res=keyserver_import_cert(name,NULL,NULL);
+ res=keyserver_import_cert(name,&fpr,&fpr_len);
glo_ctrl.in_auto_key_retrieve--;
if(res==0)
@@ -935,35 +938,17 @@
break;
case AKL_PKA:
- {
- unsigned char fpr[MAX_FINGERPRINT_LEN];
+ glo_ctrl.in_auto_key_retrieve++;
+ res=keyserver_import_pka(name,&fpr,&fpr_len);
- glo_ctrl.in_auto_key_retrieve++;
- res=keyserver_import_pka(name,fpr);
- glo_ctrl.in_auto_key_retrieve--;
-
- if(res==0)
- {
- int i;
- char fpr_string[MAX_FINGERPRINT_LEN*2+1];
-
- log_info(_("Automatically retrieved `%s' via %s\n"),
- name,"PKA");
-
- free_strlist(namelist);
- namelist=NULL;
-
- for(i=0;i<MAX_FINGERPRINT_LEN;i++)
- sprintf(fpr_string+2*i,"%02X",fpr[i]);
-
- add_to_strlist( &namelist, fpr_string );
- }
- }
+ if(res==0)
+ log_info(_("Automatically retrieved `%s' via %s\n"),
+ name,"PKA");
break;
case AKL_LDAP:
glo_ctrl.in_auto_key_retrieve++;
- res=keyserver_import_ldap(name,NULL,NULL);
+ res=keyserver_import_ldap(name,&fpr,&fpr_len);
glo_ctrl.in_auto_key_retrieve--;
if(res==0)
@@ -979,7 +964,7 @@
if(opt.keyserver)
{
glo_ctrl.in_auto_key_retrieve++;
- res=keyserver_import_name(name,NULL,NULL,opt.keyserver);
+ res=keyserver_import_name(name,&fpr,&fpr_len,opt.keyserver);
glo_ctrl.in_auto_key_retrieve--;
if(res==0)
@@ -994,7 +979,7 @@
keyserver=keyserver_match(akl->spec);
glo_ctrl.in_auto_key_retrieve++;
- res=keyserver_import_name(name,NULL,NULL,keyserver);
+ res=keyserver_import_name(name,&fpr,&fpr_len,keyserver);
glo_ctrl.in_auto_key_retrieve--;
if(res==0)
@@ -1004,6 +989,34 @@
break;
}
+ /* Use the fingerprint of the key that we actually fetched.
+ This helps prevent problems where the key that we fetched
+ doesn't have the same name that we used to fetch it. In
+ the case of CERT and PKA, this is an actual security
+ requirement as the URL might point to a key put in by an
+ attacker. By forcing the use of the fingerprint, we
+ won't use the attacker's key here. */
+ if(res==0 && fpr)
+ {
+ int i;
+ char fpr_string[MAX_FINGERPRINT_LEN*2+1];
+
+ assert(fpr_len<=MAX_FINGERPRINT_LEN);
+
+ free_strlist(namelist);
+ namelist=NULL;
+
+ for(i=0;i<fpr_len;i++)
+ sprintf(fpr_string+2*i,"%02X",fpr[i]);
+
+ if(opt.verbose)
+ log_info("auto-key-locate found fingerprint %s\n",fpr_string);
+
+ add_to_strlist( &namelist, fpr_string );
+
+ xfree(fpr);
+ }
+
rc = key_byname( NULL, namelist, pk, NULL, 0,
include_unusable, ret_keyblock, ret_kdbhd);
if(rc!=G10ERR_NO_PUBKEY)
Modified: trunk/g10/keyserver-internal.h
===================================================================
--- trunk/g10/keyserver-internal.h 2006-03-14 02:42:02 UTC (rev 4065)
+++ trunk/g10/keyserver-internal.h 2006-03-14 03:16:21 UTC (rev 4066)
@@ -45,7 +45,7 @@
int keyserver_fetch(STRLIST urilist);
int keyserver_import_cert(const char *name,
unsigned char **fpr,size_t *fpr_len);
-int keyserver_import_pka(const char *name,unsigned char *fpr);
+int keyserver_import_pka(const char *name,unsigned char **fpr,size_t *fpr_len);
int keyserver_import_name(const char *name,unsigned char **fpr,size_t *fpr_len,
struct keyserver_spec *keyserver);
int keyserver_import_ldap(const char *name,
Modified: trunk/g10/keyserver.c
===================================================================
--- trunk/g10/keyserver.c 2006-03-14 02:42:02 UTC (rev 4065)
+++ trunk/g10/keyserver.c 2006-03-14 03:16:21 UTC (rev 4066)
@@ -2036,24 +2036,30 @@
/* Import key pointed to by a PKA record. Return the requested
fingerprint in fpr. */
int
-keyserver_import_pka(const char *name,unsigned char *fpr)
+keyserver_import_pka(const char *name,unsigned char **fpr,size_t *fpr_len)
{
char *uri;
int rc=-1;
- uri = get_pka_info (name, fpr);
+ *fpr=xmalloc(20);
+ *fpr_len=20;
+
+ uri = get_pka_info (name, *fpr);
if (uri)
{
struct keyserver_spec *spec;
spec = parse_keyserver_uri (uri, 1, NULL, 0);
if (spec)
{
- rc=keyserver_import_fprint (fpr, 20, spec);
+ rc=keyserver_import_fprint (*fpr, 20, spec);
free_keyserver_spec (spec);
}
xfree (uri);
}
+ if(rc!=0)
+ xfree(*fpr);
+
return rc;
}
More information about the Gnupg-commits
mailing list