[svn] GnuPG - r5331 - branches/STABLE-BRANCH-1-4/g10
svn author wk
cvs at cvs.gnupg.org
Fri May 7 14:32:07 CEST 2010
Author: wk
Date: 2010-05-07 14:32:06 +0200 (Fri, 07 May 2010)
New Revision: 5331
Modified:
branches/STABLE-BRANCH-1-4/g10/ChangeLog
branches/STABLE-BRANCH-1-4/g10/import.c
Log:
Fix for bug 1223
Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/ChangeLog 2010-05-07 12:17:18 UTC (rev 5330)
+++ branches/STABLE-BRANCH-1-4/g10/ChangeLog 2010-05-07 12:32:06 UTC (rev 5331)
@@ -1,3 +1,10 @@
+2010-05-07 Werner Koch <wk at g10code.com>
+
+ * import.c (chk_self_sigs): Check direct key signatures. Fixes
+ bug#1223.
+ (fix_bad_direct_key_sigs): New.
+ (import_one): Call it.
+
2010-03-26 David Shaw <dshaw at jabberwocky.com>
* plaintext.c (handle_plaintext): Make sure that the stdout flush
Modified: branches/STABLE-BRANCH-1-4/g10/import.c
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/import.c 2010-05-07 12:17:18 UTC (rev 5330)
+++ branches/STABLE-BRANCH-1-4/g10/import.c 2010-05-07 12:32:06 UTC (rev 5331)
@@ -516,6 +516,46 @@
}
+/* Versions of GnuPG before 1.4.11 and 2.0.16 allowed to import bogus
+ direct key signatures. A side effect of this was that a later
+ import of the same good direct key signatures was not possible
+ because the cmp_signature check in merge_blocks considered them
+ equal. Although direct key signatures are now checked during
+ import, there might still be bogus signatures sitting in a keyring.
+ We need to detect and delete them before doing a merge. This
+ fucntion returns the number of removed sigs. */
+static int
+fix_bad_direct_key_sigs (KBNODE keyblock, u32 *keyid)
+{
+ int rc;
+ int count = 0;
+ KBNODE node;
+
+ for (node = keyblock->next; node; node=node->next)
+ {
+ if (node->pkt->pkttype == PKT_USER_ID)
+ break;
+ if (node->pkt->pkttype == PKT_SIGNATURE
+ && IS_KEY_SIG (node->pkt->pkt.signature))
+ {
+ rc = check_key_signature (keyblock, node, NULL);
+ if (rc && rc != G10ERR_PUBKEY_ALGO )
+ {
+ /* If we don't know the error, we can't decide; this is
+ not a problem because cmp_signature can't compare the
+ signature either. */
+ log_info ("key %s: invalid direct key signature removed\n",
+ keystr (keyid));
+ delete_kbnode (node);
+ count++;
+ }
+ }
+ }
+
+ return count;
+}
+
+
static void
print_import_ok (PKT_public_key *pk, PKT_secret_key *sk, unsigned int reason)
{
@@ -876,10 +916,15 @@
goto leave;
}
+ /* Make sure the original direct key sigs are all sane. */
+ n_sigs_cleaned = fix_bad_direct_key_sigs (keyblock_orig, keyid);
+ if (n_sigs_cleaned)
+ commit_kbnode (&keyblock_orig);
+
/* and try to merge the block */
clear_kbnode_flags( keyblock_orig );
clear_kbnode_flags( keyblock );
- n_uids = n_sigs = n_subk = n_sigs_cleaned = n_uids_cleaned = 0;
+ n_uids = n_sigs = n_subk = n_uids_cleaned = 0;
rc = merge_blocks( fname, keyblock_orig, keyblock,
keyid, &n_uids, &n_sigs, &n_subk );
if( rc )
@@ -1397,6 +1442,19 @@
unode->flag |= 1; /* mark that signature checked */
}
}
+ else if (IS_KEY_SIG (sig))
+ {
+ rc = check_key_signature (keyblock, n, NULL);
+ if ( rc )
+ {
+ if (opt.verbose)
+ log_info (rc == G10ERR_PUBKEY_ALGO ?
+ _("key %s: unsupported public key algorithm\n"):
+ _("key %s: invalid direct key signature\n"),
+ keystr (keyid));
+ n->flag |= 4;
+ }
+ }
else if( sig->sig_class == 0x18 ) {
/* Note that this works based solely on the timestamps
like the rest of gpg. If the standard gets
More information about the Gnupg-commits
mailing list