[git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.19-56-g4988822

by Werner Koch cvs at cvs.gnupg.org
Thu Dec 20 12:36:20 CET 2012 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-0 has been updated
       via  498882296ffac7987c644aaf2a0aa108a2925471 (commit)
      from  20c95ef258f8520283406239f7c6f4729341d463 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 498882296ffac7987c644aaf2a0aa108a2925471
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Dec 20 09:43:41 2012 +0100

    gpg: Import only packets which are allowed in a keyblock.
    
    * g10/import.c (valid_keyblock_packet): New.
    (read_block): Store only valid packets.
    --
    
    A corrupted key, which for example included a mangled public key
    encrypted packet, used to corrupt the keyring.  This change skips all
    packets which are not allowed in a keyblock.
    
    GnuPG-bug-id: 1455
    
    (cherry-picked from commit 3a4b96e665fa639772854058737ee3d54ba0694e)

diff --git a/g10/import.c b/g10/import.c
index ba2439d..ad112d6 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -347,6 +347,27 @@ import_print_stats (void *hd)
 }
 
 
+/* Return true if PKTTYPE is valid in a keyblock.  */
+static int
+valid_keyblock_packet (int pkttype)
+{
+  switch (pkttype)
+    {
+    case PKT_PUBLIC_KEY:
+    case PKT_PUBLIC_SUBKEY:
+    case PKT_SECRET_KEY:
+    case PKT_SECRET_SUBKEY:
+    case PKT_SIGNATURE:
+    case PKT_USER_ID:
+    case PKT_ATTRIBUTE:
+    case PKT_RING_TRUST:
+      return 1;
+    default:
+      return 0;
+    }
+}
+
+
 /****************
  * Read the next keyblock from stream A.
  * PENDING_PKT should be initialzed to NULL
@@ -424,7 +445,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root )
 	    }
 	    in_cert = 1;
 	  default:
-	    if( in_cert ) {
+	    if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
 		if( !root )
 		    root = new_kbnode( pkt );
 		else

-----------------------------------------------------------------------

Summary of changes:
 g10/import.c |   23 ++++++++++++++++++++++-
 1 files changed, 22 insertions(+), 1 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list