[git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.18-3-gd585527
by Werner Koch
cvs at cvs.gnupg.org
Wed Aug 6 18:51:26 CEST 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-1-4 has been updated
via d58552760b26d840824658814d59c8b1a25a4219 (commit)
via dcf58b3471b1c9ba87a826aa132033e506664808 (commit)
from c05918c1b92bbf4f8cce0f18508014bfcf6332d8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d58552760b26d840824658814d59c8b1a25a4219
Author: Werner Koch <wk at gnupg.org>
Date: Wed Aug 6 17:11:21 2014 +0200
gpg: Fix regression due to the keyserver import filter.
* g10/keyserver.c (keyserver_retrieval_filter): Change args. Rewrite
to take subpakets in account.
* g10/import.c (import_one, import_secret_one): Pass keyblock to
filter.
--
GnuPG-bug-id: 1680
Resolved conflicts:
g10/main.h - s/import_filter/import_filter_t/g
diff --git a/g10/import.c b/g10/import.c
index e40141e..2baa298 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -60,16 +60,16 @@ struct stats_s {
static int import( IOBUF inp, const char* fname,struct stats_s *stats,
unsigned char **fpr,size_t *fpr_len,unsigned int options,
- import_filter filter, void *filter_arg );
+ import_filter_t filter, void *filter_arg );
static int read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root );
static void revocation_present(KBNODE keyblock);
static int import_one(const char *fname, KBNODE keyblock,struct stats_s *stats,
unsigned char **fpr,size_t *fpr_len,
unsigned int options,int from_sk,
- import_filter filter, void *filter_arg);
+ import_filter_t filter, void *filter_arg);
static int import_secret_one( const char *fname, KBNODE keyblock,
struct stats_s *stats, unsigned int options,
- import_filter filter, void *filter_arg);
+ import_filter_t filter, void *filter_arg);
static int import_revoke_cert( const char *fname, KBNODE node,
struct stats_s *stats);
static int chk_self_sigs( const char *fname, KBNODE keyblock,
@@ -167,7 +167,7 @@ static int
import_keys_internal( IOBUF inp, char **fnames, int nnames,
void *stats_handle, unsigned char **fpr, size_t *fpr_len,
unsigned int options,
- import_filter filter, void *filter_arg)
+ import_filter_t filter, void *filter_arg)
{
int i, rc = 0;
struct stats_s *stats = stats_handle;
@@ -236,7 +236,7 @@ import_keys( char **fnames, int nnames,
int
import_keys_stream( IOBUF inp, void *stats_handle,
unsigned char **fpr, size_t *fpr_len,unsigned int options,
- import_filter filter, void *filter_arg )
+ import_filter_t filter, void *filter_arg )
{
return import_keys_internal (inp, NULL, 0, stats_handle, fpr, fpr_len,
options, filter, filter_arg);
@@ -245,7 +245,7 @@ import_keys_stream( IOBUF inp, void *stats_handle,
static int
import( IOBUF inp, const char* fname,struct stats_s *stats,
unsigned char **fpr,size_t *fpr_len,unsigned int options,
- import_filter filter, void *filter_arg)
+ import_filter_t filter, void *filter_arg)
{
PACKET *pending_pkt = NULL;
KBNODE keyblock = NULL;
@@ -750,7 +750,7 @@ check_prefs(KBNODE keyblock)
static int
import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
unsigned char **fpr,size_t *fpr_len,unsigned int options,
- int from_sk, import_filter filter, void *filter_arg)
+ int from_sk, import_filter_t filter, void *filter_arg)
{
PKT_public_key *pk;
PKT_public_key *pk_orig;
@@ -790,7 +790,7 @@ import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
return 0;
}
- if (filter && filter (pk, NULL, filter_arg))
+ if (filter && filter (keyblock, filter_arg))
{
log_error (_("key %s: %s\n"), keystr_from_pk(pk),
_("rejected by import filter"));
@@ -1166,7 +1166,7 @@ sec_to_pub_keyblock(KBNODE sec_keyblock)
static int
import_secret_one( const char *fname, KBNODE keyblock,
struct stats_s *stats, unsigned int options,
- import_filter filter, void *filter_arg)
+ import_filter_t filter, void *filter_arg)
{
PKT_secret_key *sk;
KBNODE node, uidnode;
@@ -1182,7 +1182,7 @@ import_secret_one( const char *fname, KBNODE keyblock,
keyid_from_sk( sk, keyid );
uidnode = find_next_kbnode( keyblock, PKT_USER_ID );
- if (filter && filter (NULL, sk, filter_arg)) {
+ if (filter && filter (keyblock, filter_arg)) {
log_error (_("secret key %s: %s\n"), keystr_from_sk(sk),
_("rejected by import filter"));
return 0;
diff --git a/g10/keyserver.c b/g10/keyserver.c
index af174fb..810713c 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -972,52 +972,68 @@ struct ks_retrieval_filter_arg_s
returns 0 if the key shall be imported. Note that this kind of
filter is not related to the iobuf filters. */
static int
-keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk,
- void *opaque)
+keyserver_retrieval_filter (kbnode_t keyblock, void *opaque)
{
struct ks_retrieval_filter_arg_s *arg = opaque;
KEYDB_SEARCH_DESC *desc = arg->desc;
int ndesc = arg->ndesc;
+ kbnode_t node;
+ PKT_public_key *pk;
int n;
u32 keyid[2];
byte fpr[MAX_FINGERPRINT_LEN];
size_t fpr_len = 0;
- /* Secret keys are not expected from a keyserver. Do not import. */
- if (sk)
- return G10ERR_GENERAL;
+ /* Secret keys are not expected from a keyserver. We do not
+ care about secret subkeys because the import code takes care
+ of skipping them. Not allowing an import of a public key
+ with a secret subkey would make it too easy to inhibit the
+ downloading of a public key. Recall that keyservers do only
+ limited checks. */
+ node = find_kbnode (keyblock, PKT_SECRET_KEY);
+ if (node)
+ return G10ERR_GENERAL; /* Do not import. */
if (!ndesc)
return 0; /* Okay if no description given. */
- fingerprint_from_pk (pk, fpr, &fpr_len);
- keyid_from_pk (pk, keyid);
-
- /* Compare requested and returned fingerprints if available. */
- for (n = 0; n < ndesc; n++)
+ /* Loop over all key packets. */
+ for (node = keyblock; node; node = node->next)
{
- if (desc[n].mode == KEYDB_SEARCH_MODE_FPR20)
- {
- if (fpr_len == 20 && !memcmp (fpr, desc[n].u.fpr, 20))
- return 0;
- }
- else if (desc[n].mode == KEYDB_SEARCH_MODE_FPR16)
- {
- if (fpr_len == 16 && !memcmp (fpr, desc[n].u.fpr, 16))
- return 0;
- }
- else if (desc[n].mode == KEYDB_SEARCH_MODE_LONG_KID)
- {
- if (keyid[0] == desc[n].u.kid[0] && keyid[1] == desc[n].u.kid[1])
- return 0;
- }
- else if (desc[n].mode == KEYDB_SEARCH_MODE_SHORT_KID)
+ if (node->pkt->pkttype != PKT_PUBLIC_KEY
+ && node->pkt->pkttype != PKT_PUBLIC_SUBKEY)
+ continue;
+
+ pk = node->pkt->pkt.public_key;
+ fingerprint_from_pk (pk, fpr, &fpr_len);
+ keyid_from_pk (pk, keyid);
+
+ /* Compare requested and returned fingerprints if available. */
+ for (n = 0; n < ndesc; n++)
{
- if (keyid[1] == desc[n].u.kid[1])
- return 0;
+ if (desc[n].mode == KEYDB_SEARCH_MODE_FPR20)
+ {
+ if (fpr_len == 20 && !memcmp (fpr, desc[n].u.fpr, 20))
+ return 0;
+ }
+ else if (desc[n].mode == KEYDB_SEARCH_MODE_FPR16)
+ {
+ if (fpr_len == 16 && !memcmp (fpr, desc[n].u.fpr, 16))
+ return 0;
+ }
+ else if (desc[n].mode == KEYDB_SEARCH_MODE_LONG_KID)
+ {
+ if (keyid[0] == desc[n].u.kid[0] && keyid[1] == desc[n].u.kid[1])
+ return 0;
+ }
+ else if (desc[n].mode == KEYDB_SEARCH_MODE_SHORT_KID)
+ {
+ if (keyid[1] == desc[n].u.kid[1])
+ return 0;
+ }
+ else /* No keyid or fingerprint - can't check. */
+ return 0; /* allow import. */
}
- else
- return 0;
}
return G10ERR_GENERAL;
diff --git a/g10/main.h b/g10/main.h
index e4c4385..af35c77 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -208,14 +208,14 @@ MPI encode_md_value( PKT_public_key *pk, PKT_secret_key *sk,
/*-- import.c --*/
-typedef int (*import_filter)(PKT_public_key *pk, PKT_secret_key *sk, void *arg);
+typedef int (*import_filter_t)(kbnode_t keyblock, void *arg);
int parse_import_options(char *str,unsigned int *options,int noisy);
void import_keys( char **fnames, int nnames,
void *stats_hd, unsigned int options );
int import_keys_stream (IOBUF inp,void *stats_hd,unsigned char **fpr,
size_t *fpr_len,unsigned int options,
- import_filter filter, void *filter_arg);
+ import_filter_t filter, void *filter_arg);
void *import_new_stats_handle (void);
void import_release_stats_handle (void *p);
void import_print_stats (void *hd);
commit dcf58b3471b1c9ba87a826aa132033e506664808
Author: Werner Koch <wk at gnupg.org>
Date: Wed Aug 6 17:09:15 2014 +0200
Add kbnode_t for easier backporting.
* g10/global.h (kbnode_t): New.
diff --git a/g10/global.h b/g10/global.h
index 643c4fc..5ecfb83 100644
--- a/g10/global.h
+++ b/g10/global.h
@@ -23,6 +23,7 @@
#define MAX_FINGERPRINT_LEN 20
typedef struct kbnode_struct *KBNODE;
+typedef struct kbnode_struct *kbnode_t;
typedef struct keydb_search_desc KEYDB_SEARCH_DESC;
#endif /*GPG_GLOBAL_H*/
-----------------------------------------------------------------------
Summary of changes:
g10/global.h | 1 +
g10/import.c | 20 +++++++--------
g10/keyserver.c | 76 +++++++++++++++++++++++++++++++++----------------------
g10/main.h | 4 +--
4 files changed, 59 insertions(+), 42 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list