[git] GnuPG - branch, master, updated. gnupg-2.1.19-61-gb1106b4
by Neal H. Walfield
cvs at cvs.gnupg.org
Fri Mar 17 14:45:34 CET 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via b1106b4d640325c60a7212a4a44e4f67c0e3312d (commit)
from 69c521df422a6c9a6b0a93e45c9373a8b6ceb28e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b1106b4d640325c60a7212a4a44e4f67c0e3312d
Author: Neal H. Walfield <neal at g10code.com>
Date: Fri Mar 17 13:36:51 2017 +0100
gpg: Make sure the conflict set includes the current key.
* g10/tofu.c (get_trust): Sanity check CONFLICT_SET after calling
get_policy. If POLICY is 'auto' and the default policy is 'ask', make
sure CONFLICT_SET includes the current key.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
GnuPG-bug-id: 2959
Debian-bug-id: 854829
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/g10/tofu.c b/g10/tofu.c
index 9d9d8df..f2bd0c5 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -2304,9 +2304,14 @@ build_conflict_set (tofu_dbs_t dbs,
/* Return the effective policy for the binding <FINGERPRINT, EMAIL>
- * (email has already been normalized) and any conflict information in
- * *CONFLICT_SETP, if CONFLICT_SETP is not NULL. Returns
- * _tofu_GET_POLICY_ERROR if an error occurs.
+ * (email has already been normalized). Returns
+ * _tofu_GET_POLICY_ERROR if an error occurs. Returns any conflict
+ * information in *CONFLICT_SETP if CONFLICT_SETP is not NULL and the
+ * returned policy is TOFU_POLICY_ASK (consequently, if there is a
+ * conflict, but the user set the policy to good *CONFLICT_SETP will
+ * empty). Note: as per build_conflict_set, which is used to build
+ * the conflict information, the conflict information includes the
+ * current user id as the first element of the linked list.
*
* This function registers the binding in the bindings table if it has
* not yet been registered.
@@ -2689,6 +2694,15 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
policy = get_policy (dbs, pk, fingerprint, user_id, email,
&conflict_set, now);
+ if (policy == TOFU_POLICY_ASK)
+ /* The conflict set should always contain at least one element:
+ * the current key. */
+ log_assert (conflict_set);
+ else
+ /* If the policy is not TOFU_POLICY_ASK, then conflict_set will be
+ * NULL. */
+ log_assert (! conflict_set);
+
/* If the key is ultimately trusted, there is nothing to do. */
{
u32 kid[2];
@@ -2710,6 +2724,14 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
" auto (default: %s).\n",
fingerprint, email,
tofu_policy_str (opt.tofu_default_policy));
+
+ if (policy == TOFU_POLICY_ASK)
+ /* The default policy is ASK, but there is no conflict (policy
+ * was 'auto'). In this case, we need to make sure the
+ * conflict set includes at least the current user id. */
+ {
+ add_to_strlist (&conflict_set, fingerprint);
+ }
}
switch (policy)
{
-----------------------------------------------------------------------
Summary of changes:
g10/tofu.c | 28 +++++++++++++++++++++++++---
1 file changed, 25 insertions(+), 3 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list