[git] GPGME - branch, master, updated. gpgme-1.11.1-247-g3bdf8be

by Andre Heinecke cvs at cvs.gnupg.org
Tue Aug 28 08:37:51 CEST 2018 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".

The branch, master has been updated
       via  3bdf8be6d2c57319399fe14e27e52b323a17750a (commit)
      from  7d3c13df263ed88c17005920e75e0486abeae5b9 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 3bdf8be6d2c57319399fe14e27e52b323a17750a
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Tue Aug 28 08:35:06 2018 +0200

    json: Delete primary key if subkey gen fails
    
    * src/gpgme-json.c (op_delete): Delete primary key on
    subkey gen error.
    
    --
    This can happen for example if the user cancels the
    pinentry to unlock the primary key when adding the
    subkey.  To avoid an artifact of a pimary key without
    an encryption capable subkey we delete the created
    key and treat the whole operation as failed.

diff --git a/src/gpgme-json.c b/src/gpgme-json.c
index 0d1ec50..5c670eb 100644
--- a/src/gpgme-json.c
+++ b/src/gpgme-json.c
@@ -3084,7 +3084,7 @@ op_createkey (cjson_t request, cjson_t result)
 
       err = gpgme_get_key (keylistctx, new_fpr, &new_key, 1);
       release_onetime_context (keylistctx);
-      if (err)
+      if (err || !new_key)
         {
           gpg_error_object (result, err, "Error finding created key: %s",
                             gpg_strerror (err));
@@ -3096,7 +3096,27 @@ op_createkey (cjson_t request, cjson_t result)
                                    0, expires, flags |= GPGME_CREATE_ENCR);
       xfree (subkey_algo);
       if (err)
-        goto leave;
+        {
+          /* This can happen for example if the user cancels the
+           * pinentry to unlock the primary key when adding the
+           * subkey.  To avoid an artifact of a pimary key without
+           * an encryption capable subkey we delete the created
+           * key and treat the whole operation as failed. */
+          gpgme_error_t err2;
+          gpg_error_object (result, err, "Error creating subkey: %s",
+                            gpg_strerror (err));
+          log_info ("Deleting primary key after keygen failure.\n");
+          err2 = gpgme_op_delete_ext (ctx, new_key, GPGME_DELETE_FORCE |
+                                      GPGME_DELETE_ALLOW_SECRET);
+          if (err2)
+            {
+              log_error ("Error deleting primary key: %s",
+                         gpg_strerror (err));
+            }
+          gpgme_key_unref (new_key);
+          goto leave;
+        }
+      gpgme_key_unref (new_key);
     }
 
   xjson_AddStringToObject0 (result, "fingerprint", new_fpr);

-----------------------------------------------------------------------

Summary of changes:
 src/gpgme-json.c | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
GnuPG Made Easy
http://git.gnupg.org

More information about the Gnupg-commits mailing list