[PATCH] Disable importing V3 public keys from keyservers
David Leon Gil
coruus at gmail.com
Fri Oct 10 08:01:03 CEST 2014
This patch is against HEAD. It would be nice to see it backported to
the next point releases.
>From 49cae65b8d1a0e5d8dd53465de501ba36f849f39 Mon Sep 17 00:00:00 2001
From: David Leon Gil <coruus at gmail.com>
Date: Thu, 9 Oct 2014 17:35:39 -0400
Subject: [PATCH] Disable importing V3 or older public keys from keyservers.
---
g10/keyserver.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 1b2e128..b866f38 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -1089,6 +1089,11 @@ keyserver_retrieval_screener (kbnode_t
keyblock, void *opaque)
fingerprint_from_pk (pk, fpr, &fpr_len);
keyid_from_pk (pk, keyid);
+ if (pk.version != 4) {
+ log_error(_("importing v3 or older keys from keyservers is unsafe:
skipping a returned v3 public key\n"))
+ continue;
+ }
+
/* Compare requested and returned fingerprints if available. */
for (n = 0; n < ndesc; n++)
{
--
1.9.3 (Apple Git-50)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Disable-importing-V3-or-older-public-keys-from-keyse.patch
Type: application/octet-stream
Size: 887 bytes
Desc: not available
URL: </pipermail/attachments/20141010/ddc17595/attachment.obj>
More information about the Gnupg-devel
mailing list