[PATCH 5/5] gpg: Fix regexp sanitization.
dgouttegattat at incenp.org
Wed Jul 19 15:07:22 CEST 2017
On 07/19/2017 01:22 PM, Justus Winter wrote:> Imagine I have for some
reason the expression 'foo.*\.org' in a
> trust signature, because I only want to match organisations starting
> with foo. RFC4880 seems to allow that aiui. Your patch breaks that,
> but so does sanitize_regexp as it is now.
Yes. It seems GnuPG wants to use the regex associated with trust
signatures in a more restricted way than is permitted by RFC4880.
I think it was designed that way probably to be compatible with PGP. I
never actually used PGP, but judging from a quick look at the manuals
for several versions, it seems that in PGP too this feature was limited
to simple domain matching. See for example this sentence from the manual
for PGP 10.2 :
"If you want to limit the trusted introducer's key validation
capabilities to a single domain, type the domain name in the
Domain Restriction text box."
I guess that when they allowed the use of regular expressions in trust
signature, the authors of RFC4880 went beyond what the implementations
of the time supported.
> I don't see how and why we should do any sane sanitization at all.
For what is worth, I tend to agree. But I won't pretend I have seriously
considered all the implications.
Well, I am not sure whether we *should* sanitize, but if we do, we
should do it correctly. As of now, our sanitization code is broken, so I
would suggest to fix it so that it at least works as intended (that is,
it allows simple domain matching). After that we may decide what to do
A possible compromise would be to make the behavior dependent on the
--rfc4880 compliance flag: if the flag is set, we allow full-fledged
regex matching as per RFC4880, otherwise (and by default) we sanitize
the regex to only allow simple domain matching.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-devel