* getkey.c (merge_selfsigs_main), main.h, sig-check.c

(check_key_signature2): Pass the ultimately trusted pk directly to check_key_signature2 to avoid going through the key selection mechanism. This prevents a deadly embrace when two keys without selfsigs each sign the other.
2025-07-02 22:46:30 +02:00 · 2002-12-29 15:58:44 +00:00 · 2002-12-29 15:58:44 +00:00 · 0bb73ee428
commit 0bb73ee428
parent 55eda4b4f8
4 changed files with 29 additions and 13 deletions
--- a/g10/getkey.c
+++ b/g10/getkey.c
@ -1571,6 +1571,8 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
 	    else if ( k->pkt->pkttype == PKT_SIGNATURE && uidnode )
 	      {
 		PKT_signature *sig = k->pkt->pkt.signature;
+		u32 dummy;
+		int dum2;

 		if(sig->keyid[0] != kid[0] || sig->keyid[1]!=kid[1])
 		  {
@ -1584,9 +1586,10 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
                       trusted key is still valid - if it has been
                       revoked or the user should also renmove the
                       ultimate trust flag.  */
-		    if(get_pubkey_fast(ultimate_pk,sig->keyid)==0 &&
-		       check_key_signature(keyblock,k,NULL)==0 &&
-		       get_ownertrust(ultimate_pk)==TRUST_ULTIMATE)
+		    if(get_pubkey_fast(ultimate_pk,sig->keyid)==0
+		       && check_key_signature2(keyblock,k,ultimate_pk,
+					       NULL,&dummy,&dum2)==0
+		       && get_ownertrust(ultimate_pk)==TRUST_ULTIMATE)
 		      {
 			free_public_key(ultimate_pk);
 			pk->is_valid=1;