security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
Code Activity

gpg: Fix wrong Tofu DB consistency check.

Browse Source 
* g10/tofu.c (build_conflict_set): Do not assume MAX_FINGERPRINT_LEN
is the size of the fingerprint.
--

This problem was exhibited by
commit ecbbafb88d920e713439b6b1b8e1b41a6f8d0e38.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2017-10-18 13:55:56 +02:00
parent 825abec0e7
commit 18e5946aef
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
g10/tofu.c
View File

@ -2083,13 +2083,16 @@ build_conflict_set (ctrl_t ctrl, tofu_dbs_t dbs,
* policy to ask due to a conflict. */
for (iter = conflict_set; iter; iter = iter->next)
{
/* Fixme: Why the check against N+1? */
int l = strlen (iter->d);
if (!(l == 2 * MAX_FINGERPRINT_LEN
|| l == 2 * MAX_FINGERPRINT_LEN + 1))
if (!(l == 2 * 20
|| l == 2 * 20 + 1
|| l == 2 * 32
|| l == 2 * 32 + 1))
{
log_error (_("TOFU db corruption detected.\n"));
print_further_info ("fingerprint '%s' is not %d characters long",
iter->d, 2 * MAX_FINGERPRINT_LEN);
print_further_info ("fingerprint '%s' is %d characters long",
iter->d, l);
}
if (l >= 1 && iter->d[l - 1] == '!')