From 22bc1b3a5e0c6545b537c8457b61109dc557f60c Mon Sep 17 00:00:00 2001
From: David Shaw <dshaw@jabberwocky.com>
Date: Wed, 13 Mar 2002 13:28:18 +0000
Subject: [PATCH] any valid self-sig should mark a user ID or subkey as valid -
 otherwise, an attacker could DoS the user by inventing a bogus invalid
 self-signature.

---
 g10/ChangeLog |  6 ++++++
 g10/import.c  | 29 ++++++++++++++++-------------
 2 files changed, 22 insertions(+), 13 deletions(-)

diff --git a/g10/ChangeLog b/g10/ChangeLog
index c0d9ac896..140a99219 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,9 @@
+2002-03-13  David Shaw  <dshaw@jabberwocky.com>
+
+	* import.c (chk_self_sigs): any valid self-sig should mark a user
+	ID or subkey as valid - otherwise, an attacker could DoS the user
+	by inventing a bogus invalid self-signature.
+
 2002-03-07  David Shaw  <dshaw@jabberwocky.com>
 
 	* g10.c (main): make a few more strings translatable.
diff --git a/g10/import.c b/g10/import.c
index 9658530f1..044716f98 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -815,16 +815,18 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
 					    (ulong)keyid[1]);
 		    return -1;	/* the complete keyblock is invalid */
 		}
-		rc = check_key_signature( keyblock, n, NULL);
-		if( rc ) {
-		    log_info( rc == G10ERR_PUBKEY_ALGO ?
-			 _("key %08lX: unsupported public key algorithm\n"):
-			 _("key %08lX: invalid self-signature\n"),
-				     (ulong)keyid[1]);
 
-		    unode->flag |= 2; /* mark as invalid */
+		/* If it hasn't been marked valid yet, keep trying */
+		if(!(unode->flag&1)) {
+		  rc = check_key_signature( keyblock, n, NULL);
+		  if( rc )
+		    log_info( rc == G10ERR_PUBKEY_ALGO ?
+			   _("key %08lX: unsupported public key algorithm\n"):
+			   _("key %08lX: invalid self-signature\n"),
+			      (ulong)keyid[1]);
+		  else
+		    unode->flag |= 1; /* mark that signature checked */
 		}
-		unode->flag |= 1; /* mark that signature checked */
 	    }
 	    else if( sig->sig_class == 0x18 ) {
 		KBNODE knode = find_prev_kbnode( keyblock,
@@ -839,16 +841,17 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
 		    n->flag |= 4; /* delete this */
 		}
 		else {
+		  /* If it hasn't been marked valid yet, keep trying */
+		  if(!(knode->flag&1)) {
 		    rc = check_key_signature( keyblock, n, NULL);
-		    if( rc ) {
+		    if( rc )
 			log_info(  rc == G10ERR_PUBKEY_ALGO ?
 			   _("key %08lX: unsupported public key algorithm\n"):
 			   _("key %08lX: invalid subkey binding\n"),
 					 (ulong)keyid[1]);
-
-			knode->flag |= 2; /* mark as invalid */
-		    }
-		    knode->flag |= 1; /* mark that signature checked */
+		    else
+		      knode->flag |= 1; /* mark that signature checked */
+		  }
 		}
 	    }
 	}