mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-10 13:04:23 +01:00
any valid self-sig should mark a user ID or subkey as valid - otherwise,
an attacker could DoS the user by inventing a bogus invalid self-signature.
This commit is contained in:
David Shaw
parent
bcf95b1d25
commit
22bc1b3a5e
@ -1,3 +1,9 @@
|
|||||||
|
2002-03-13 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
|
* import.c (chk_self_sigs): any valid self-sig should mark a user
|
||||||
|
ID or subkey as valid - otherwise, an attacker could DoS the user
|
||||||
|
by inventing a bogus invalid self-signature.
|
||||||
|
|
||||||
2002-03-07 David Shaw <dshaw@jabberwocky.com>
|
2002-03-07 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
* g10.c (main): make a few more strings translatable.
|
* g10.c (main): make a few more strings translatable.
|
||||||
|
|||||||
29
g10/import.c
29
g10/import.c
@ -815,16 +815,18 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
|
|||||||
(ulong)keyid[1]);
|
(ulong)keyid[1]);
|
||||||
return -1; /* the complete keyblock is invalid */
|
return -1; /* the complete keyblock is invalid */
|
||||||
}
|
}
|
||||||
rc = check_key_signature( keyblock, n, NULL);
|
|
||||||
if( rc ) {
|
|
||||||
log_info( rc == G10ERR_PUBKEY_ALGO ?
|
|
||||||
_("key %08lX: unsupported public key algorithm\n"):
|
|
||||||
_("key %08lX: invalid self-signature\n"),
|
|
||||||
(ulong)keyid[1]);
|
|
||||||
|
|
||||||
unode->flag |= 2; /* mark as invalid */
|
/* If it hasn't been marked valid yet, keep trying */
|
||||||
|
if(!(unode->flag&1)) {
|
||||||
|
rc = check_key_signature( keyblock, n, NULL);
|
||||||
|
if( rc )
|
||||||
|
log_info( rc == G10ERR_PUBKEY_ALGO ?
|
||||||
|
_("key %08lX: unsupported public key algorithm\n"):
|
||||||
|
_("key %08lX: invalid self-signature\n"),
|
||||||
|
(ulong)keyid[1]);
|
||||||
|
else
|
||||||
|
unode->flag |= 1; /* mark that signature checked */
|
||||||
}
|
}
|
||||||
unode->flag |= 1; /* mark that signature checked */
|
|
||||||
}
|
}
|
||||||
else if( sig->sig_class == 0x18 ) {
|
else if( sig->sig_class == 0x18 ) {
|
||||||
KBNODE knode = find_prev_kbnode( keyblock,
|
KBNODE knode = find_prev_kbnode( keyblock,
|
||||||
@ -839,16 +841,17 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
|
|||||||
n->flag |= 4; /* delete this */
|
n->flag |= 4; /* delete this */
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
/* If it hasn't been marked valid yet, keep trying */
|
||||||
|
if(!(knode->flag&1)) {
|
||||||
rc = check_key_signature( keyblock, n, NULL);
|
rc = check_key_signature( keyblock, n, NULL);
|
||||||
if( rc ) {
|
if( rc )
|
||||||
log_info( rc == G10ERR_PUBKEY_ALGO ?
|
log_info( rc == G10ERR_PUBKEY_ALGO ?
|
||||||
_("key %08lX: unsupported public key algorithm\n"):
|
_("key %08lX: unsupported public key algorithm\n"):
|
||||||
_("key %08lX: invalid subkey binding\n"),
|
_("key %08lX: invalid subkey binding\n"),
|
||||||
(ulong)keyid[1]);
|
(ulong)keyid[1]);
|
||||||
|
else
|
||||||
knode->flag |= 2; /* mark as invalid */
|
knode->flag |= 1; /* mark that signature checked */
|
||||||
}
|
}
|
||||||
knode->flag |= 1; /* mark that signature checked */
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user