security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

gpg: Improve the keyblock cache's transparency.

Browse Source 
* kbx/keybox-search.c (keybox_offset): New function.
* g10/keydb.c (struct keyblock_cache): Add fields resource and offset.
(keyblock_cache_clear): Reset HD->KEYBLOCK_CACHE.RESOURCE and
HD->KEYBLOCK_CACHE.OFFSET.
(keydb_search): Don't use the cached result if it comes before the
current file position.  When caching an entry, also record the
position at which it was found.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2187
This commit is contained in:
Neal H. Walfield 2015-12-15 12:21:30 +01:00
parent 0ea186db64
commit 2e4e10c1dc
3 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
g10/keydb.c
View File

@ -81,6 +81,9 @@ struct keyblock_cache {
u32 *sigstatus; u32 *sigstatus;
int pk_no; int pk_no;
int uid_no; int uid_no;
/* Offset of the record in the keybox. */
int resource;
off_t offset;
}; };
@ -245,6 +248,8 @@ keyblock_cache_clear (struct keydb_handle *hd)
hd->keyblock_cache.sigstatus = NULL; hd->keyblock_cache.sigstatus = NULL;
iobuf_close (hd->keyblock_cache.iobuf); iobuf_close (hd->keyblock_cache.iobuf);
hd->keyblock_cache.iobuf = NULL; hd->keyblock_cache.iobuf = NULL;
hd->keyblock_cache.resource = -1;
hd->keyblock_cache.offset = -1;
} }
@ -1701,7 +1706,13 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
&& (desc[0].mode == KEYDB_SEARCH_MODE_FPR20 && (desc[0].mode == KEYDB_SEARCH_MODE_FPR20
|| desc[0].mode == KEYDB_SEARCH_MODE_FPR) || desc[0].mode == KEYDB_SEARCH_MODE_FPR)
&& hd->keyblock_cache.state == KEYBLOCK_CACHE_FILLED && hd->keyblock_cache.state == KEYBLOCK_CACHE_FILLED
&& !memcmp (hd->keyblock_cache.fpr, desc[0].u.fpr, 20)) && !memcmp (hd->keyblock_cache.fpr, desc[0].u.fpr, 20)
/* Make sure the current file position occurs before the cached
result to avoid an infinite loop. */
&& (hd->current < hd->keyblock_cache.resource
|| (hd->current == hd->keyblock_cache.resource
&& (keybox_offset (hd->active[hd->current].u.kb)
<= hd->keyblock_cache.offset))))
{ {
/* (DESCINDEX is already set). */ /* (DESCINDEX is already set). */
if (DBG_CLOCK) if (DBG_CLOCK)
@ -1772,6 +1783,12 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
&& hd->active[hd->current].type == KEYDB_RESOURCE_TYPE_KEYBOX) && hd->active[hd->current].type == KEYDB_RESOURCE_TYPE_KEYBOX)
{ {
hd->keyblock_cache.state = KEYBLOCK_CACHE_PREPARED; hd->keyblock_cache.state = KEYBLOCK_CACHE_PREPARED;
hd->keyblock_cache.resource = hd->current;
/* The current offset is at the start of the next record. Since
a record is at least 1 byte, we just use offset - 1, which is
within the record. */
hd->keyblock_cache.offset
= keybox_offset (hd->active[hd->current].u.kb) - 1;
memcpy (hd->keyblock_cache.fpr, desc[0].u.fpr, 20); memcpy (hd->keyblock_cache.fpr, desc[0].u.fpr, 20);
} }

8
kbx/keybox-search.c
View File

@ -1188,3 +1188,11 @@ keybox_get_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int *value)
ec = get_flag_from_image (buffer, length, what, value); ec = get_flag_from_image (buffer, length, what, value);
return ec? gpg_error (ec):0; return ec? gpg_error (ec):0;
} }
off_t
keybox_offset (KEYBOX_HANDLE hd)
{
if (!hd->fp)
return 0;
return ftello (hd->fp);
}

2
kbx/keybox.h
View File

@ -77,6 +77,8 @@ int keybox_set_ephemeral (KEYBOX_HANDLE hd, int yes);
int keybox_lock (KEYBOX_HANDLE hd, int yes); int keybox_lock (KEYBOX_HANDLE hd, int yes);
off_t keybox_offset (KEYBOX_HANDLE hd);
/*-- keybox-file.c --*/ /*-- keybox-file.c --*/
/* Fixme: This function does not belong here: Provide a better /* Fixme: This function does not belong here: Provide a better
interface to create a new keybox file. */ interface to create a new keybox file. */