diff --git a/g10/ChangeLog b/g10/ChangeLog index 5526cb182..c8bbfc62a 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,11 @@ +2003-03-24 David Shaw + + * keydb.h: Err on the side of making an unknown signature a SIG + rather than a CERT. + + * import.c (delete_inv_parts): Discard any key signatures that + aren't key types (i.e. 0x00, 0x01, etc.) + 2003-03-24 Werner Koch * Makefile.am: Make use of AM_CFLAGS and AM_LDFLAGS. diff --git a/g10/import.c b/g10/import.c index 46162e973..62e15eaa2 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1298,6 +1298,14 @@ delete_inv_parts( const char *fname, KBNODE keyblock, (ulong)keyid[1]); delete_kbnode( node ); } + else if( node->pkt->pkttype == PKT_SIGNATURE + && !IS_CERT(node->pkt->pkt.signature)) + { + log_error(_("key %08lX: unexpected signature class (0x%02X) -" + " skipped\n"),(ulong)keyid[1], + node->pkt->pkt.signature->sig_class); + delete_kbnode(node); + } else if( (node->flag & 4) ) /* marked for deletion */ delete_kbnode( node ); } diff --git a/g10/keydb.h b/g10/keydb.h index 76a96ed76..8416ec8ae 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -27,10 +27,9 @@ #include "cipher.h" /* What qualifies as a certification (rather than a signature?) */ -#define IS_SIG(s) (((s)->sig_class==0x00) || ((s)->sig_class==0x01) || \ - ((s)->sig_class==0x02) || ((s)->sig_class==0x40)) -#define IS_CERT(s) (!IS_SIG(s)) - +#define IS_CERT(s) (IS_KEY_SIG(s) || IS_UID_SIG(s) || IS_SUBKEY_SIG(s) \ + || IS_KEY_REV(s) || IS_UID_REV(s) || IS_SUBKEY_REV(s)) +#define IS_SIG(s) (!IS_CERT(s)) #define IS_KEY_SIG(s) ((s)->sig_class == 0x1f) #define IS_UID_SIG(s) (((s)->sig_class & ~3) == 0x10) #define IS_SUBKEY_SIG(s) ((s)->sig_class == 0x18) @@ -38,7 +37,6 @@ #define IS_UID_REV(s) ((s)->sig_class == 0x30) #define IS_SUBKEY_REV(s) ((s)->sig_class == 0x28) - struct getkey_ctx_s; typedef struct getkey_ctx_s *GETKEY_CTX;