mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-09 12:54:23 +01:00
* keyserver.c (keyserver_spawn): Assert that we have dropped privs.
* pubkey-enc.c (get_session_key): Check that the public key algorithm is indeed usable for en/decryption. This avoid a strange error message from pubkey_decrypt if for some reasons a bad algorithm indentifier is passed. * hkp.c (hkp_export): Do not print possible control characters from a keyserver response. (parse_hkp_index): Made uid an unsigned char* because it is passed to isspace(). (hkp_search): Ditto for the char* vars. * g10.c (main): Print the IDEA warning also for -c and -se. * g10.c (get_temp_dir): Assert that we have dropped privs * encode.c (encode_crypt): Include the first key into the --pgp2 check.
This commit is contained in:
parent
0f47bb3c19
commit
3851f7df8c
@ -1,7 +1,33 @@
|
|||||||
|
2001-12-15 Werner Koch <wk@gnupg.org>
|
||||||
|
|
||||||
|
* keyserver.c (keyserver_spawn): Assert that we have dropped privs.
|
||||||
|
|
||||||
|
2001-12-13 Werner Koch <wk@gnupg.org>
|
||||||
|
|
||||||
|
* pubkey-enc.c (get_session_key): Check that the public key
|
||||||
|
algorithm is indeed usable for en/decryption. This avoid a
|
||||||
|
strange error message from pubkey_decrypt if for some reasons a
|
||||||
|
bad algorithm indentifier is passed.
|
||||||
|
|
||||||
2001-12-12 David Shaw <dshaw@jabberwocky.com>
|
2001-12-12 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
* Fixed some types for portability. Noted by Stefan Bellon.
|
* Fixed some types for portability. Noted by Stefan Bellon.
|
||||||
|
|
||||||
|
2001-12-11 Werner Koch <wk@gnupg.org>
|
||||||
|
|
||||||
|
* hkp.c (hkp_export): Do not print possible control characters
|
||||||
|
from a keyserver response.
|
||||||
|
(parse_hkp_index): Made uid an unsigned char* because it is passed to
|
||||||
|
isspace().
|
||||||
|
(hkp_search): Ditto for the char* vars.
|
||||||
|
|
||||||
|
* g10.c (main): Print the IDEA warning also for -c and -se.
|
||||||
|
|
||||||
|
* g10.c (get_temp_dir): Assert that we have dropped privs
|
||||||
|
|
||||||
|
* encode.c (encode_crypt): Include the first key into the --pgp2
|
||||||
|
check.
|
||||||
|
|
||||||
2001-12-07 David Shaw <dshaw@jabberwocky.com>
|
2001-12-07 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
* g10.c, options.h: New option --pgp2. This is identical to
|
* g10.c, options.h: New option --pgp2. This is identical to
|
||||||
|
@ -263,8 +263,8 @@ encode_crypt( const char *filename, STRLIST remusr )
|
|||||||
if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC)) )
|
if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC)) )
|
||||||
return rc;
|
return rc;
|
||||||
|
|
||||||
if(opt.pgp2)
|
if(opt.pgp2) {
|
||||||
for(work_list=pk_list;work_list->next!=NULL;work_list=work_list->next)
|
for(work_list=pk_list; work_list; work_list=work_list->next)
|
||||||
if(!(is_RSA(work_list->pk->pubkey_algo) &&
|
if(!(is_RSA(work_list->pk->pubkey_algo) &&
|
||||||
nbits_from_pk(work_list->pk)<=2048))
|
nbits_from_pk(work_list->pk)<=2048))
|
||||||
{
|
{
|
||||||
@ -273,6 +273,7 @@ encode_crypt( const char *filename, STRLIST remusr )
|
|||||||
log_info(_("This message will not be usable by PGP 2.x\n"));
|
log_info(_("This message will not be usable by PGP 2.x\n"));
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/* prepare iobufs */
|
/* prepare iobufs */
|
||||||
if( !(inp = iobuf_open(filename)) ) {
|
if( !(inp = iobuf_open(filename)) ) {
|
||||||
|
13
g10/g10.c
13
g10/g10.c
@ -1285,7 +1285,8 @@ main( int argc, char **argv )
|
|||||||
opt.force_v3_sigs = 1;
|
opt.force_v3_sigs = 1;
|
||||||
opt.pgp2_workarounds = 1;
|
opt.pgp2_workarounds = 1;
|
||||||
opt.def_cipher_algo = CIPHER_ALGO_IDEA;
|
opt.def_cipher_algo = CIPHER_ALGO_IDEA;
|
||||||
if( cmd==aEncr && check_cipher_algo(CIPHER_ALGO_IDEA) ) {
|
if( (cmd==aEncr || cmd==aSym || cmd==aSignEncr)
|
||||||
|
&& check_cipher_algo(CIPHER_ALGO_IDEA) ) {
|
||||||
log_info(_("Encrypting a message to a PGP 2.x user requires "
|
log_info(_("Encrypting a message to a PGP 2.x user requires "
|
||||||
"the IDEA cipher module.\n"));
|
"the IDEA cipher module.\n"));
|
||||||
log_error(_("Please see http://www.gnupg.org/why-not-idea.html"
|
log_error(_("Please see http://www.gnupg.org/why-not-idea.html"
|
||||||
@ -2110,10 +2111,18 @@ check_policy_url( const char *s )
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
const char *get_temp_dir(void)
|
const char *
|
||||||
|
get_temp_dir(void)
|
||||||
{
|
{
|
||||||
char *tmp;
|
char *tmp;
|
||||||
|
|
||||||
|
#ifndef __MINGW32__
|
||||||
|
/* Don't allow to be setuid when we are going to create temporary
|
||||||
|
files or directories - yes, this is a bit paranoid */
|
||||||
|
if (getuid() != geteuid() )
|
||||||
|
BUG ();
|
||||||
|
#endif
|
||||||
|
|
||||||
if(opt.temp_dir)
|
if(opt.temp_dir)
|
||||||
return opt.temp_dir;
|
return opt.temp_dir;
|
||||||
|
|
||||||
|
14
g10/hkp.c
14
g10/hkp.c
@ -165,7 +165,10 @@ hkp_export( STRLIST users )
|
|||||||
if( opt.verbose ) {
|
if( opt.verbose ) {
|
||||||
int c;
|
int c;
|
||||||
while( (c=iobuf_get(hd.fp_read)) != EOF )
|
while( (c=iobuf_get(hd.fp_read)) != EOF )
|
||||||
|
if ( c >= 32 && c < 127 )
|
||||||
putchar( c );
|
putchar( c );
|
||||||
|
else
|
||||||
|
putchar ( '?' );
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
if( (status/100) == 2 )
|
if( (status/100) == 2 )
|
||||||
@ -211,10 +214,12 @@ urlencode_filter( void *opaque, int control,
|
|||||||
LDAP server are close enough in output so the same function can
|
LDAP server are close enough in output so the same function can
|
||||||
parse them both. */
|
parse them both. */
|
||||||
|
|
||||||
static int parse_hkp_index(IOBUF buffer,char *line)
|
static int
|
||||||
|
parse_hkp_index(IOBUF buffer,char *line)
|
||||||
{
|
{
|
||||||
static int open=0,revoked=0;
|
static int open=0,revoked=0;
|
||||||
static char *key,*uid;
|
static char *key;
|
||||||
|
static unsigned char *uid;
|
||||||
static u32 bits,createtime;
|
static u32 bits,createtime;
|
||||||
int ret=0;
|
int ret=0;
|
||||||
|
|
||||||
@ -227,7 +232,7 @@ static int parse_hkp_index(IOBUF buffer,char *line)
|
|||||||
|
|
||||||
if(!(revoked && !opt.keyserver_options.include_revoked))
|
if(!(revoked && !opt.keyserver_options.include_revoked))
|
||||||
{
|
{
|
||||||
char intstr[11];
|
char intstr[20];
|
||||||
|
|
||||||
iobuf_writestr(buffer,key);
|
iobuf_writestr(buffer,key);
|
||||||
iobuf_writestr(buffer,":");
|
iobuf_writestr(buffer,":");
|
||||||
@ -374,7 +379,8 @@ int hkp_search(STRLIST tokens)
|
|||||||
{
|
{
|
||||||
int rc=0,len=0,first=1;
|
int rc=0,len=0,first=1;
|
||||||
unsigned int maxlen=1024,buflen=0;
|
unsigned int maxlen=1024,buflen=0;
|
||||||
char *searchstr=NULL,*searchurl=NULL,*request;
|
unsigned char *searchstr=NULL,*searchurl=NULL;
|
||||||
|
unsigned char *request;
|
||||||
struct http_context hd;
|
struct http_context hd;
|
||||||
unsigned int hflags=opt.honor_http_proxy?HTTP_FLAG_TRY_PROXY:0;
|
unsigned int hflags=opt.honor_http_proxy?HTTP_FLAG_TRY_PROXY:0;
|
||||||
byte *line=NULL;
|
byte *line=NULL;
|
||||||
|
@ -49,7 +49,8 @@
|
|||||||
#define SEND 1
|
#define SEND 1
|
||||||
#define SEARCH 2
|
#define SEARCH 2
|
||||||
|
|
||||||
void parse_keyserver_options(char *options)
|
void
|
||||||
|
parse_keyserver_options(char *options)
|
||||||
{
|
{
|
||||||
char *tok="";
|
char *tok="";
|
||||||
|
|
||||||
@ -98,7 +99,8 @@ void parse_keyserver_options(char *options)
|
|||||||
while(tok!=NULL);
|
while(tok!=NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
int parse_keyserver_uri(char *uri)
|
int
|
||||||
|
parse_keyserver_uri(char *uri)
|
||||||
{
|
{
|
||||||
/* Get the scheme */
|
/* Get the scheme */
|
||||||
|
|
||||||
@ -134,7 +136,8 @@ int parse_keyserver_uri(char *uri)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Unquote only the delimiter character */
|
/* Unquote only the delimiter character */
|
||||||
static void printunquoted(char *string,char delim)
|
static void
|
||||||
|
printunquoted(char *string,char delim)
|
||||||
{
|
{
|
||||||
char *ch=string;
|
char *ch=string;
|
||||||
|
|
||||||
@ -160,7 +163,8 @@ static void printunquoted(char *string,char delim)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static int print_keyinfo(int count,char *keystring,u32 *keyid)
|
static int
|
||||||
|
print_keyinfo(int count,char *keystring,u32 *keyid)
|
||||||
{
|
{
|
||||||
char *certid,*userid,*keytype,*tok;
|
char *certid,*userid,*keytype,*tok;
|
||||||
int flags,keysize=0;
|
int flags,keysize=0;
|
||||||
@ -212,6 +216,7 @@ static int print_keyinfo(int count,char *keystring,u32 *keyid)
|
|||||||
|
|
||||||
printf("(%d)\t",count);
|
printf("(%d)\t",count);
|
||||||
|
|
||||||
|
#warning Hmmm, do we need to check for non-printable characters? (wk)
|
||||||
printunquoted(userid,':');
|
printunquoted(userid,':');
|
||||||
|
|
||||||
if(flags&1)
|
if(flags&1)
|
||||||
@ -235,7 +240,9 @@ static int print_keyinfo(int count,char *keystring,u32 *keyid)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int keyserver_spawn(int action,STRLIST list,u32 (*kidlist)[2],int count)
|
|
||||||
|
static int
|
||||||
|
keyserver_spawn(int action,STRLIST list,u32 (*kidlist)[2],int count)
|
||||||
{
|
{
|
||||||
int ret=KEYSERVER_INTERNAL_ERROR,i,to[2]={-1,-1},from[2]={-1,-1};
|
int ret=KEYSERVER_INTERNAL_ERROR,i,to[2]={-1,-1},from[2]={-1,-1};
|
||||||
pid_t child=0;
|
pid_t child=0;
|
||||||
@ -248,6 +255,13 @@ static int keyserver_spawn(int action,STRLIST list,u32 (*kidlist)[2],int count)
|
|||||||
IOBUF fromchild=NULL;
|
IOBUF fromchild=NULL;
|
||||||
int gotversion=0,madedir=0;
|
int gotversion=0,madedir=0;
|
||||||
|
|
||||||
|
#ifndef __MINGW32__
|
||||||
|
/* Don't allow to be setuid when we are going to create temporary
|
||||||
|
files or directories - yes, this is a bit paranoid */
|
||||||
|
if (getuid() != geteuid() )
|
||||||
|
BUG ();
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Build the filename for the helper to execute */
|
/* Build the filename for the helper to execute */
|
||||||
|
|
||||||
filename=m_alloc(strlen("gpgkeys_")+strlen(opt.keyserver_scheme)+1);
|
filename=m_alloc(strlen("gpgkeys_")+strlen(opt.keyserver_scheme)+1);
|
||||||
@ -666,7 +680,8 @@ static int keyserver_spawn(int action,STRLIST list,u32 (*kidlist)[2],int count)
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int keyserver_work(int action,STRLIST list,u32 (*kidlist)[2],int count)
|
static int
|
||||||
|
keyserver_work(int action,STRLIST list,u32 (*kidlist)[2],int count)
|
||||||
{
|
{
|
||||||
int rc=0;
|
int rc=0;
|
||||||
|
|
||||||
@ -732,12 +747,14 @@ static int keyserver_work(int action,STRLIST list,u32 (*kidlist)[2],int count)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int keyserver_export(STRLIST users)
|
int
|
||||||
|
keyserver_export(STRLIST users)
|
||||||
{
|
{
|
||||||
return keyserver_work(SEND,users,NULL,0);
|
return keyserver_work(SEND,users,NULL,0);
|
||||||
}
|
}
|
||||||
|
|
||||||
int keyserver_import(STRLIST users)
|
int
|
||||||
|
keyserver_import(STRLIST users)
|
||||||
{
|
{
|
||||||
u32 (*kidlist)[2];
|
u32 (*kidlist)[2];
|
||||||
int num=100,count=0;
|
int num=100,count=0;
|
||||||
@ -779,7 +796,8 @@ int keyserver_import(STRLIST users)
|
|||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
int keyserver_import_keyid(u32 *keyid)
|
int
|
||||||
|
keyserver_import_keyid(u32 *keyid)
|
||||||
{
|
{
|
||||||
STRLIST sl=NULL;
|
STRLIST sl=NULL;
|
||||||
char key[17];
|
char key[17];
|
||||||
@ -797,7 +815,8 @@ int keyserver_import_keyid(u32 *keyid)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* code mostly stolen from do_export_stream */
|
/* code mostly stolen from do_export_stream */
|
||||||
static int keyidlist(STRLIST users,u32 (**kidlist)[2],int *count)
|
static int
|
||||||
|
keyidlist(STRLIST users,u32 (**kidlist)[2],int *count)
|
||||||
{
|
{
|
||||||
int rc=0,ndesc,num=100;
|
int rc=0,ndesc,num=100;
|
||||||
KBNODE keyblock=NULL,node;
|
KBNODE keyblock=NULL,node;
|
||||||
@ -873,7 +892,8 @@ static int keyidlist(STRLIST users,u32 (**kidlist)[2],int *count)
|
|||||||
/* Note this is different than the original HKP refresh. It allows
|
/* Note this is different than the original HKP refresh. It allows
|
||||||
usernames to refresh only part of the keyring. */
|
usernames to refresh only part of the keyring. */
|
||||||
|
|
||||||
int keyserver_refresh(STRLIST users)
|
int
|
||||||
|
keyserver_refresh(STRLIST users)
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
u32 (*kidlist)[2];
|
u32 (*kidlist)[2];
|
||||||
@ -883,6 +903,12 @@ int keyserver_refresh(STRLIST users)
|
|||||||
if(rc)
|
if(rc)
|
||||||
return rc;
|
return rc;
|
||||||
|
|
||||||
|
/* fixme: this is is a problem: for Example in German you have 1
|
||||||
|
Schlüssel, 2 Schlüssel but 1 Auto, 2 Autos. There is no
|
||||||
|
regularity in German (afaik); other languages have even more
|
||||||
|
complicates ways. The latest gettext versions have some code to
|
||||||
|
cope with this, but I haven't looked into it. The old suggestion
|
||||||
|
is to write 2 full strings and don't use %s */
|
||||||
log_info(_("%d key%s to refresh\n"),count,count!=1?"s":"");
|
log_info(_("%d key%s to refresh\n"),count,count!=1?"s":"");
|
||||||
|
|
||||||
if(count>0)
|
if(count>0)
|
||||||
@ -893,7 +919,8 @@ int keyserver_refresh(STRLIST users)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int keyserver_search(STRLIST tokens)
|
int
|
||||||
|
keyserver_search(STRLIST tokens)
|
||||||
{
|
{
|
||||||
if(tokens)
|
if(tokens)
|
||||||
return keyserver_work(SEARCH,tokens,NULL,0);
|
return keyserver_work(SEARCH,tokens,NULL,0);
|
||||||
@ -903,7 +930,8 @@ int keyserver_search(STRLIST tokens)
|
|||||||
|
|
||||||
/* Count is just for cosmetics. If it is too small, it will grow
|
/* Count is just for cosmetics. If it is too small, it will grow
|
||||||
safely. If it negative it disables the "Key x-y of z" messages. */
|
safely. If it negative it disables the "Key x-y of z" messages. */
|
||||||
void keyserver_search_prompt(IOBUF buffer,int count,const char *searchstr)
|
void
|
||||||
|
keyserver_search_prompt(IOBUF buffer,int count,const char *searchstr)
|
||||||
{
|
{
|
||||||
int i=0,validcount=1;
|
int i=0,validcount=1;
|
||||||
unsigned int maxlen=256,buflen=0;
|
unsigned int maxlen=256,buflen=0;
|
||||||
|
@ -70,7 +70,7 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek )
|
|||||||
PKT_secret_key *sk = NULL;
|
PKT_secret_key *sk = NULL;
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
rc = check_pubkey_algo( k->pubkey_algo );
|
rc = check_pubkey_algo2 (k->pubkey_algo, PUBKEY_USAGE_ENC);
|
||||||
if( rc )
|
if( rc )
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user