g10: Be more careful when checking cross signatures.

* g10/tofu.c (cross_sigs): When checking cross signatures, only consider the signatures on the specified user id. * tests/openpgp/tofu.scm: Add test for the above. * tests/openpgp/tofu/cross-sigs/ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg: New file. * tests/openpgp/tofu/cross-sigs/ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt: New file. * tests/openpgp/tofu/cross-sigs/ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg: New file. * tests/openpgp/tofu/cross-sigs/ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt: New file. * tests/openpgp/tofu/cross-sigs/ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt: New file. * tests/openpgp/tofu/cross-sigs/ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg: New file. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg: New file. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt: New file. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg: New file. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt: New file. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg: New file. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt: New file. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg: New file. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg: New file. * tests/openpgp/tofu/cross-sigs/README: New file. -- Signed-off-by: Neal H. Walfield
2025-07-02 22:46:30 +02:00 · 2016-10-13 12:44:59 +02:00 · 2016-10-13 12:44:59 +02:00 · 4c0389f8eb
commit 4c0389f8eb
parent e09166c772
17 changed files with 178 additions and 2 deletions
--- a/g10/tofu.c
+++ b/g10/tofu.c
@ -1211,7 +1211,7 @@ format_conflict_msg_part1 (int policy, strlist_t conflict_set,

 /* Return 1 if A signed B and B signed A.  */
 static int
-cross_sigs (kbnode_t a, kbnode_t b)
+cross_sigs (const char *email, kbnode_t a, kbnode_t b)
 {
  int i;

@ -1240,12 +1240,36 @@ cross_sigs (kbnode_t a, kbnode_t b)
      u32 *signer_kid = pk_main_keyid (signer_pk);
      kbnode_t n;

+      int saw_email = 0;
+
      /* Iterate over SIGNEE's keyblock and see if there is a valid
         signature from SIGNER.  */
      for (n = signee; n; n = n->next)
        {
          PKT_signature *sig;

+          if (n->pkt->pkttype == PKT_USER_ID)
+            {
+              if (saw_email)
+                /* We're done: we've processed all signatures on the
+                   user id.  */
+                break;
+              else
+                {
+                  /* See if this is the matching user id.  */
+                  PKT_user_id *user_id = n->pkt->pkt.user_id;
+                  char *email2 = email_from_user_id (user_id->name);
+
+                  if (strcmp (email, email2) == 0)
+                    saw_email = 1;
+
+                  xfree (email2);
+                }
+            }
+
+          if (! saw_email)
+            continue;
+
          if (n->pkt->pkttype != PKT_SIGNATURE)
            continue;

@ -1974,7 +1998,7 @@ build_conflict_set (tofu_dbs_t dbs, const char *fingerprint, const char *email)

        for (j = i + 1; j < conflict_set_count; j ++)
          /* Be careful: we might not have a key block for a key.  */
-          if (kb_all[i] && kb_all[j] && cross_sigs (kb_all[i], kb_all[j]))
+          if (kb_all[i] && kb_all[j] && cross_sigs (email, kb_all[i], kb_all[j]))
            die[j] = 1;
      }