common: Don't assume on-disk layout matches in-memory layout.

* g10/packet.h (PKT_signature): Change revkey's type from a struct
revocation_key ** to a struct revocation_key *.  Update users.

--
revkey was a pointer into the raw data.  But, C doesn't guarantee that
there is no padding.  Thus, we copy the data.

Signed-off-by: Neal H. Walfield <neal@g10code.com>.

g10/export.c

@@ -1011,7 +1011,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
                   int i;
 
                   for (i=0;i<node->pkt->pkt.signature->numrevkeys;i++)
-                    if ( (node->pkt->pkt.signature->revkey[i]->class & 0x40))
+                    if ( (node->pkt->pkt.signature->revkey[i].class & 0x40))
                       break;
 
                   if (i < node->pkt->pkt.signature->numrevkeys)

g10/getkey.c

@@ -720,7 +720,7 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
 
      ANYLOCALFIRST is set if the search order has the local method
      before any other or if "local" is used first by default.  This
-     makes sure that if a RETCTX is used it gets only set if a local
+     makes sure that if a RETCTX is used it is only set if a local
      search has precedence over the other search methods and only then
      a followup call to get_pubkey_next shall succeed.  */
   if (!no_akl)
@@ -1606,7 +1606,7 @@ merge_selfsigs_main (KBNODE keyblock, int *r_revoked,
 
 		      for (i = 0; i < sig->numrevkeys; i++)
 			memcpy (&pk->revkey[pk->numrevkeys++],
-				sig->revkey[i],
+				&sig->revkey[i],
 				sizeof (struct revocation_key));
 		    }
 

g10/import.c

@@ -2397,7 +2397,7 @@ revocation_present (ctrl_t ctrl, kbnode_t keyblock)
 	    {
 	      u32 keyid[2];
 
-	      keyid_from_fingerprint(sig->revkey[idx]->fpr,
+	      keyid_from_fingerprint(sig->revkey[idx].fpr,
 				     MAX_FINGERPRINT_LEN,keyid);
 
 	      for(inode=keyblock->next;inode;inode=inode->next)
@@ -2416,7 +2416,7 @@ revocation_present (ctrl_t ctrl, kbnode_t keyblock)
                          itself? */
 		      int rc;
 
-		      rc=get_pubkey_byfprint_fast (NULL,sig->revkey[idx]->fpr,
+		      rc=get_pubkey_byfprint_fast (NULL,sig->revkey[idx].fpr,
                                                    MAX_FINGERPRINT_LEN);
 		      if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
                           || gpg_err_code (rc) == GPG_ERR_UNUSABLE_PUBKEY)
@@ -2432,13 +2432,13 @@ revocation_present (ctrl_t ctrl, kbnode_t keyblock)
 					 " fetching revocation key %s\n"),
 				       tempkeystr,keystr(keyid));
 			      keyserver_import_fprint (ctrl,
-                                                       sig->revkey[idx]->fpr,
+                                                       sig->revkey[idx].fpr,
                                                        MAX_FINGERPRINT_LEN,
                                                        opt.keyserver);
 
 			      /* Do we have it now? */
 			      rc=get_pubkey_byfprint_fast (NULL,
-						     sig->revkey[idx]->fpr,
+						     sig->revkey[idx].fpr,
 						     MAX_FINGERPRINT_LEN);
 			    }
 

g10/packet.h

@@ -167,7 +167,7 @@ typedef struct
   byte    trust_depth;
   byte    trust_value;
   const byte *trust_regexp;
-  struct revocation_key **revkey;
+  struct revocation_key *revkey;
   int numrevkeys;
   pka_info_t *pka_info;      /* Malloced PKA data or NULL if not
                                 available.  See also flags.pka_tried. */

g10/parse-packet.c

@@ -1711,25 +1711,31 @@ parse_sig_subpkt2 (PKT_signature * sig, sigsubpkttype_t reqtype)
 void
 parse_revkeys (PKT_signature * sig)
 {
-  struct revocation_key *revkey;
+  const byte *revkey;
   int seq = 0;
   size_t len;
 
   if (sig->sig_class != 0x1F)
     return;
 
-  while ((revkey =
-	  (struct revocation_key *) enum_sig_subpkt (sig->hashed,
-						     SIGSUBPKT_REV_KEY,
-						     &len, &seq, NULL)))
+  while ((revkey = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REV_KEY,
+				    &len, &seq, NULL)))
     {
-      if (len == sizeof (struct revocation_key)
-          && (revkey->class & 0x80))  /* 0x80 bit must be set.  */
+      if (/* The only valid length is 22 bytes.  See RFC 4880
+	     5.2.3.15.  */
+	  len == 22
+	  /* 0x80 bit must be set on the class.  */
+          && (revkey[0] & 0x80))
 	{
 	  sig->revkey = xrealloc (sig->revkey,
-				  sizeof (struct revocation_key *) *
+				  sizeof (struct revocation_key) *
 				  (sig->numrevkeys + 1));
-	  sig->revkey[sig->numrevkeys] = revkey;
+
+	  /* Copy the individual fields.  */
+	  sig->revkey[sig->numrevkeys].class = revkey[0];
+	  sig->revkey[sig->numrevkeys].algid = revkey[1];
+	  memcpy (sig->revkey[sig->numrevkeys].fpr, &revkey[2], 20);
+
 	  sig->numrevkeys++;
 	}
     }

g10/revoke.c

@@ -383,11 +383,11 @@ gen_desig_revoke( const char *uname, strlist_t locusr )
 		    for(j=0;j<signode->pkt->pkt.signature->numrevkeys;j++)
 		      {
 			if(pk->revkey[i].class==
-			   signode->pkt->pkt.signature->revkey[j]->class &&
+			   signode->pkt->pkt.signature->revkey[j].class &&
 			   pk->revkey[i].algid==
-			   signode->pkt->pkt.signature->revkey[j]->algid &&
+			   signode->pkt->pkt.signature->revkey[j].algid &&
 			   memcmp(pk->revkey[i].fpr,
-				  signode->pkt->pkt.signature->revkey[j]->fpr,
+				  signode->pkt->pkt.signature->revkey[j].fpr,
 				  MAX_FINGERPRINT_LEN)==0)
 			  {
 			    revkey=signode->pkt->pkt.signature;