security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

* getkey.c (merge_selfsigs_main), main.h, sig-check.c

Browse source 
(check_key_signature2): Pass the ultimately trusted pk directly to
check_key_signature2 to avoid going through the key selection mechanism.
This prevents a deadly embrace when two keys without selfsigs each sign
the other.
This commit is contained in:
David Shaw 2002-12-28 04:08:53 +00:00
parent 1fb55cd173
commit 63246fe693
4 changed files with 21 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

9
g10/getkey.c
View file

@ -1576,6 +1576,8 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
else if ( k->pkt->pkttype == PKT_SIGNATURE && uidnode )
{
PKT_signature *sig = k->pkt->pkt.signature;
u32 dummy;
int dum2;
if(sig->keyid[0] != kid[0] || sig->keyid[1]!=kid[1])
{
@ -1583,9 +1585,10 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
ultimate_pk=m_alloc_clear(sizeof(*ultimate_pk));
if(get_pubkey_fast(ultimate_pk,sig->keyid)==0 &&
check_key_signature(keyblock,k,NULL)==0 &&
get_ownertrust(ultimate_pk)==TRUST_ULTIMATE)
if(get_pubkey_fast(ultimate_pk,sig->keyid)==0
&& check_key_signature2(keyblock,k,ultimate_pk,
NULL,&dummy,&dum2)==0
&& get_ownertrust(ultimate_pk)==TRUST_ULTIMATE)
{
free_public_key(ultimate_pk);
pk->is_valid=1;