From 63e7891f0f9f0228d93c6cd979fbf2797da2b67d Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 4 Dec 2014 10:53:10 +0100
Subject: [PATCH] gpg: Allow import of large keys.

* g10/import.c (import): Skip too large keys.
* kbx/keybox-file.c (IMAGELEN_LIMIT): Change limit from 2MB to 5MB.
--

The key which triggered the problem was 0x57930DAB0B86B067.  With this
patch it can be imported.  Keys larger than the now increased limit of
5MB will are skipped and the already existing not_imported counter is
bumped up.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 NEWS              |  2 ++
 g10/import.c      | 16 +++++++++++++---
 kbx/keybox-file.c |  2 +-
 3 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/NEWS b/NEWS
index 7643a02fb..9b17fe14e 100644
--- a/NEWS
+++ b/NEWS
@@ -26,6 +26,8 @@ Noteworthy changes in version 2.1.1 (unreleased)
  * gpg: Removed the option aliases --throw-keyid and --notation-data;
    use --throw-keyids and --set-notation instead.
 
+ * gpg: Skip too large keys during import.
+
 
 Noteworthy changes in version 2.1.0 (2014-11-06)
 ------------------------------------------------
diff --git a/g10/import.c b/g10/import.c
index c41ff63d8..4ae913576 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -341,10 +341,20 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct stats_s *stats,
           log_info (_("skipping block of type %d\n"), keyblock->pkt->pkttype);
 	}
       release_kbnode (keyblock);
-      /* fixme: we should increment the not imported counter but this
-         does only make sense if we keep on going despite of errors. */
-      if (rc)
+
+      /* fixme: we should increment the not imported counter but
+         this does only make sense if we keep on going despite of
+         errors.  For now we do this only if the imported key is too
+         large. */
+      if (gpg_err_code (rc) == GPG_ERR_TOO_LARGE
+            && gpg_err_source (rc) == GPG_ERR_SOURCE_KEYBOX)
+        {
+          stats->not_imported++;
+          rc = 0;
+        }
+      else if (rc)
         break;
+
       if (!(++stats->count % 100) && !opt.quiet)
         log_info (_("%lu keys processed so far\n"), stats->count );
     }
diff --git a/kbx/keybox-file.c b/kbx/keybox-file.c
index 98808ed4f..21d603854 100644
--- a/kbx/keybox-file.c
+++ b/kbx/keybox-file.c
@@ -27,7 +27,7 @@
 #include "keybox-defs.h"
 
 
-#define IMAGELEN_LIMIT (2*1024*1024)
+#define IMAGELEN_LIMIT (5*1024*1024)
 
 
 #if !defined(HAVE_FTELLO) && !defined(ftello)