security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-06-13 18:21:03 +02:00
Code Activity

g10: Be more careful when merging self-signed data.

Browse Source 
* g10/getkey.c (merge_selfsigs_main): Stop looking for self-signed
data belonging to the public key when we encounter an attribute packet
or a subkey packet, not just a user id packet.  When looking for
self-signed data belonging to a user id packet, stop when we see a
user attribute packet.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
This commit is contained in:
Neal H. Walfield 2015-09-16 15:01:45 +02:00
parent c31e089129
commit 6845737736
1 changed files with 21 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
g10/getkey.c
View File

@ -1536,7 +1536,15 @@ merge_selfsigs_main (KBNODE keyblock, int *r_revoked,
signode = NULL; signode = NULL;
sigdate = 0; /* Helper variable to find the latest signature. */ sigdate = 0; /* Helper variable to find the latest signature. */
for (k = keyblock; k && k->pkt->pkttype != PKT_USER_ID; k = k->next)
/* According to Section 11.1 of RFC 4880, the public key comes first
and is immediately followed by any signature packets that modify
it. */
for (k = keyblock;
k && k->pkt->pkttype != PKT_USER_ID
&& k->pkt->pkttype != PKT_ATTRIBUTE
&& k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
k = k->next)
{ {
if (k->pkt->pkttype == PKT_SIGNATURE) if (k->pkt->pkttype == PKT_SIGNATURE)
{ {
@ -1694,11 +1702,16 @@ merge_selfsigs_main (KBNODE keyblock, int *r_revoked,
} }
/* Second pass: Look at the self-signature of all user IDs. */ /* Second pass: Look at the self-signature of all user IDs. */
/* According to RFC 4880 section 11.1, user id and attribute packets
are in the second section, after the public key packet and before
the subkey packets. */
signode = uidnode = NULL; signode = uidnode = NULL;
sigdate = 0; /* Helper variable to find the latest signature in one UID. */ sigdate = 0; /* Helper variable to find the latest signature in one UID. */
for (k = keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k = k->next) for (k = keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k = k->next)
{ {
if (k->pkt->pkttype == PKT_USER_ID) if (k->pkt->pkttype == PKT_USER_ID || k->pkt->pkttype == PKT_ATTRIBUTE)
/* New user id packet. */
{ {
if (uidnode && signode) if (uidnode && signode)
/* Apply the data from the most recent self-signed packet /* Apply the data from the most recent self-signed packet
@ -1707,7 +1720,12 @@ merge_selfsigs_main (KBNODE keyblock, int *r_revoked,
fixup_uidnode (uidnode, signode, keytimestamp); fixup_uidnode (uidnode, signode, keytimestamp);
pk->flags.valid = 1; pk->flags.valid = 1;
} }
uidnode = k; /* Clear SIGNODE. The only relevant self-signed data for
UIDNODE follows it. */
if (k->pkt->pkttype == PKT_USER_ID)
uidnode = k;
else
uidnode = NULL;
signode = NULL; signode = NULL;
sigdate = 0; sigdate = 0;
} }