security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-06 23:17:47 +02:00
Code Activity

Relax mailbox name checking. Fixes bug#1315.

Browse Source
This commit is contained in:
Werner Koch 2011-02-03 18:05:56 +01:00
parent d9e2dcc1a9
commit 71e7a1644e
2 changed files with 43 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
g10/ChangeLog
View File

@ -1,5 +1,8 @@
2011-02-03 Werner Koch <wk@g10code.com> 2011-02-03 Werner Koch <wk@g10code.com>
* misc.c (has_invalid_email_chars): Relax mailbox name checking.
Fixes bug#1315.
* sign.c (do_sign): Use openpgp_pk_algo_name. * sign.c (do_sign): Use openpgp_pk_algo_name.
* keygen.c (ask_algo): Show ECC algos only in expert mode. Add * keygen.c (ask_algo): Show ECC algos only in expert mode. Add

81
g10/misc.c
View File

@ -40,7 +40,7 @@
#ifdef HAVE_W32_SYSTEM #ifdef HAVE_W32_SYSTEM
#include <time.h> #include <time.h>
#include <process.h> #include <process.h>
#include <windows.h> #include <windows.h>
#include <shlobj.h> #include <shlobj.h>
#ifndef CSIDL_APPDATA #ifndef CSIDL_APPDATA
#define CSIDL_APPDATA 0x001a #define CSIDL_APPDATA 0x001a
@ -82,7 +82,7 @@ string_count_chr (const char *string, int c)
#ifdef ENABLE_SELINUX_HACKS #ifdef ENABLE_SELINUX_HACKS
/* A object and a global variable to keep track of files marked as /* A object and a global variable to keep track of files marked as
secured. */ secured. */
struct secured_file_item struct secured_file_item
{ {
struct secured_file_item *next; struct secured_file_item *next;
ino_t ino; ino_t ino;
@ -107,7 +107,7 @@ register_secured_file (const char *fname)
/* Note that we stop immediatley if something goes wrong here. */ /* Note that we stop immediatley if something goes wrong here. */
if (stat (fname, &buf)) if (stat (fname, &buf))
log_fatal (_("fstat of `%s' failed in %s: %s\n"), fname, log_fatal (_("fstat of `%s' failed in %s: %s\n"), fname,
"register_secured_file", strerror (errno)); "register_secured_file", strerror (errno));
/* log_debug ("registering `%s' i=%lu.%lu\n", fname, */ /* log_debug ("registering `%s' i=%lu.%lu\n", fname, */
/* (unsigned long)buf.st_dev, (unsigned long)buf.st_ino); */ /* (unsigned long)buf.st_dev, (unsigned long)buf.st_ino); */
@ -161,8 +161,8 @@ unregister_secured_file (const char *fname)
} }
/* Return true if FD is corresponds to a secured file. Using -1 for /* Return true if FD is corresponds to a secured file. Using -1 for
FS is allowed and will return false. */ FS is allowed and will return false. */
int int
is_secured_file (int fd) is_secured_file (int fd)
{ {
#ifdef ENABLE_SELINUX_HACKS #ifdef ENABLE_SELINUX_HACKS
@ -176,7 +176,7 @@ is_secured_file (int fd)
secure if something went wrong. */ secure if something went wrong. */
if (fstat (fd, &buf)) if (fstat (fd, &buf))
{ {
log_error (_("fstat(%d) failed in %s: %s\n"), fd, log_error (_("fstat(%d) failed in %s: %s\n"), fd,
"is_secured_file", strerror (errno)); "is_secured_file", strerror (errno));
return 1; return 1;
} }
@ -196,8 +196,8 @@ is_secured_file (int fd)
/* Return true if FNAME is corresponds to a secured file. Using NULL, /* Return true if FNAME is corresponds to a secured file. Using NULL,
"" or "-" for FS is allowed and will return false. This function is "" or "-" for FS is allowed and will return false. This function is
used before creating a file, thus it won't fail if the file does used before creating a file, thus it won't fail if the file does
not exist. */ not exist. */
int int
is_secured_filename (const char *fname) is_secured_filename (const char *fname)
{ {
#ifdef ENABLE_SELINUX_HACKS #ifdef ENABLE_SELINUX_HACKS
@ -205,7 +205,7 @@ is_secured_filename (const char *fname)
struct secured_file_item *sf; struct secured_file_item *sf;
if (iobuf_is_pipe_filename (fname) || !*fname) if (iobuf_is_pipe_filename (fname) || !*fname)
return 0; return 0;
/* Note that we print out a error here and claim that a file is /* Note that we print out a error here and claim that a file is
secure if something went wrong. */ secure if something went wrong. */
@ -346,9 +346,9 @@ map_cipher_openpgp_to_gcry (int algo)
{ {
switch (algo) switch (algo)
{ {
case CIPHER_ALGO_CAMELLIA128: return 310; case CIPHER_ALGO_CAMELLIA128: return 310;
case CIPHER_ALGO_CAMELLIA192: return 311; case CIPHER_ALGO_CAMELLIA192: return 311;
case CIPHER_ALGO_CAMELLIA256: return 312; case CIPHER_ALGO_CAMELLIA256: return 312;
default: return algo; default: return algo;
} }
} }
@ -394,7 +394,7 @@ map_pk_gcry_to_openpgp (enum gcry_pk_algos algo)
/* Return the block length of an OpenPGP cipher algorithm. */ /* Return the block length of an OpenPGP cipher algorithm. */
int int
openpgp_cipher_blocklen (int algo) openpgp_cipher_blocklen (int algo)
{ {
/* We use the numbers from OpenPGP to be sure that we get the right /* We use the numbers from OpenPGP to be sure that we get the right
@ -434,7 +434,7 @@ openpgp_cipher_test_algo( int algo )
string representation of the algorithm name. For unknown algorithm string representation of the algorithm name. For unknown algorithm
IDs this function returns "?". */ IDs this function returns "?". */
const char * const char *
openpgp_cipher_algo_name (int algo) openpgp_cipher_algo_name (int algo)
{ {
return gnupg_cipher_algo_name (map_cipher_openpgp_to_gcry (algo)); return gnupg_cipher_algo_name (map_cipher_openpgp_to_gcry (algo));
} }
@ -445,7 +445,7 @@ openpgp_pk_test_algo( int algo )
/* Dont't allow type 20 keys unless in rfc2440 mode. */ /* Dont't allow type 20 keys unless in rfc2440 mode. */
if (!RFC2440 && algo == 20) if (!RFC2440 && algo == 20)
return gpg_error (GPG_ERR_PUBKEY_ALGO); return gpg_error (GPG_ERR_PUBKEY_ALGO);
if (algo == GCRY_PK_ELG_E) if (algo == GCRY_PK_ELG_E)
algo = GCRY_PK_ELG; algo = GCRY_PK_ELG;
@ -474,13 +474,13 @@ openpgp_pk_test_algo2( int algo, unsigned int use )
GCRYCTL_TEST_ALGO, NULL, &use_buf); GCRYCTL_TEST_ALGO, NULL, &use_buf);
} }
int int
openpgp_pk_algo_usage ( int algo ) openpgp_pk_algo_usage ( int algo )
{ {
int use = 0; int use = 0;
/* They are hardwired in gpg 1.0. */ /* They are hardwired in gpg 1.0. */
switch ( algo ) { switch ( algo ) {
case PUBKEY_ALGO_RSA: case PUBKEY_ALGO_RSA:
use = (PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG use = (PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG
| PUBKEY_USAGE_ENC | PUBKEY_USAGE_AUTH); | PUBKEY_USAGE_ENC | PUBKEY_USAGE_AUTH);
@ -499,7 +499,7 @@ openpgp_pk_algo_usage ( int algo )
case PUBKEY_ALGO_ELGAMAL_E: case PUBKEY_ALGO_ELGAMAL_E:
use = PUBKEY_USAGE_ENC; use = PUBKEY_USAGE_ENC;
break; break;
case PUBKEY_ALGO_DSA: case PUBKEY_ALGO_DSA:
use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH; use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH;
break; break;
case PUBKEY_ALGO_ECDSA: case PUBKEY_ALGO_ECDSA:
@ -514,7 +514,7 @@ openpgp_pk_algo_usage ( int algo )
string representation of the algorithm name. For unknown algorithm string representation of the algorithm name. For unknown algorithm
IDs this function returns "?". */ IDs this function returns "?". */
const char * const char *
openpgp_pk_algo_name (int algo) openpgp_pk_algo_name (int algo)
{ {
return gcry_pk_algo_name (map_pk_openpgp_to_gcry (algo)); return gcry_pk_algo_name (map_pk_openpgp_to_gcry (algo));
} }
@ -538,7 +538,7 @@ openpgp_md_test_algo( int algo )
string representation of the algorithm name. For unknown algorithm string representation of the algorithm name. For unknown algorithm
IDs this function returns "?". */ IDs this function returns "?". */
const char * const char *
openpgp_md_algo_name (int algo) openpgp_md_algo_name (int algo)
{ {
if (algo < 0 || algo > 110) if (algo < 0 || algo > 110)
return "?"; return "?";
@ -564,7 +564,7 @@ idea_cipher_warn(int show)
#endif #endif
static unsigned long static unsigned long
get_signature_count (PKT_public_key *pk) get_signature_count (PKT_public_key *pk)
{ {
#ifdef ENABLE_CARD_SUPPORT #ifdef ENABLE_CARD_SUPPORT
@ -663,7 +663,7 @@ pct_expando(const char *string,struct expando_args *args)
sprintf (&ret[idx],"%lu", get_signature_count (args->pksk)); sprintf (&ret[idx],"%lu", get_signature_count (args->pksk));
idx+=strlen(&ret[idx]); idx+=strlen(&ret[idx]);
done=1; done=1;
} }
break; break;
case 'p': /* primary pk fingerprint of a sk */ case 'p': /* primary pk fingerprint of a sk */
@ -735,7 +735,7 @@ pct_expando(const char *string,struct expando_args *args)
case 't': /* e.g. "jpg" */ case 't': /* e.g. "jpg" */
str=image_type_to_string(args->imagetype,0); str=image_type_to_string(args->imagetype,0);
break; break;
case 'T': /* e.g. "image/jpeg" */ case 'T': /* e.g. "image/jpeg" */
str=image_type_to_string(args->imagetype,2); str=image_type_to_string(args->imagetype,2);
break; break;
@ -834,7 +834,7 @@ deprecated_command (const char *name)
void void
obsolete_option (const char *configname, unsigned int configlineno, obsolete_option (const char *configname, unsigned int configlineno,
const char *name) const char *name)
{ {
if(configname) if(configname)
@ -850,9 +850,9 @@ obsolete_option (const char *configname, unsigned int configlineno,
* Wrapper around gcry_cipher_map_name to provide a fallback using the * Wrapper around gcry_cipher_map_name to provide a fallback using the
* "Sn" syntax as used by the preference strings. * "Sn" syntax as used by the preference strings.
*/ */
int int
string_to_cipher_algo (const char *string) string_to_cipher_algo (const char *string)
{ {
int val; int val;
val = map_cipher_gcry_to_openpgp (gcry_cipher_map_name (string)); val = map_cipher_gcry_to_openpgp (gcry_cipher_map_name (string));
@ -873,9 +873,9 @@ string_to_cipher_algo (const char *string)
* Wrapper around gcry_md_map_name to provide a fallback using the * Wrapper around gcry_md_map_name to provide a fallback using the
* "Hn" syntax as used by the preference strings. * "Hn" syntax as used by the preference strings.
*/ */
int int
string_to_digest_algo (const char *string) string_to_digest_algo (const char *string)
{ {
int val; int val;
val = gcry_md_map_name (string); val = gcry_md_map_name (string);
@ -962,7 +962,7 @@ check_compress_algo(int algo)
{ {
case 0: return 0; case 0: return 0;
#ifdef HAVE_ZIP #ifdef HAVE_ZIP
case 1: case 1:
case 2: return 0; case 2: return 0;
#endif #endif
#ifdef HAVE_BZIP2 #ifdef HAVE_BZIP2
@ -1283,13 +1283,14 @@ has_invalid_email_chars (const char *s)
const char *valid_chars= const char *valid_chars=
"01234567890_-.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; "01234567890_-.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
for ( ; *s; s++ ) for ( ; *s; s++ )
{ {
if ( (*s & 0x80) ) if ( (*s & 0x80) )
continue; /* We only care about ASCII. */ continue; /* We only care about ASCII. */
if ( *s == '@' ) if ( *s == '@' )
at_seen=1; at_seen=1;
else if ( !at_seen && !( !!strchr( valid_chars, *s ) || *s == '+' ) ) else if ( !at_seen && !(strchr (valid_chars, *s)
|| strchr ("!#$%&'*+/=?^`{|}~", *s)))
return 1; return 1;
else if ( at_seen && !strchr( valid_chars, *s ) ) else if ( at_seen && !strchr( valid_chars, *s ) )
return 1; return 1;
@ -1429,7 +1430,7 @@ int
pubkey_get_nenc (int algo) pubkey_get_nenc (int algo)
{ {
size_t n; size_t n;
/* ECC is special. */ /* ECC is special. */
if (algo == PUBKEY_ALGO_ECDSA) if (algo == PUBKEY_ALGO_ECDSA)
return 0; return 0;
@ -1499,7 +1500,7 @@ int
mpi_print (estream_t fp, gcry_mpi_t a, int mode) mpi_print (estream_t fp, gcry_mpi_t a, int mode)
{ {
int n=0; int n=0;
if (!a) if (!a)
return es_fprintf (fp, "[MPI_NULL]"); return es_fprintf (fp, "[MPI_NULL]");
if (!mode) if (!mode)
@ -1524,7 +1525,7 @@ mpi_print (estream_t fp, gcry_mpi_t a, int mode)
else else
{ {
unsigned char *buffer; unsigned char *buffer;
if (gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buffer, NULL, a)) if (gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buffer, NULL, a))
BUG (); BUG ();
es_fputs (buffer, fp); es_fputs (buffer, fp);
@ -1537,7 +1538,7 @@ mpi_print (estream_t fp, gcry_mpi_t a, int mode)
/* pkey[1] or skey[1] is Q for ECDSA, which is an uncompressed point, /* pkey[1] or skey[1] is Q for ECDSA, which is an uncompressed point,
i.e. 04 <x> <y> */ i.e. 04 <x> <y> */
unsigned int unsigned int
ecdsa_qbits_from_Q (unsigned int qbits) ecdsa_qbits_from_Q (unsigned int qbits)
{ {
if ((qbits%8) > 3) if ((qbits%8) > 3)
@ -1550,5 +1551,3 @@ ecdsa_qbits_from_Q (unsigned int qbits)
qbits /= 2; qbits /= 2;
return qbits; return qbits;
} }