security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00
Code Activity

wkd: Bind the address to the nonce.

Browse Source 
* tools/gpg-wks-server.c (make_pending_fname): New.
(store_key_as_pending, check_and_publish): Use here.
(process_new_key): Pass addrspec to store_key_as_pending.
(expire_one_domain): Expire also the new files.
--

Along with the pass traversal bug this enhancement was
Suggested-by: Philipp Breuch <pbreuch@mail.upb.de>
GnuPG-bug-id: 6098
This commit is contained in:
Werner Koch 2022-07-27 11:40:20 +02:00
parent 22e8dc7927
commit 73a98c1396
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 67 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
tools/gpg-wks-server.c
View File

@ -808,17 +808,65 @@ get_policy_flags (policy_flags_t policy, const char *mbox)
} }
/* Create the name for the pending file from NONCE and ADDRSPEC and
* store it at R_NAME. */
static gpg_error_t
make_pending_fname (const char *nonce, const char *addrspec, char **r_name)
{
gpg_error_t err = 0;
const char *domain;
char *addrspechash = NULL;
char sha1buf[20];
*r_name = NULL;
domain = addrspec? strchr (addrspec, '@') : NULL;
if (!domain || !domain[1] || domain == addrspec)
{
err = gpg_error (GPG_ERR_INV_ARG);
goto leave;
}
domain++;
if (strchr (domain, '/') || strchr (domain, '\\'))
{
log_info ("invalid domain detected ('%s')\n", domain);
err = gpg_error (GPG_ERR_NOT_FOUND);
goto leave;
}
gcry_md_hash_buffer (GCRY_MD_SHA1, sha1buf, addrspec, domain - addrspec - 1);
addrspechash = zb32_encode (sha1buf, 8*20);
if (!addrspechash)
{
err = gpg_error_from_syserror ();
goto leave;
}
*r_name = strconcat (nonce, ".", addrspechash, NULL);
if (!*r_name)
{
err = gpg_error_from_syserror ();
goto leave;
}
leave:
xfree (addrspechash);
return err;
}
/* We store the key under the name of the nonce we will then send to /* We store the key under the name of the nonce we will then send to
* the user. On success the nonce is stored at R_NONCE and the file * the user. On success the nonce is stored at R_NONCE and the file
* name at R_FNAME. */ * name at R_FNAME. ADDRSPEC is used as part of the pending file name
* so that the nonce is associated with an address */
static gpg_error_t static gpg_error_t
store_key_as_pending (const char *dir, estream_t key, store_key_as_pending (const char *dir, estream_t key, const char *addrspec,
char **r_nonce, char **r_fname) char **r_nonce, char **r_fname)
{ {
gpg_error_t err; gpg_error_t err;
char *dname = NULL; char *dname = NULL;
char *fname = NULL; char *fname = NULL;
char *nonce = NULL; char *nonce = NULL;
char *pendingname = NULL;
estream_t outfp = NULL; estream_t outfp = NULL;
char buffer[1024]; char buffer[1024];
size_t nbytes, nwritten; size_t nbytes, nwritten;
@ -847,7 +895,11 @@ store_key_as_pending (const char *dir, estream_t key,
goto leave; goto leave;
} }
fname = strconcat (dname, "/", nonce, NULL); err = make_pending_fname (nonce, addrspec, &pendingname);
if (err)
goto leave;
fname = strconcat (dname, "/", pendingname, NULL);
if (!fname) if (!fname)
{ {
err = gpg_error_from_syserror (); err = gpg_error_from_syserror ();
@ -916,6 +968,7 @@ store_key_as_pending (const char *dir, estream_t key,
xfree (fname); xfree (fname);
} }
xfree (dname); xfree (dname);
xfree (pendingname);
return err; return err;
} }
@ -1206,7 +1259,7 @@ process_new_key (server_ctx_t ctx, estream_t key)
xfree (nonce); xfree (nonce);
xfree (fname); xfree (fname);
err = store_key_as_pending (dname, key, &nonce, &fname); err = store_key_as_pending (dname, key, sl->mbox, &nonce, &fname);
if (err) if (err)
goto leave; goto leave;
@ -1362,6 +1415,7 @@ check_and_publish (server_ctx_t ctx, const char *address, const char *nonce)
char *fnewname = NULL; char *fnewname = NULL;
estream_t key = NULL; estream_t key = NULL;
char *hash = NULL; char *hash = NULL;
char *pendingname = NULL;
const char *domain; const char *domain;
const char *s; const char *s;
uidinfo_list_t sl; uidinfo_list_t sl;
@ -1387,7 +1441,12 @@ check_and_publish (server_ctx_t ctx, const char *address, const char *nonce)
goto leave; goto leave;
} }
fname = make_filename_try (opt.directory, domain, "pending", nonce, NULL); err = make_pending_fname (nonce, address, &pendingname);
if (err)
goto leave;
fname = make_filename_try (opt.directory, domain, "pending", pendingname,
NULL);
if (!fname) if (!fname)
{ {
err = gpg_error_from_syserror (); err = gpg_error_from_syserror ();
@ -1499,6 +1558,7 @@ check_and_publish (server_ctx_t ctx, const char *address, const char *nonce)
xfree (fnewname); xfree (fnewname);
xfree (fname); xfree (fname);
xfree (nonce2); xfree (nonce2);
xfree (pendingname);
return err; return err;
} }
@ -1725,7 +1785,8 @@ expire_one_domain (const char *top_dirname, const char *domain)
__func__, gpg_strerror (err)); __func__, gpg_strerror (err));
goto leave; goto leave;
} }
if (strlen (dentry->d_name) != 32) /* The old files are 32 bytes, those created since 2.3.8 are 65 bytes. */
if (strlen (dentry->d_name) != 32 && strlen (dentry->d_name) != 65)
{ {
log_info ("garbage file '%s' ignored\n", fname); log_info ("garbage file '%s' ignored\n", fname);
continue; continue;