fix off-by-one in building attribute subpackets

change default compression to 1 add ask-sig-expire and ask-cert-expire (--expert was getting absurdly overloaded) permit v3 subkeys use --expert to protect adding multiple photo ids and adding photos to a v3 key
2024-11-04 20:38:50 +01:00 · 2002-01-06 03:52:14 +00:00 · 2002-01-06 03:52:14 +00:00 · 7997bba7a9
commit 7997bba7a9
parent bfec9806d2
8 changed files with 106 additions and 19 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,29 @@
 2002-01-05  David Shaw  <dshaw@jabberwocky.com>
 	* keyedit.c (menu_adduid): Require --expert before adding a photo
 	ID to a v3 key, and before adding a second photo ID to any key.
 	* keyedit.c (keyedit_menu): Don't allow adding photo IDs in
 	rfc1991 or pgp2 mode.
 	* getkey.c (merge_selfsigs_subkey): Permit v3 subkeys.  Believe it
 	or not, this is allowed by rfc 2440, and both PGP 6 and PGP 7 work
 	fine with them.
 	* g10.c, options.h, keyedit.c, sign.c: Move the "ask for
 	expiration" switch off of --expert, which was getting quite
 	overloaded, and onto ask-sig-expire and ask-cert-expire.  Both
 	default to off.
 	* g10.c (main): Change the default compression algo to 1, to be
 	more OpenPGP compliant (PGP also uses this, so it'll help with
 	interoperability problems as well).
 	* encode.c (encode_crypt): Handle compression algo 2, since the
 	default is now 1.
 	* build-packet.c (build_attribute_subpkt): Fix off-by-one error.
 2002-01-05  Werner Koch  <wk@gnupg.org>
 	* g10.c (main): Do not register the secret keyrings for certain
--- a/g10/build-packet.c
+++ b/g10/build-packet.c
@ -928,7 +928,7 @@ build_attribute_subpkt(PKT_user_id *uid,byte type,
  /* realloc uid->attrib_data to the right size */
  uid->attrib_data=m_realloc(uid->attrib_data,
-			     uid->attrib_len+idx+headerlen+buflen);
+			     uid->attrib_len+idx+1+headerlen+buflen);
  attrib=&uid->attrib_data[uid->attrib_len];
--- a/g10/encode.c
+++ b/g10/encode.c
@ -397,7 +397,11 @@ encode_crypt( const char *filename, STRLIST remusr )
 	    ; /* don't use compression */
 	else {
 	    if( compr_algo == 1 )
-		zfx.algo = 1; /* default is 2 */
+		zfx.algo = 1;
 	    if( compr_algo == 2 )
 		zfx.algo = 2;
 	    /* Any other compr_algo will fall back to
               opt.def_compress_algo in the compress_filter. */
 	    iobuf_push_filter( out, compress_filter, &zfx );
 	}
    }
--- a/g10/g10.c
+++ b/g10/g10.c
@ -123,6 +123,10 @@ enum cmd_and_opt_values { aNull = 0,
    oTextmode,
    oExpert,
    oNoExpert,
    oAskSigExpire,
    oNoAskSigExpire,
    oAskCertExpire,
    oNoAskCertExpire,
    oFingerprint,
    oWithFingerprint,
    oAnswerYes,
@ -336,6 +340,10 @@ static ARGPARSE_OPTS opts[] = {
    { oTextmode, "textmode",  0, N_("use canonical text mode")},
    { oExpert, "expert",   0, "@"},
    { oNoExpert, "no-expert",   0, "@"},
    { oAskSigExpire, "ask-sig-expire",   0, "@"},
    { oNoAskSigExpire, "no-ask-sig-expire",   0, "@"},
    { oAskCertExpire, "ask-cert-expire",   0, "@"},
    { oNoAskCertExpire, "no-ask-cert-expire",   0, "@"},
    { oOutput, "output",    2, N_("use as output file")},
    { oVerbose, "verbose",   0, N_("verbose") },
    { oQuiet,	"quiet",   0, N_("be somewhat more quiet") },
@ -747,7 +755,7 @@ main( int argc, char **argv )
    /* note: if you change these lines, look at oOpenPGP */
    opt.def_cipher_algo = 0;
    opt.def_digest_algo = 0;
-    opt.def_compress_algo = 2;
+    opt.def_compress_algo = 1;
    opt.s2k_mode = 3; /* iterated+salted */
    opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
    opt.s2k_cipher_algo = CIPHER_ALGO_CAST5;
@ -1100,6 +1108,10 @@ main( int argc, char **argv )
 	  case oTextmode: opt.textmode=1;  break;
 	  case oExpert: opt.expert = 1; break;
 	  case oNoExpert: opt.expert = 0; break;
 	  case oAskSigExpire: opt.ask_sig_expire = 1; break;
 	  case oNoAskSigExpire: opt.ask_sig_expire = 0; break;
 	  case oAskCertExpire: opt.ask_cert_expire = 1; break;
 	  case oNoAskCertExpire: opt.ask_cert_expire = 0; break;
 	  case oUser: /* store the local users */
 	    add_to_strlist2( &locusr, pargs.r.ret_str, utf8_strings );
 	    break;
--- a/g10/getkey.c
+++ b/g10/getkey.c
@ -1442,8 +1442,6 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
    subpk->is_valid = 0;
    subpk->main_keyid[0] = mainpk->main_keyid[0];
    subpk->main_keyid[1] = mainpk->main_keyid[1];
    if ( subpk->version < 4 )
        return; /* there are no v3 subkeys */
    /* find the latest key binding self-signature. */
    signode = NULL;
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@ -435,7 +435,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
 	/* Only ask for duration if we haven't already set it to match
           the expiration of the pk */
-	if(opt.expert && !duration)
+	if(opt.ask_cert_expire && !duration)
 	  duration=ask_expire_interval(1);
 	if(duration)
@ -1029,10 +1029,11 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
 	    break;
 	  case cmdADDPHOTO:
-            if (opt.rfc2440)
+            if (opt.rfc2440 || opt.rfc1991 || opt.pgp2)
              {
                tty_printf(
-                   _("This command is not allowed while in OpenPGP mode.\n"));
+                   _("This command is not allowed while in %s mode.\n"),
 		   opt.rfc2440?"OpenPGP":opt.pgp2?"PGP2":"RFC-1991");
                break;
              }
 	    photo=1;
@ -1543,19 +1544,63 @@ menu_adduid( KBNODE pub_keyblock, KBNODE sec_keyblock, int photo)
    assert(pk && sk);
    if(photo) {
-      /* PGP allows only one photo ID per key? */
+      int hasphoto=0;
      /* PGP allows only one photo ID per key?  This is a good
         question.  While there is no way to add more than one photo
         ID using PGP, nevertheless PGP (7) still works properly with
         more than one photo ID (presenting them in a nice little
         scrolling window, no less).  GnuPG can work with any number
         of photos. -dms */
      for( node = pub_keyblock; node; node = node->next )
 	if( node->pkt->pkttype == PKT_USER_ID &&
-	    node->pkt->pkt.user_id->attrib_data!=NULL) {
+	    node->pkt->pkt.user_id->attrib_data!=NULL)
-	  log_error("You may only have one photo ID on a key.\n");
+	  {
-	  return 0;
+	    hasphoto=1;
 	    if(opt.expert)
 	      {
 		tty_printf(_("WARNING: This key already has a photo ID.\n"
 			     "         Adding another photo ID may confuse "
 			     "some versions of PGP.\n"));
 		if(!cpr_get_answer_is_yes("keyedit.multi_photo.okay",
 					  _("Are you sure you still want "
 					    "to add it? (y/n) ")))
 		  return 0;
 		else
 		  break;
 	      }
 	    else
 	      {
 		tty_printf(_("You may only have one photo ID on a key.\n"));
 		return 0;
 	      }
 	}
-      if(pk->version==3)
+      /* Here's another one - PGP6/7 does not allow adding a photo ID
         to a v3 key.  Still, if one is present, it will work.  Of
         course, it does mean that PGP2 will not be able to use that
         key anymore.  Don't bother to ask this if the key already has
         a photo - any damage has already been done at that point. */
      if(pk->version==3 && !hasphoto)
 	{
-	  tty_printf(_("\nWARNING: This is a PGP2-style key\n"));
+	  if(opt.expert)
-	  tty_printf(_("         Adding a photo ID may cause some versions "
+	    {
-		       "of PGP to not accept this key\n"));
+	      tty_printf(_("WARNING: This is a PGP2-style key.  "
 			   "Adding a photo ID may cause some versions\n"
 			   "         of PGP to reject this key.\n"));
 	      if(!cpr_get_answer_is_yes("keyedit.v3_photo.okay",
 					_("Are you sure you still want "
 					  "to add it? (y/n) ")))
 		return 0;
 	    }
 	  else
 	    {
 	      tty_printf(_("You may not add a photo ID to "
 			   "a PGP2-style key.\n"));
 	      return 0;
 	    }
 	}
      uid = generate_photo_id(pk);
--- a/g10/options.h
+++ b/g10/options.h
@ -45,6 +45,8 @@ struct {
    int list_only;
    int textmode;
    int expert;
    int ask_sig_expire;
    int ask_cert_expire;
    int batch;	    /* run in batch mode */
    int answer_yes; /* answer yes on most questions */
    int answer_no;  /* answer no on most questions */
--- a/g10/sign.c
+++ b/g10/sign.c
@ -564,7 +564,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
    if( fname && filenames->next && (!detached || encryptflag) )
 	log_bug("multiple files can only be detached signed");
-    if(opt.expert && !opt.pgp2 && !opt.batch &&
+    if(opt.ask_sig_expire && !opt.pgp2 && !opt.batch &&
       !opt.force_v3_sigs && !old_style)
      duration=ask_expire_interval(1);
@ -742,7 +742,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
    memset( &afx, 0, sizeof afx);
    init_packet( &pkt );
-    if(opt.expert && !opt.pgp2 && !opt.batch &&
+    if(opt.ask_sig_expire && !opt.pgp2 && !opt.batch &&
       !opt.force_v3_sigs && !old_style)
      duration=ask_expire_interval(1);
@ -886,7 +886,7 @@ sign_symencrypt_file (const char *fname, STRLIST locusr)
    memset( &cfx, 0, sizeof cfx);
    init_packet( &pkt );
-    if(opt.expert && !opt.batch && !opt.force_v3_sigs && !old_style)
+    if(opt.ask_sig_expire && !opt.batch && !opt.force_v3_sigs && !old_style)
      duration=ask_expire_interval(1);
    rc = build_sk_list (locusr, &sk_list, 1, PUBKEY_USAGE_SIG);