security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-22 14:57:02 +01:00
Code Activity

Allow compressed data with algorithm 0.

Browse Source 
* g10/mainproc.c (proc_compressed): Remove superfluous check for
an algorithm number of 0.  This is bug#1326.
This commit is contained in:
Werner Koch 2012-03-26 15:14:55 +02:00
parent 8b9fb19a90
commit 88633bf3d4
1 changed files with 34 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
g10/mainproc.c
View File

@ -63,15 +63,15 @@ struct mainproc_context
md_filter_context_t mfx; md_filter_context_t mfx;
int sigs_only; /* Process only signatures and reject all other stuff. */ int sigs_only; /* Process only signatures and reject all other stuff. */
int encrypt_only; /* Process only encryption messages. */ int encrypt_only; /* Process only encryption messages. */
/* Name of the file with the complete signature or the file with the /* Name of the file with the complete signature or the file with the
detached signature. This is currently only used to deduce the detached signature. This is currently only used to deduce the
file name of the data file if that has not been given. */ file name of the data file if that has not been given. */
const char *sigfilename; const char *sigfilename;
/* A structure to describe the signed data in case of a detached /* A structure to describe the signed data in case of a detached
signature. */ signature. */
struct struct
{ {
/* A file descriptor of the the signed data. Only used if not -1. */ /* A file descriptor of the the signed data. Only used if not -1. */
int data_fd; int data_fd;
@ -82,7 +82,7 @@ struct mainproc_context
is used. This is only needed for better readability. */ is used. This is only needed for better readability. */
int used; int used;
} signed_data; } signed_data;
DEK *dek; DEK *dek;
int last_was_session_key; int last_was_session_key;
KBNODE list; /* The current list of packets. */ KBNODE list; /* The current list of packets. */
@ -147,7 +147,7 @@ add_gpg_control( CTX c, PACKET *pkt )
/* New clear text signature. /* New clear text signature.
* Process the last one and reset everything */ * Process the last one and reset everything */
release_list(c); release_list(c);
} }
if( c->list ) /* add another packet */ if( c->list ) /* add another packet */
add_kbnode( c->list, new_kbnode( pkt )); add_kbnode( c->list, new_kbnode( pkt ));
@ -261,7 +261,7 @@ symkey_decrypt_seskey( DEK *dek, byte *seskey, size_t slen )
/*log_hexdump( "thekey", dek->key, dek->keylen );*/ /*log_hexdump( "thekey", dek->key, dek->keylen );*/
return 0; return 0;
} }
static void static void
proc_symkey_enc( CTX c, PACKET *pkt ) proc_symkey_enc( CTX c, PACKET *pkt )
@ -438,7 +438,7 @@ print_pkenc_list( struct kidlist_item *list, int failed )
for( ; list; list = list->next ) { for( ; list; list = list->next ) {
PKT_public_key *pk; PKT_public_key *pk;
const char *algstr; const char *algstr;
if ( failed && !list->reason ) if ( failed && !list->reason )
continue; continue;
if ( !failed && list->reason ) if ( !failed && list->reason )
@ -660,7 +660,7 @@ proc_plaintext( CTX c, PACKET *pkt )
/* check that we have at least the sigclass and one hash */ /* check that we have at least the sigclass and one hash */
if ( datalen < 2 ) if ( datalen < 2 )
log_fatal("invalid control packet CTRLPKT_CLEARSIGN_START\n"); log_fatal("invalid control packet CTRLPKT_CLEARSIGN_START\n");
/* Note that we don't set the clearsig flag for not-dash-escaped /* Note that we don't set the clearsig flag for not-dash-escaped
* documents */ * documents */
clearsig = (*data == 0x01); clearsig = (*data == 0x01);
@ -714,14 +714,14 @@ proc_plaintext( CTX c, PACKET *pkt )
{ {
write_status_text (STATUS_ERROR, "proc_pkt.plaintext 89_BAD_DATA"); write_status_text (STATUS_ERROR, "proc_pkt.plaintext 89_BAD_DATA");
log_inc_errorcount (); log_inc_errorcount ();
rc = gpg_error (GPG_ERR_UNEXPECTED); rc = gpg_error (GPG_ERR_UNEXPECTED);
} }
} }
if(!rc) if(!rc)
{ {
rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig ); rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig );
if ( gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only ) if ( gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only )
{ {
/* Can't write output but we hash it anyway to check the /* Can't write output but we hash it anyway to check the
signature. */ signature. */
@ -740,7 +740,7 @@ proc_plaintext( CTX c, PACKET *pkt )
n = new_kbnode (create_gpg_control (CTRLPKT_PLAINTEXT_MARK, NULL, 0)); n = new_kbnode (create_gpg_control (CTRLPKT_PLAINTEXT_MARK, NULL, 0));
if (c->list) if (c->list)
add_kbnode (c->list, n); add_kbnode (c->list, n);
else else
c->list = n; c->list = n;
} }
@ -771,9 +771,7 @@ proc_compressed( CTX c, PACKET *pkt )
int rc; int rc;
/*printf("zip: compressed data packet\n");*/ /*printf("zip: compressed data packet\n");*/
if( !zd->algorithm ) if (c->sigs_only)
rc=G10ERR_COMPR_ALGO;
else if( c->sigs_only )
rc = handle_compressed( c, zd, proc_compressed_cb, c ); rc = handle_compressed( c, zd, proc_compressed_cb, c );
else if( c->encrypt_only ) else if( c->encrypt_only )
rc = handle_compressed( c, zd, proc_encrypt_cb, c ); rc = handle_compressed( c, zd, proc_encrypt_cb, c );
@ -843,7 +841,7 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig,
|| sig->sig_class == 0x1f || sig->sig_class == 0x1f
|| sig->sig_class == 0x20 || sig->sig_class == 0x20
|| sig->sig_class == 0x28 || sig->sig_class == 0x28
|| sig->sig_class == 0x30 ) { || sig->sig_class == 0x30 ) {
if( c->list->pkt->pkttype == PKT_PUBLIC_KEY if( c->list->pkt->pkttype == PKT_PUBLIC_KEY
|| c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { || c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
return check_key_signature( c->list, node, is_selfsig ); return check_key_signature( c->list, node, is_selfsig );
@ -1097,7 +1095,7 @@ list_node( CTX c, KBNODE node )
switch (gpg_err_code (rc2)) { switch (gpg_err_code (rc2)) {
case 0: sigrc = '!'; break; case 0: sigrc = '!'; break;
case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break; case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break;
case GPG_ERR_NO_PUBKEY: case GPG_ERR_NO_PUBKEY:
case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break; case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break;
default: sigrc = '%'; break; default: sigrc = '%'; break;
} }
@ -1198,7 +1196,7 @@ proc_signature_packets( void *anchor, IOBUF a,
messages, send a NODATA status back and return an error code. messages, send a NODATA status back and return an error code.
Using log_error is required because verify_files does not check Using log_error is required because verify_files does not check
error codes for each file but we want to terminate the process error codes for each file but we want to terminate the process
with an error. */ with an error. */
if (!rc && !c->any_sig_seen) if (!rc && !c->any_sig_seen)
{ {
write_status_text (STATUS_NODATA, "4"); write_status_text (STATUS_NODATA, "4");
@ -1235,19 +1233,19 @@ proc_signature_packets_by_fd (void *anchor, IOBUF a, int signed_data_fd )
messages, send a NODATA status back and return an error code. messages, send a NODATA status back and return an error code.
Using log_error is required because verify_files does not check Using log_error is required because verify_files does not check
error codes for each file but we want to terminate the process error codes for each file but we want to terminate the process
with an error. */ with an error. */
if (!rc && !c->any_sig_seen) if (!rc && !c->any_sig_seen)
{ {
write_status_text (STATUS_NODATA, "4"); write_status_text (STATUS_NODATA, "4");
log_error (_("no signature found\n")); log_error (_("no signature found\n"));
rc = gpg_error (GPG_ERR_NO_DATA); rc = gpg_error (GPG_ERR_NO_DATA);
} }
/* Propagate the signature seen flag upward. Do this only on success /* Propagate the signature seen flag upward. Do this only on success
so that we won't issue the nodata status several times. */ so that we won't issue the nodata status several times. */
if (!rc && c->anchor && c->any_sig_seen) if (!rc && c->anchor && c->any_sig_seen)
c->anchor->any_sig_seen = 1; c->anchor->any_sig_seen = 1;
xfree ( c ); xfree ( c );
return rc; return rc;
} }
@ -1371,7 +1369,7 @@ do_proc_packets( CTX c, IOBUF a )
* packet and not to reuse the current one ... It works right * packet and not to reuse the current one ... It works right
* when there is a compression packet inbetween which adds just * when there is a compression packet inbetween which adds just
* an extra layer. * an extra layer.
* Hmmm: Rewrite this whole module here?? * Hmmm: Rewrite this whole module here??
*/ */
if( pkt->pkttype != PKT_SIGNATURE && pkt->pkttype != PKT_MDC ) if( pkt->pkttype != PKT_SIGNATURE && pkt->pkttype != PKT_MDC )
c->have_data = pkt->pkttype == PKT_PLAINTEXT; c->have_data = pkt->pkttype == PKT_PLAINTEXT;
@ -1490,7 +1488,7 @@ check_sig_and_print( CTX c, KBNODE node )
O{1,n} P S{1,n} -- standard OpenPGP signature. O{1,n} P S{1,n} -- standard OpenPGP signature.
C P S{1,n} -- cleartext signature. C P S{1,n} -- cleartext signature.
O = One-Pass Signature packet. O = One-Pass Signature packet.
S = Signature packet. S = Signature packet.
P = OpenPGP Message packet (Encrypted | Compressed | Literal) P = OpenPGP Message packet (Encrypted | Compressed | Literal)
@ -1502,7 +1500,7 @@ check_sig_and_print( CTX c, KBNODE node )
C = Marker packet for cleartext signatures. C = Marker packet for cleartext signatures.
We reject all other messages. We reject all other messages.
Actually we are calling this too often, i.e. for verification of Actually we are calling this too often, i.e. for verification of
each message but better have some duplicate work than to silently each message but better have some duplicate work than to silently
introduce a bug here. introduce a bug here.
@ -1516,7 +1514,7 @@ check_sig_and_print( CTX c, KBNODE node )
n = c->list; n = c->list;
assert (n); assert (n);
if ( n->pkt->pkttype == PKT_SIGNATURE ) if ( n->pkt->pkttype == PKT_SIGNATURE )
{ {
/* This is either "S{1,n}" case (detached signature) or /* This is either "S{1,n}" case (detached signature) or
"S{1,n} P" (old style PGP2 signature). */ "S{1,n} P" (old style PGP2 signature). */
@ -1535,7 +1533,7 @@ check_sig_and_print( CTX c, KBNODE node )
else else
goto ambiguous; goto ambiguous;
} }
else if (n->pkt->pkttype == PKT_ONEPASS_SIG) else if (n->pkt->pkttype == PKT_ONEPASS_SIG)
{ {
/* This is the "O{1,n} P S{1,n}" case (standard signature). */ /* This is the "O{1,n} P S{1,n}" case (standard signature). */
for (n_onepass=1, n = n->next; for (n_onepass=1, n = n->next;
@ -1583,7 +1581,7 @@ check_sig_and_print( CTX c, KBNODE node )
if (n || !n_sig) if (n || !n_sig)
goto ambiguous; goto ambiguous;
} }
else else
{ {
ambiguous: ambiguous:
log_error(_("can't handle this ambiguous signature data\n")); log_error(_("can't handle this ambiguous signature data\n"));
@ -1652,19 +1650,19 @@ check_sig_and_print( CTX c, KBNODE node )
/* If the preferred keyserver thing above didn't work, our second /* If the preferred keyserver thing above didn't work, our second
try is to use the URI from a DNS PKA record. */ try is to use the URI from a DNS PKA record. */
if ( rc == G10ERR_NO_PUBKEY if ( rc == G10ERR_NO_PUBKEY
&& opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE && opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE
&& opt.keyserver_options.options&KEYSERVER_HONOR_PKA_RECORD) && opt.keyserver_options.options&KEYSERVER_HONOR_PKA_RECORD)
{ {
const char *uri = pka_uri_from_sig (sig); const char *uri = pka_uri_from_sig (sig);
if (uri) if (uri)
{ {
/* FIXME: We might want to locate the key using the /* FIXME: We might want to locate the key using the
fingerprint instead of the keyid. */ fingerprint instead of the keyid. */
int res; int res;
struct keyserver_spec *spec; struct keyserver_spec *spec;
spec = parse_keyserver_uri (uri, 1, NULL, 0); spec = parse_keyserver_uri (uri, 1, NULL, 0);
if (spec) if (spec)
{ {
@ -1748,7 +1746,7 @@ check_sig_and_print( CTX c, KBNODE node )
keyid_str[17] = 0; /* cut off the "[uncertain]" part */ keyid_str[17] = 0; /* cut off the "[uncertain]" part */
write_status_text_and_buffer (statno, keyid_str, write_status_text_and_buffer (statno, keyid_str,
un->pkt->pkt.user_id->name, un->pkt->pkt.user_id->name,
un->pkt->pkt.user_id->len, un->pkt->pkt.user_id->len,
-1 ); -1 );
p=utf8_to_native(un->pkt->pkt.user_id->name, p=utf8_to_native(un->pkt->pkt.user_id->name,
@ -1793,7 +1791,7 @@ check_sig_and_print( CTX c, KBNODE node )
write_status_text_and_buffer (statno, keyid_str, write_status_text_and_buffer (statno, keyid_str,
un? un->pkt->pkt.user_id->name:"[?]", un? un->pkt->pkt.user_id->name:"[?]",
un? un->pkt->pkt.user_id->len:3, un? un->pkt->pkt.user_id->len:3,
-1 ); -1 );
if(un) if(un)
@ -1813,7 +1811,7 @@ check_sig_and_print( CTX c, KBNODE node )
log_printf ("\n"); log_printf ("\n");
} }
/* If we have a good signature and already printed /* If we have a good signature and already printed
* the primary user ID, print all the other user IDs */ * the primary user ID, print all the other user IDs */
if ( count && !rc if ( count && !rc
&& !(opt.verify_options&VERIFY_SHOW_PRIMARY_UID_ONLY)) { && !(opt.verify_options&VERIFY_SHOW_PRIMARY_UID_ONLY)) {
@ -1910,7 +1908,7 @@ check_sig_and_print( CTX c, KBNODE node )
bufp = bufp + strlen (bufp); bufp = bufp + strlen (bufp);
if (!vpk->is_primary) { if (!vpk->is_primary) {
u32 akid[2]; u32 akid[2];
akid[0] = vpk->main_keyid[0]; akid[0] = vpk->main_keyid[0];
akid[1] = vpk->main_keyid[1]; akid[1] = vpk->main_keyid[1];
free_public_key (vpk); free_public_key (vpk);
@ -2073,7 +2071,7 @@ proc_tree( CTX c, KBNODE node )
log_error (_("not a detached signature\n") ); log_error (_("not a detached signature\n") );
return; return;
} }
for( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); ) for( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); )
check_sig_and_print( c, n1 ); check_sig_and_print( c, n1 );
} }
@ -2147,7 +2145,7 @@ proc_tree( CTX c, KBNODE node )
if( c->sigs_only ) { if( c->sigs_only ) {
if (c->signed_data.used && c->signed_data.data_fd != -1) if (c->signed_data.used && c->signed_data.data_fd != -1)
rc = hash_datafile_by_fd (c->mfx.md, c->mfx.md2, rc = hash_datafile_by_fd (c->mfx.md, c->mfx.md2,
c->signed_data.data_fd, c->signed_data.data_fd,
(sig->sig_class == 0x01)); (sig->sig_class == 0x01));
else else
rc = hash_datafiles (c->mfx.md, c->mfx.md2, rc = hash_datafiles (c->mfx.md, c->mfx.md2,