Catch corruption in HKP index lines (can be caused by broken or malicious

keyservers). Add KEYSERVER_NOT_SUPPORTED for unsupported actions (say, a keyserver that has no way to search, or a readonly keyserver that has no way to add). Also add a USE_EXTERNAL_HKP define to disable the internal HKP keyserver code.
2025-07-02 22:46:30 +02:00 · 2002-02-19 23:10:32 +00:00 · 2002-02-19 23:10:32 +00:00 · 8ac8b1525e
commit 8ac8b1525e
parent 3d8e692e2a
5 changed files with 34 additions and 1 deletions
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@ -538,6 +538,7 @@ keyserver_work(int action,STRLIST list,u32 (*kidlist)[2],int count)
      return G10ERR_BAD_URI;
    }

+#ifndef USE_EXTERNAL_HKP
  /* Use the internal HKP code */
  if(strcasecmp(opt.keyserver_scheme,"x-hkp")==0 ||
     strcasecmp(opt.keyserver_scheme,"hkp")==0 ||
@ -563,6 +564,7 @@ keyserver_work(int action,STRLIST list,u32 (*kidlist)[2],int count)

      return 0;
    }
+#endif

  /* It's not the internal HKP code, so try and spawn a handler for it */

@ -576,6 +578,13 @@ keyserver_work(int action,STRLIST list,u32 (*kidlist)[2],int count)
 		    opt.keyserver_scheme);
 	  break;

+	case KEYSERVER_NOT_SUPPORTED:
+	  log_error(_("action \"%s\" not supported with keyserver "
+		      "scheme \"%s\"\n"),
+		    action==GET?"get":action==SEND?"send":
+		    action==SEARCH?"search":"unknown",
+		    opt.keyserver_scheme);
+
 	case KEYSERVER_INTERNAL_ERROR:
 	default:
 	  log_error(_("keyserver internal error\n"));