* g10.c (add_notation_data): Disallow notation names that do not contain a

'@', unless --expert is set. This is to help prevent people from polluting the (as yet unused) IETF namespace. * main.h: Comments about default algorithms. * photoid.c (image_type_to_string): Comments about 3-letter file extensions.
2025-07-03 22:56:33 +02:00 · 2002-11-24 01:49:32 +00:00 · 2002-11-24 01:49:32 +00:00 · a5b9770a8b
commit a5b9770a8b
parent 0cd879cd9c
4 changed files with 37 additions and 8 deletions
--- a/g10/g10.c
+++ b/g10/g10.c
@ -2812,6 +2812,7 @@ add_notation_data( const char *string, int which )
    STRLIST sl,*notation_data;
    int critical=0;
    int highbit=0;
+    int saw_at=0;

    if(which)
      notation_data=&opt.cert_notation_data;
@ -2823,13 +2824,29 @@ add_notation_data( const char *string, int which )
 	string++;
    }

-    for( s=string ; *s != '='; s++ ) {
-	if( !*s || (*s & 0x80) || (!isgraph(*s) && !isspace(*s)) ) {
+    /* If and when the IETF assigns some official name tags, we'll
+       have to add them here. */
+
+    for( s=string ; *s != '='; s++ )
+      {
+	if( *s=='@')
+	  saw_at=0;
+
+	if( !*s || (*s & 0x80) || (!isgraph(*s) && !isspace(*s)) )
+	  {
 	    log_error(_("a notation name must have only printable characters "
 			"or spaces, and end with an '='\n") );
 	    return;
-	}
-    }
+	  }
+      }
+
+    if(!saw_at && !opt.expert)
+      {
+	log_error(
+	        _("a user notation name must contain the '@' character\n"));
+	return;
+      }
+
    /* we only support printable text - therefore we enforce the use
     * of only printable characters (an empty value is valid) */
    for( s++; *s ; s++ ) {