mirror of git://git.gnupg.org/gnupg.git
sm: Detect circular chains in --list-chain.
* sm/keylist.c (list_cert_chain): Break loop for a too long chain.
--
This avoids endless loops in case of circular chain definitions. We
use such a limit at other palces as well. Example for such a chain is
# ------------------------ >8 ------------------------
ID: 0xBE231B05
S/N: 51260A931CE27F9CC3A55F79E072AE82
(dec): 107864989418777835411218143713715990146
Issuer: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
Subject: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
sha2_fpr: 92:5E:4B:37:2B:A3:2E:5E:87:30:22:84:B2:D7:C9:DF:BF:82:00:FF:CB:A0:D1:66:03:A1:A0:6F:F7:6C:D3:53
sha1_fpr: 31:93:78:6A:48:BD:F2:D4:D2:0B:8F:C6:50:1F:4D:E8:BE:23:1B:05
md5_fpr: AC:F3:10:0D:1A:96:A9:2E:B8:8B:9B:F8:7E:09:FA:E6
pgp_fpr: E8D2CA1449A80D784FB1532C06B1611DB06A1678
certid: 610C27E9D37835A8962EA5B8368D3FBED1A8A15D.51260A931CE27F9CC3A55F79E072AE82
keygrip: CFCA58448222ECAAF77EEF8CC45F0D6DB4E412C9
notBefore: 2005-06-07 08:09:10
notAfter: 2019-06-24 19:06:30
hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
keyType: rsa2048
subjKeyId: ADBD987A34B426F7FAC42654EF03BDE024CB541A
authKeyId: [none]
authKeyId.ki: 5332D1B3CF7FFAE0F1A05D854E92D29E451DB44F
[...]
Certified by
ID: 0xCE2E4C63
S/N: 46EAF096054CC5E3FA65EA6E9F42C664
(dec): 94265836834010752231943569188608722532
Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
Subject: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
sha2_fpr: 21:3F:AD:03:B1:C5:23:47:E9:A8:0F:29:9A:F0:89:9B:CA:FF:3F:62:B3:4E:B0:60:66:F4:D7:EE:A5:EE:1A:73
sha1_fpr: 9E:99:81:7D:12:28:0C:96:77:67:44:30:49:2E:DA:1D:CE:2E:4C:63
md5_fpr: 55:07:0F:1F:9A:E5:EA:21:61:F3:72:2B:8B:41:7F:27
pgp_fpr: 922A6D0A1C0027E75038F8A1503DA72CF2C53840
certid: 14673DA5792E145E9FA1425F9EF3BFC1C4B4957C.46EAF096054CC5E3FA65EA6E9F42C664
keygrip: 10678FB5A458D99B7692851E49849F507688B847
notBefore: 2005-06-07 08:09:10
notAfter: 2020-05-30 10:48:38
hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
keyType: rsa2048
subjKeyId: 5332D1B3CF7FFAE0F1A05D854E92D29E451DB44F
authKeyId: [none]
authKeyId.ki: ADBD987A34B426F7FAC42654EF03BDE024CB541A
keyUsage: certSign crlSign
[...]
Which has a circular dependency on subKeyId/authkeyId.ki.
This commit is contained in:
Werner Koch
parent
b6b735edab
commit
c9343bec83
|
|
@ -1363,6 +1363,7 @@ list_cert_chain (ctrl_t ctrl, KEYDB_HANDLE hd,
|
|||
estream_t fp, int with_validation)
|
||||
{
|
||||
ksba_cert_t next = NULL;
|
||||
int depth = 0;
|
||||
|
||||
if (raw_mode)
|
||||
list_cert_raw (ctrl, hd, cert, fp, 0, with_validation);
|
||||
|
|
@ -1371,8 +1372,13 @@ list_cert_chain (ctrl_t ctrl, KEYDB_HANDLE hd,
|
|||
ksba_cert_ref (cert);
|
||||
while (!gpgsm_walk_cert_chain (ctrl, cert, &next))
|
||||
{
|
||||
ksba_cert_release (cert);
|
||||
es_fputs ("Certified by\n", fp);
|
||||
if (++depth > 50)
|
||||
{
|
||||
es_fputs (_("certificate chain too long\n"), fp);
|
||||
break;
|
||||
}
|
||||
ksba_cert_release (cert);
|
||||
if (raw_mode)
|
||||
list_cert_raw (ctrl, hd, next, fp, 0, with_validation);
|
||||
else
|
||||
|
|
|
|||
Loading…
Reference in New Issue