mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-10 13:04:23 +01:00
sm: Detect circular chains in --list-chain.
* sm/keylist.c (list_cert_chain): Break loop for a too long chain. -- This avoids endless loops in case of circular chain definitions. We use such a limit at other palces as well. Example for such a chain is # ------------------------ >8 ------------------------ ID: 0xBE231B05 S/N: 51260A931CE27F9CC3A55F79E072AE82 (dec): 107864989418777835411218143713715990146 Issuer: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US Subject: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE sha2_fpr: 92:5E:4B:37:2B:A3:2E:5E:87:30:22:84:B2:D7:C9:DF:BF:82:00:FF:CB:A0:D1:66:03:A1:A0:6F:F7:6C:D3:53 sha1_fpr: 31:93:78:6A:48:BD:F2:D4:D2:0B:8F:C6:50:1F:4D:E8:BE:23:1B:05 md5_fpr: AC:F3:10:0D:1A:96:A9:2E:B8:8B:9B:F8:7E:09:FA:E6 pgp_fpr: E8D2CA1449A80D784FB1532C06B1611DB06A1678 certid: 610C27E9D37835A8962EA5B8368D3FBED1A8A15D.51260A931CE27F9CC3A55F79E072AE82 keygrip: CFCA58448222ECAAF77EEF8CC45F0D6DB4E412C9 notBefore: 2005-06-07 08:09:10 notAfter: 2019-06-24 19:06:30 hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) keyType: rsa2048 subjKeyId: ADBD987A34B426F7FAC42654EF03BDE024CB541A authKeyId: [none] authKeyId.ki: 5332D1B3CF7FFAE0F1A05D854E92D29E451DB44F [...] Certified by ID: 0xCE2E4C63 S/N: 46EAF096054CC5E3FA65EA6E9F42C664 (dec): 94265836834010752231943569188608722532 Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE Subject: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US sha2_fpr: 21:3F:AD:03:B1:C5:23:47:E9:A8:0F:29:9A:F0:89:9B:CA:FF:3F:62:B3:4E:B0:60:66:F4:D7:EE:A5:EE:1A:73 sha1_fpr: 9E:99:81:7D:12:28:0C:96:77:67:44:30:49:2E:DA:1D:CE:2E:4C:63 md5_fpr: 55:07:0F:1F:9A:E5:EA:21:61:F3:72:2B:8B:41:7F:27 pgp_fpr: 922A6D0A1C0027E75038F8A1503DA72CF2C53840 certid: 14673DA5792E145E9FA1425F9EF3BFC1C4B4957C.46EAF096054CC5E3FA65EA6E9F42C664 keygrip: 10678FB5A458D99B7692851E49849F507688B847 notBefore: 2005-06-07 08:09:10 notAfter: 2020-05-30 10:48:38 hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) keyType: rsa2048 subjKeyId: 5332D1B3CF7FFAE0F1A05D854E92D29E451DB44F authKeyId: [none] authKeyId.ki: ADBD987A34B426F7FAC42654EF03BDE024CB541A keyUsage: certSign crlSign [...] Which has a circular dependency on subKeyId/authkeyId.ki.
This commit is contained in:
parent
b6b735edab
commit
c9343bec83
@ -1363,6 +1363,7 @@ list_cert_chain (ctrl_t ctrl, KEYDB_HANDLE hd,
|
|||||||
estream_t fp, int with_validation)
|
estream_t fp, int with_validation)
|
||||||
{
|
{
|
||||||
ksba_cert_t next = NULL;
|
ksba_cert_t next = NULL;
|
||||||
|
int depth = 0;
|
||||||
|
|
||||||
if (raw_mode)
|
if (raw_mode)
|
||||||
list_cert_raw (ctrl, hd, cert, fp, 0, with_validation);
|
list_cert_raw (ctrl, hd, cert, fp, 0, with_validation);
|
||||||
@ -1371,8 +1372,13 @@ list_cert_chain (ctrl_t ctrl, KEYDB_HANDLE hd,
|
|||||||
ksba_cert_ref (cert);
|
ksba_cert_ref (cert);
|
||||||
while (!gpgsm_walk_cert_chain (ctrl, cert, &next))
|
while (!gpgsm_walk_cert_chain (ctrl, cert, &next))
|
||||||
{
|
{
|
||||||
ksba_cert_release (cert);
|
|
||||||
es_fputs ("Certified by\n", fp);
|
es_fputs ("Certified by\n", fp);
|
||||||
|
if (++depth > 50)
|
||||||
|
{
|
||||||
|
es_fputs (_("certificate chain too long\n"), fp);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
ksba_cert_release (cert);
|
||||||
if (raw_mode)
|
if (raw_mode)
|
||||||
list_cert_raw (ctrl, hd, next, fp, 0, with_validation);
|
list_cert_raw (ctrl, hd, next, fp, 0, with_validation);
|
||||||
else
|
else
|
||||||
|
Loading…
x
Reference in New Issue
Block a user