security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

* getkey.c (get_pubkey_byname): Fix minor security problem with PKA when

Browse source 
importing at -r time.  The URL in the PKA record may point to a key put in
by an attacker.  Fix is to use the fingerprint from the PKA record as the
recipient.  This ensures that the PKA record is followed.

* keyserver-internal.h, keyserver.c (keyserver_import_pka): Return the
fingerprint we requested.
This commit is contained in:
David Shaw 2006-02-21 22:23:35 +00:00
parent e4206de3f5
commit d038b36c8f
5 changed files with 27 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

2
g10/gpgv.c
View file

@ -284,7 +284,7 @@ int
keyserver_import_cert(const char *name) { return -1; }
int
keyserver_import_pka(const char *name) { return -1; }
keyserver_import_pka(const char *name,unsigned char *fpr) { return -1; }
int
keyserver_import_name(const char *name) { return -1; }