mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-02 22:46:30 +02:00
* getkey.c (get_pubkey_byname): Fix minor security problem with PKA when
importing at -r time. The URL in the PKA record may point to a key put in by an attacker. Fix is to use the fingerprint from the PKA record as the recipient. This ensures that the PKA record is followed. * keyserver-internal.h, keyserver.c (keyserver_import_pka): Return the fingerprint we requested.
This commit is contained in:
David Shaw
parent
e4206de3f5
commit
d038b36c8f
5 changed files with 27 additions and 6 deletions
|
|
@ -1979,12 +1979,11 @@ keyserver_import_cert(const char *name)
|
|||
|
||||
/* Import key pointed to by a PKA record */
|
||||
int
|
||||
keyserver_import_pka(const char *name)
|
||||
keyserver_import_pka(const char *name,unsigned char *fpr)
|
||||
{
|
||||
unsigned char fpr[MAX_FINGERPRINT_LEN];
|
||||
char *uri;
|
||||
int rc=-1;
|
||||
|
||||
|
||||
uri = get_pka_info (name, fpr);
|
||||
if (uri)
|
||||
{
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue