security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-18 14:17:03 +01:00
Code Activity

g10: If a key has no valid user ids, change TOFU to return TRUST_NEVER.

Browse Source 
* g10/tofu.c (tofu_get_validity): If a key has no valid (non-expired)
user ids, change TOFU to return TRUST_NEVER.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
This commit is contained in:
Neal H. Walfield 2016-08-30 12:36:55 +02:00
parent 6052c14709
commit d0451440c0
1 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
g10/tofu.c
View File

@ -2444,6 +2444,8 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list,
char *fingerprint = NULL; char *fingerprint = NULL;
strlist_t user_id; strlist_t user_id;
int trust_level = TRUST_UNKNOWN; int trust_level = TRUST_UNKNOWN;
int bindings = 0;
int bindings_valid = 0;
dbs = opendbs (ctrl); dbs = opendbs (ctrl);
if (! dbs) if (! dbs)
@ -2457,7 +2459,7 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list,
begin_transaction (ctrl, 0); begin_transaction (ctrl, 0);
for (user_id = user_id_list; user_id; user_id = user_id->next) for (user_id = user_id_list; user_id; user_id = user_id->next, bindings ++)
{ {
char *email = email_from_user_id (user_id->d); char *email = email_from_user_id (user_id->d);
@ -2481,6 +2483,9 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list,
if (user_id->flags) if (user_id->flags)
tl = TRUST_EXPIRED; tl = TRUST_EXPIRED;
if (tl != TRUST_EXPIRED)
bindings_valid ++;
if (may_ask && tl != TRUST_ULTIMATE && tl != TRUST_EXPIRED) if (may_ask && tl != TRUST_ULTIMATE && tl != TRUST_EXPIRED)
show_statistics (dbs, fingerprint, email, user_id->d, NULL, NULL); show_statistics (dbs, fingerprint, email, user_id->d, NULL, NULL);
@ -2512,6 +2517,16 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list,
end_transaction (ctrl, 0); end_transaction (ctrl, 0);
xfree (fingerprint); xfree (fingerprint);
if (bindings_valid == 0)
{
if (DBG_TRUST)
log_debug ("no (of %d) valid bindings."
" Can't get TOFU validity for this set of user ids.\n",
bindings);
return TRUST_NEVER;
}
return trust_level; return trust_level;
} }