g10: Fix find_and_check_key for multiple keyrings.

* g10/pkclist.c (find_and_check_key): Call get_validity on a specific keyblock. -- When we have multiple keyrings, get_validity after get_best_pubkey_byname should access same keyring. Or else, the situation of an expired key in keyring A but valid key in keyring B causes SEGV. Thanks to Guido Günther for the use case and the log. Debian-bug-id: 878812 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-12-22 10:19:57 +01:00 · 2017-10-19 11:08:24 +09:00 · 2017-10-19 11:08:24 +09:00 · d07de38627
commit d07de38627
parent 7c73db3d31
1 changed files with 5 additions and 2 deletions
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@ -826,6 +826,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
 {
  int rc;
  PKT_public_key *pk;
+  KBNODE keyblock = NULL;

  if (!name || !*name)
    return gpg_error (GPG_ERR_INV_USER_ID);
@ -838,7 +839,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
  if (from_file)
    rc = get_pubkey_fromfile (ctrl, pk, name);
  else
-    rc = get_best_pubkey_byname (ctrl, NULL, pk, name, NULL, 0, 0);
+    rc = get_best_pubkey_byname (ctrl, NULL, pk, name, &keyblock, 0, 0);
  if (rc)
    {
      int code;
@ -861,6 +862,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
  if (rc)
    {
      /* Key found but not usable for us (e.g. sign-only key). */
+      release_kbnode (keyblock);
      send_status_inv_recp (3, name); /* Wrong key usage */
      log_error (_("%s: skipped: %s\n"), name, gpg_strerror (rc) );
      free_public_key (pk);
@ -872,7 +874,8 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
    {
      int trustlevel;

-      trustlevel = get_validity (ctrl, NULL, pk, pk->user_id, NULL, 1);
+      trustlevel = get_validity (ctrl, keyblock, pk, pk->user_id, NULL, 1);
+      release_kbnode (keyblock);
      if ( (trustlevel & TRUST_FLAG_DISABLED) )
        {
          /* Key has been disabled. */