1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

g10: Fix find_and_check_key for multiple keyrings.

* g10/pkclist.c (find_and_check_key): Call get_validity on a specific
keyblock.

--

When we have multiple keyrings, get_validity after
get_best_pubkey_byname should access same keyring.  Or else, the
situation of an expired key in keyring A but valid key in keyring B
causes SEGV.

Thanks to Guido Günther for the use case and the log.

Debian-bug-id: 878812
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2017-10-19 11:08:24 +09:00 committed by Werner Koch
parent 7c73db3d31
commit d07de38627
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B

View File

@ -826,6 +826,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
{ {
int rc; int rc;
PKT_public_key *pk; PKT_public_key *pk;
KBNODE keyblock = NULL;
if (!name || !*name) if (!name || !*name)
return gpg_error (GPG_ERR_INV_USER_ID); return gpg_error (GPG_ERR_INV_USER_ID);
@ -838,7 +839,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
if (from_file) if (from_file)
rc = get_pubkey_fromfile (ctrl, pk, name); rc = get_pubkey_fromfile (ctrl, pk, name);
else else
rc = get_best_pubkey_byname (ctrl, NULL, pk, name, NULL, 0, 0); rc = get_best_pubkey_byname (ctrl, NULL, pk, name, &keyblock, 0, 0);
if (rc) if (rc)
{ {
int code; int code;
@ -861,6 +862,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
if (rc) if (rc)
{ {
/* Key found but not usable for us (e.g. sign-only key). */ /* Key found but not usable for us (e.g. sign-only key). */
release_kbnode (keyblock);
send_status_inv_recp (3, name); /* Wrong key usage */ send_status_inv_recp (3, name); /* Wrong key usage */
log_error (_("%s: skipped: %s\n"), name, gpg_strerror (rc) ); log_error (_("%s: skipped: %s\n"), name, gpg_strerror (rc) );
free_public_key (pk); free_public_key (pk);
@ -872,7 +874,8 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
{ {
int trustlevel; int trustlevel;
trustlevel = get_validity (ctrl, NULL, pk, pk->user_id, NULL, 1); trustlevel = get_validity (ctrl, keyblock, pk, pk->user_id, NULL, 1);
release_kbnode (keyblock);
if ( (trustlevel & TRUST_FLAG_DISABLED) ) if ( (trustlevel & TRUST_FLAG_DISABLED) )
{ {
/* Key has been disabled. */ /* Key has been disabled. */