Much stricter checking of the keyserver URI

IDEA warning for pk messages encrypted with IDEA (symmetric is already done)
Print IDEA warning for each occurance except for secret key protection and
unknown cipher from an encrypted message.

g10/ChangeLog

@@ -1,3 +1,18 @@
+2001-12-18  David Shaw  <dshaw@jabberwocky.com>
+
+	* g10.c (idea_cipher_warn): Add a flag to show the warning always
+	or once per session and change all callers (show always except for
+	the secret key protection and unknown cipher from an encrypted
+	message errors).  Also make the strings translatable.
+
+	* pubkey-enc.c (get_it): Add the IDEA cipher warning if the user
+	tries to decrypt an IDEA encrypted message without the IDEA
+	plugin.
+
+	* keyserver.c (parse_keyserver_uri): More strict checking of the
+	keyserver URI.  Specifically, fail if the ":port" section is
+	anything except a number between 1 and 65535.
+
 2001-12-17  David Shaw  <dshaw@jabberwocky.com>
 
 	* keyserver.c (print_keyinfo): No need to check for

g10/g10.c

@@ -1243,7 +1243,7 @@ main( int argc, char **argv )
 	      {
 		log_info(_("encrypting a message in --pgp2 mode requires "
 			   "the IDEA cipher\n"));
-		idea_cipher_warn();
+		idea_cipher_warn(1);
 		unusable=1;
 	      }
 	    else
@@ -1278,7 +1278,7 @@ main( int argc, char **argv )
     if( def_cipher_string ) {
 	opt.def_cipher_algo = string_to_cipher_algo(def_cipher_string);
 	if(opt.def_cipher_algo==0 && strcasecmp(def_cipher_string,"idea")==0)
-	  idea_cipher_warn();
+	  idea_cipher_warn(1);
 	m_free(def_cipher_string); def_cipher_string = NULL;
 	if( check_cipher_algo(opt.def_cipher_algo) )
 	    log_error(_("selected cipher algorithm is invalid\n"));
@@ -2142,15 +2142,15 @@ check_policy_url( const char *s )
 
 /* Special warning for the IDEA cipher */
 void
-idea_cipher_warn(void)
+idea_cipher_warn(int show)
 {
   static int warned=0;
 
-  if(!warned)
+  if(!warned || show)
     {
-      log_info("the IDEA cipher plugin is not present\n");
+      log_info(_("the IDEA cipher plugin is not present\n"));
-      log_info("please see http://www.gnupg.org/why-not-idea.html "
+      log_info(_("please see http://www.gnupg.org/why-not-idea.html "
-	       "for more information\n");
+		 "for more information\n"));
       warned=1;
     }
 }

g10/gpgv.c

@@ -302,7 +302,7 @@ passphrase_to_dek( u32 *keyid, int pubkey_algo,
 
 /* Stub: no decrypting, so no IDEA needed */
 void
-idea_cipher_warn(void) {}
+idea_cipher_warn( int show ) {}
 
 /* Stubs to void linking to ../cipher/cipher.c */
 int string_to_cipher_algo( const char *string ) { return 0; }

g10/keygen.c

@@ -178,7 +178,7 @@ set_one_pref (ulong val, int type, int (*cf)(int), byte *buf, int *nbuf)
     if (cf (val)) {
         log_info (_("preference %c%lu is not valid\n"), type, val);
 	if(type=='S' && val==CIPHER_ALGO_IDEA)
-	  idea_cipher_warn();
+	  idea_cipher_warn(1);
         return -1;
     }
     for (i=0; i < *nbuf; i++ ) {

g10/keyserver.c

@@ -24,6 +24,7 @@
 #include <unistd.h>
 #include <errno.h>
 #include <string.h>
+#include <ctype.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <sys/stat.h>
@@ -121,13 +122,27 @@ parse_keyserver_uri(char *uri)
     opt.keyserver_port="0";
   else
     {
+      unsigned char *ch;
+
       /* Get the port */
       opt.keyserver_port=strsep(&uri,"/");
-      if(atoi(opt.keyserver_port)==0)
+
-	opt.keyserver_port="0";
+      /* Ports are digits only */
+      ch=opt.keyserver_port;
+      while(*ch!='\0')
+	{
+	  if(!isdigit(*ch))
+	    return G10ERR_BAD_URI;
+
+	  ch++;
 	}
 
-  /* (any path part of the URI is discarded) */
+      if(strlen(opt.keyserver_port)==0 ||
+	 atoi(opt.keyserver_port)<1 || atoi(opt.keyserver_port)>65535)
+	return G10ERR_BAD_URI;
+    }
+
+  /* (any path part of the URI is discarded for now) */
 
   if(opt.keyserver_scheme[0]=='\0' || opt.keyserver_host[0]=='\0')
     return G10ERR_BAD_URI;

g10/main.h

@@ -48,7 +48,7 @@ extern int g10_errors_seen;
 void print_pubkey_algo_note( int algo );
 void print_cipher_algo_note( int algo );
 void print_digest_algo_note( int algo );
-void idea_cipher_warn(void);
+void idea_cipher_warn( int show );
 const char *get_temp_dir(void);
 
 /*-- armor.c --*/

g10/mainproc.c

@@ -432,7 +432,7 @@ proc_encrypted( CTX c, PACKET *pkt )
             algo = opt.def_cipher_algo;
             if (!algo)
                 algo = opt.s2k_cipher_algo;
-	    idea_cipher_warn();
+	    idea_cipher_warn(1);
             log_info (_("IDEA cipher unavailable, "
                         "optimistically attempting to use %s instead\n"),
                        cipher_algo_to_string(algo));

g10/pubkey-enc.c

@@ -32,6 +32,7 @@
 #include "cipher.h"
 #include "status.h"
 #include "options.h"
+#include "main.h"
 #include "i18n.h"
 
 static int get_it( PKT_pubkey_enc *k,
@@ -175,6 +176,8 @@ get_it( PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid )
 	if( !opt.quiet && rc == G10ERR_CIPHER_ALGO ) {
 	    log_info(_("cipher algorithm %d%s is unknown or disabled\n"),
                      dek->algo, dek->algo == CIPHER_ALGO_IDEA? " (IDEA)":"");
+	    if(dek->algo==CIPHER_ALGO_IDEA)
+	      idea_cipher_warn(0);
 	}
 	dek->algo = 0;
 	goto leave;

g10/seckey-cert.c

@@ -58,7 +58,7 @@ do_check( PKT_secret_key *sk )
 	if( check_cipher_algo( sk->protect.algo ) ) {
 	    log_info(_("protection algorithm %d%s is not supported\n"),
 			sk->protect.algo,sk->protect.algo==1?" (IDEA)":"" );
-	    idea_cipher_warn();
+	    idea_cipher_warn(0);
 	    return G10ERR_CIPHER_ALGO;
 	}
 	keyid_from_sk( sk, keyid );