[Pkg-gnupg-commit] [gnupg2] 145/159: avoid failing with an error if we mis-detect multiple keys (Closes: #807819)
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Jan 27 13:24:04 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit a666227967523a42b8f46e935541ab15dcda65e2
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Mon Jan 25 15:29:43 2016 -0500
avoid failing with an error if we mis-detect multiple keys (Closes: #807819)
---
debian/changelog | 7 +
...rror-out-if-a-key-occurs-multiple-times-i.patch | 182 +++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 190 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 732ea47..249f016 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+gnupg2 (2.1.10-4) unstable; urgency=medium
+
+ * avoid failing with an error if we mis-detect multiple keys (Closes:
+ #807819)
+
+ -- Daniel Kahn Gillmor <dkg at fifthhorseman.net> Mon, 25 Jan 2016 15:29:25 -0500
+
gnupg2 (2.1.10-3) unstable; urgency=medium
* avoid infinite loop when doing --gen-revoke by fingerprint
diff --git a/debian/patches/0008-gpg-Don-t-error-out-if-a-key-occurs-multiple-times-i.patch b/debian/patches/0008-gpg-Don-t-error-out-if-a-key-occurs-multiple-times-i.patch
new file mode 100644
index 0000000..93a1b79
--- /dev/null
+++ b/debian/patches/0008-gpg-Don-t-error-out-if-a-key-occurs-multiple-times-i.patch
@@ -0,0 +1,182 @@
+From: "Neal H. Walfield" <neal at g10code.com>
+Date: Fri, 11 Dec 2015 11:12:46 +0100
+Subject: gpg: Don't error out if a key occurs multiple times in the keyring.
+
+* g10/gpg.c (check_user_ids): Don't error out if a key occurs multiple
+times in the keyring. Instead, print a warning. When printing out
+fingerprint prints, use format_hexfingerprint to format them.
+
+--
+Signed-off-by: Neal H. Walfield <neal at g10code.com>
+---
+ g10/gpg.c | 114 ++++++++++++++++++++++++++++++++++++++++++++------------------
+ 1 file changed, 82 insertions(+), 32 deletions(-)
+
+diff --git a/g10/gpg.c b/g10/gpg.c
+index 2b48421..5c2a6c8 100644
+--- a/g10/gpg.c
++++ b/g10/gpg.c
+@@ -2116,6 +2116,8 @@ check_user_ids (strlist_t *sp,
+
+ KEYDB_HANDLE hd = NULL;
+
++ char fingerprint_formatted[MAX_FORMATTED_FINGERPRINT_LEN + 1];
++
+ /* A quick check to avoid allocating a new strlist if we can skip
+ all keys. Handles also the case of !SP. See below for details. */
+ for (t = s; t && (!(t->flags & PK_LIST_CONFIG)
+@@ -2135,6 +2137,9 @@ check_user_ids (strlist_t *sp,
+ size_t fingerprint_bin_len = sizeof (fingerprint_bin);
+ /* We also potentially need a ! at the end. */
+ char fingerprint[2 * MAX_FINGERPRINT_LEN + 1 + 1];
++ int added = 0;
++ int dups = 0;
++ int ambiguous = 0;
+
+ /* If the key has been given on the command line and it has not
+ been given by one of the encrypt-to options, we skip the
+@@ -2271,41 +2276,58 @@ check_user_ids (strlist_t *sp,
+ i = strlen (fingerprint);
+ fingerprint[i] = '!';
+ fingerprint[i + 1] = '\0';
++
++ add_to_strlist (&s2, fingerprint);
++ added = 1;
+ }
+- else
+- {
+- fingerprint_from_pk (pk, fingerprint_bin, &fingerprint_bin_len);
+- assert (fingerprint_bin_len == sizeof (fingerprint_bin));
+- bin2hex (fingerprint_bin, MAX_FINGERPRINT_LEN, fingerprint);
+- }
+
+- add_to_strlist (&s2, fingerprint);
++ /* We need the primary key's fingerprint to detect dups so
++ always format it. */
++ fingerprint_from_pk (pk, fingerprint_bin, &fingerprint_bin_len);
++ assert (fingerprint_bin_len == sizeof (fingerprint_bin));
++ bin2hex (fingerprint_bin, MAX_FINGERPRINT_LEN, fingerprint);
++
++ if (! added)
++ add_to_strlist (&s2, fingerprint);
+ s2->flags = s->flags;
+
+ release_kbnode (kb);
+
+ /* Continue the search. */
+ if (DBG_LOOKUP)
+- log_debug ("%s: Check for duplicates for %s='%s'\n",
++ log_debug ("%s: Checking if %s='%s' is ambiguous or there are dups\n",
+ __func__, option, t->d);
+- err = keydb_search (hd, &desc, 1, NULL);
+- if (! err)
+- /* Another result! */
++ while (1)
+ {
+ char fingerprint_bin2[MAX_FINGERPRINT_LEN];
+ size_t fingerprint_bin2_len = sizeof (fingerprint_bin2);
+ char fingerprint2[2 * MAX_FINGERPRINT_LEN + 1];
+
+- log_error (_("key specification '%s' is ambiguous\n"), t->d);
+- if (!opt.quiet)
+- log_info (_("(check argument of option '%s')\n"), option);
++ err = keydb_search (hd, &desc, 1, NULL);
++ if (gpg_err_code (err) == GPG_ERR_NOT_FOUND
++ || gpg_err_code (err) == GPG_ERR_EOF)
++ /* Not found => not ambiguous. */
++ break;
++ else if (err)
++ /* An error (other than "not found"). */
++ {
++ log_error (_("error searching the keyring: %s\n"),
++ gpg_strerror (err));
++ if (! rc)
++ rc = err;
+
+- if (! rc)
+- rc = GPG_ERR_AMBIGUOUS_NAME;
++ break;
++ }
++
++ /* Another result! */
+
+ err = keydb_get_keyblock (hd, &kb);
+ if (err)
+- log_error (_("error reading keyblock: %s\n"), gpg_strerror (err));
++ {
++ log_error (_("error reading keyblock: %s\n"), gpg_strerror (err));
++ if (! rc)
++ rc = err;
++ }
+ else
+ {
+ pk = kb->pkt->pkt.public_key;
+@@ -2313,25 +2335,53 @@ check_user_ids (strlist_t *sp,
+ assert (fingerprint_bin2_len == sizeof (fingerprint_bin2));
+ bin2hex (fingerprint_bin2, MAX_FINGERPRINT_LEN, fingerprint2);
+
+- /* TRANSLATORS: The %s prints a key specification which
+- for example has been given at the command line. Two
+- lines with fingerprints are printed after this message. */
+- log_info (_("'%s' matches at least:\n"), t->d);
+- log_info (" %s\n", fingerprint);
+- log_info (" %s\n", fingerprint2);
++ if (strcmp (fingerprint, fingerprint2) == 0)
++ dups ++;
++ else
++ {
++ ambiguous ++;
++
++ if (! rc)
++ rc = GPG_ERR_AMBIGUOUS_NAME;
++
++ if (ambiguous == 1)
++ {
++ /* TRANSLATORS: The %s prints a key
++ specification which for example has been
++ given at the command line. Lines with
++ fingerprints are printed after this
++ message. */
++ log_error (_("key specification '%s' is ambiguous\n"),
++ t->d);
++ if (!opt.quiet)
++ log_info (_("(check argument of option '%s')\n"),
++ option);
++
++ log_info (_("'%s' matches at least:\n"), t->d);
++ log_info (" %s\n",
++ format_hexfingerprint
++ (fingerprint,
++ fingerprint_formatted,
++ sizeof fingerprint_formatted));
++ }
++
++ log_info (" %s\n",
++ format_hexfingerprint
++ (fingerprint2,
++ fingerprint_formatted,
++ sizeof fingerprint_formatted));
++ }
+
+ release_kbnode (kb);
+ }
+ }
+- else if (! (gpg_err_code (err) == GPG_ERR_NOT_FOUND
+- || gpg_err_code (err) == GPG_ERR_EOF))
+- /* An error (other than "not found"). */
+- {
+- log_error (_("error searching the keyring: %s\n"),
+- gpg_strerror (err));
+- if (! rc)
+- rc = err;
+- }
++
++ if (dups)
++ log_info (_("Warning: %s appears in the keyring %d times.\n"),
++ format_hexfingerprint (fingerprint,
++ fingerprint_formatted,
++ sizeof fingerprint_formatted),
++ 1 + dups);
+ }
+
+ strlist_rev (&s2);
diff --git a/debian/patches/series b/debian/patches/series
index 1084b7b..9ab76a1 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,3 +5,4 @@
0005-include-sks-keyservers-CA-where-it-should-have-been-.patch
0006-Use-sks-keyservers-CA-by-default-for-the-hkps-pool.patch
0007-avoid-infinite-loop-when-doing-gen-revoke-by-fingerp.patch
+0008-gpg-Don-t-error-out-if-a-key-occurs-multiple-times-i.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list