[Pkg-gnupg-commit] [gnupg2] 59/292: gpg: Improve WKD by importing only the requested UID.

[Daniel Kahn Gillmor]

This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch master
in repository gnupg2.

commit cbf2ac66692daa7a324108724698d60d6c7e473f
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Sep 28 15:35:31 2016 +0200

    gpg: Improve WKD by importing only the requested UID.
    
    * g10/keyserver.c: Include mbox-util.h.
    (keyserver_import_wkd): Do not use the global import options but
    employ an import filter.
    --
    
    We also make sure that an mbox has been passed to keyserver_import_wkd
    so it may also be called with a complete user id (which is currently
    not the case).
    
    Signed-off-by: Werner Koch <wk at gnupg.org>
---
 g10/keyserver.c | 37 ++++++++++++++++++++++++++++++++-----
 1 file changed, 32 insertions(+), 5 deletions(-)

diff --git a/g10/keyserver.c b/g10/keyserver.c
index 2e2d6a4..4239469 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -41,6 +41,7 @@
 #include "keyserver-internal.h"
 #include "util.h"
 #include "membuf.h"
+#include "mbox-util.h"
 #include "call-dirmngr.h"
 
 #ifdef HAVE_W32_SYSTEM
@@ -2011,29 +2012,55 @@ keyserver_import_wkd (ctrl_t ctrl, const char *name,
                       unsigned char **fpr, size_t *fpr_len)
 {
   gpg_error_t err;
+  char *mbox;
   estream_t key;
 
-  err = gpg_dirmngr_wkd_get (ctrl, name, &key);
+  /* We want to work on the mbox.  That is what dirmngr will do anyway
+   * and we need the mbox for the import filter anyway.  */
+  mbox = mailbox_from_userid (name);
+  if (!mbox)
+    {
+      err = gpg_error_from_syserror ();
+      if (gpg_err_code (err) == GPG_ERR_EINVAL)
+        err = gpg_error (GPG_ERR_INV_USER_ID);
+      return err;
+    }
+
+  err = gpg_dirmngr_wkd_get (ctrl, mbox, &key);
   if (err)
     ;
   else if (key)
     {
       int armor_status = opt.no_armor;
+      import_filter_t save_filt;
 
       /* Keys returned via WKD are in binary format. */
       opt.no_armor = 1;
+      save_filt = save_and_clear_import_filter ();
+      if (!save_filt)
+        err = gpg_error_from_syserror ();
+      else
+        {
+          char *filtstr = es_bsprintf ("keep-uid=mbox = %s", mbox);
+          err = filtstr? 0 : gpg_error_from_syserror ();
+          if (!err)
+            err = parse_and_set_import_filter (filtstr);
+          xfree (filtstr);
+          if (!err)
+            err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len,
+                                         IMPORT_NO_SECKEY,
+                                         NULL, NULL);
 
-      err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len,
-                                   (opt.keyserver_options.import_options
-                                    | IMPORT_NO_SECKEY),
-                                   NULL, NULL);
+        }
 
+      restore_import_filter (save_filt);
       opt.no_armor = armor_status;
 
       es_fclose (key);
       key = NULL;
     }
 
+  xfree (mbox);
   return err;
 }
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git