[Pkg-gnupg-commit] [gnupg2] 114/118: g10: Only consider bindings matching the signer's user id.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Sep 15 18:25:20 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch encoding-and-speling
in repository gnupg2.
commit 3f7f7447316f57d002d683af4ad30ac5730b9ebe
Author: Neal H. Walfield <neal at g10code.com>
Date: Thu Sep 15 12:21:15 2016 +0200
g10: Only consider bindings matching the signer's user id.
* g10/trustdb.c (tdb_get_validity_core): If the signer's user id
subpacket is present, only consider matching user ids.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
---
g10/trustdb.c | 40 +++++++++++++++++++++++++++++-----------
1 file changed, 29 insertions(+), 11 deletions(-)
diff --git a/g10/trustdb.c b/g10/trustdb.c
index 5457ea1..029c8c3 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -1025,27 +1025,50 @@ tdb_get_validity_core (ctrl_t ctrl,
kbnode_t kb = NULL;
kbnode_t n = NULL;
strlist_t user_id_list = NULL;
+ int done = 0;
/* If the caller didn't supply a user id then use all uids. */
if (! uid)
kb = n = get_pubkeyblock (main_pk->keyid);
- while (uid || (n = find_next_kbnode (n, PKT_USER_ID)))
+ if (DBG_TRUST && sig && sig->signers_uid)
+ log_debug ("TOFU: only considering user id: '%s'\n",
+ sig->signers_uid);
+
+ while (!done && (uid || (n = find_next_kbnode (n, PKT_USER_ID))))
{
PKT_user_id *user_id;
int expired = 0;
if (uid)
- user_id = uid;
+ {
+ user_id = uid;
+ /* If the caller specified a user id, then we only
+ process the specified user id and are done after the
+ first iteration. */
+ done = 1;
+ }
else
user_id = n->pkt->pkt.user_id;
if (user_id->attrib_data)
+ /* Skip user attributes. */
+ continue;
+
+ if (sig && sig->signers_uid)
+ /* Make sure the UID matches. */
{
- /* Skip user attributes. */
- if (uid)
- break;
- continue;
+ char *email = mailbox_from_userid (user_id->name);
+ if (!email || !*email || strcmp (sig->signers_uid, email) != 0)
+ {
+ if (DBG_TRUST)
+ log_debug ("TOFU: skipping user id '%s', which does"
+ " not match the signer's email ('%s')\n",
+ email, sig->signers_uid);
+ xfree (email);
+ continue;
+ }
+ xfree (email);
}
/* If the user id is revoked or expired, then skip it. */
@@ -1073,11 +1096,6 @@ tdb_get_validity_core (ctrl_t ctrl,
add_to_strlist (&user_id_list, user_id->name);
user_id_list->flags = expired;
-
- if (uid)
- /* If the caller specified a user id, then we stop
- now. */
- break;
}
/* Process the user ids in the order they appear in the key
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list