[Pkg-gnupg-commit] [gnupg2] 114/118: g10: Only consider bindings matching the signer's user id.

Thu Sep 15 18:25:20 UTC 2016

This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch encoding-and-speling
in repository gnupg2.

commit 3f7f7447316f57d002d683af4ad30ac5730b9ebe
Author: Neal H. Walfield <neal at g10code.com>
Date:   Thu Sep 15 12:21:15 2016 +0200

    g10: Only consider bindings matching the signer's user id.
    
    * g10/trustdb.c (tdb_get_validity_core): If the signer's user id
    subpacket is present, only consider matching user ids.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>
---
 g10/trustdb.c | 40 +++++++++++++++++++++++++++++-----------
 1 file changed, 29 insertions(+), 11 deletions(-)

diff --git a/g10/trustdb.c b/g10/trustdb.c
index 5457ea1..029c8c3 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -1025,27 +1025,50 @@ tdb_get_validity_core (ctrl_t ctrl,
       kbnode_t kb = NULL;
       kbnode_t n = NULL;
       strlist_t user_id_list = NULL;
+      int done = 0;
 
       /* If the caller didn't supply a user id then use all uids.  */
       if (! uid)
 	kb = n = get_pubkeyblock (main_pk->keyid);
 
-      while (uid || (n = find_next_kbnode (n, PKT_USER_ID)))
+      if (DBG_TRUST && sig && sig->signers_uid)
+        log_debug ("TOFU: only considering user id: '%s'\n",
+                   sig->signers_uid);
+
+      while (!done && (uid || (n = find_next_kbnode (n, PKT_USER_ID))))
 	{
 	  PKT_user_id *user_id;
           int expired = 0;
 
 	  if (uid)
-	    user_id = uid;
+            {
+              user_id = uid;
+              /* If the caller specified a user id, then we only
+                 process the specified user id and are done after the
+                 first iteration.  */
+              done = 1;
+            }
 	  else
 	    user_id = n->pkt->pkt.user_id;
 
           if (user_id->attrib_data)
+            /* Skip user attributes.  */
+            continue;
+
+          if (sig && sig->signers_uid)
+            /* Make sure the UID matches.  */
             {
-              /* Skip user attributes.  */
-              if (uid)
-                break;
-              continue;
+              char *email = mailbox_from_userid (user_id->name);
+              if (!email || !*email || strcmp (sig->signers_uid, email) != 0)
+                {
+                  if (DBG_TRUST)
+                    log_debug ("TOFU: skipping user id '%s', which does"
+                               " not match the signer's email ('%s')\n",
+                               email, sig->signers_uid);
+                  xfree (email);
+                  continue;
+                }
+              xfree (email);
             }
 
           /* If the user id is revoked or expired, then skip it.  */
@@ -1073,11 +1096,6 @@ tdb_get_validity_core (ctrl_t ctrl,
 
           add_to_strlist (&user_id_list, user_id->name);
           user_id_list->flags = expired;
-
-          if (uid)
-            /* If the caller specified a user id, then we stop
-               now.  */
-            break;
         }
 
       /* Process the user ids in the order they appear in the key

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git

