[Pkg-gnupg-commit] [gnupg2] 36/124: gpg: Do not allow the user to revoke the last valid UID.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Apr 5 15:55:30 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch experimental
in repository gnupg2.
commit 591b6a9d879cbcabb089d89a26d3c3e0306054e1
Author: Justus Winter <justus at g10code.com>
Date: Thu Mar 2 14:14:55 2017 +0100
gpg: Do not allow the user to revoke the last valid UID.
* g10/keyedit.c (keyedit_quick_revuid): Merge self signatures, then
make sure that we do not revoke the last valid UID.
(menu_revuid): Make sure that we do not revoke the last valid UID.
* tests/openpgp/quick-key-manipulation.scm: Demonstrate that
'--quick-revoke-uid' can not be used to revoke the last valid UID.
GnuPG-bug-id: 2960
Signed-off-by: Justus Winter <justus at g10code.com>
---
g10/keyedit.c | 41 +++++++++++++++++++++++++++++++-
tests/openpgp/quick-key-manipulation.scm | 5 ++++
2 files changed, 45 insertions(+), 1 deletion(-)
diff --git a/g10/keyedit.c b/g10/keyedit.c
index c10a011..660e8bf 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -2966,6 +2966,7 @@ keyedit_quick_revuid (ctrl_t ctrl, const char *username, const char *uidtorev)
kbnode_t node;
int modified = 0;
size_t revlen;
+ size_t valid_uids;
#ifdef HAVE_W32_SYSTEM
/* See keyedit_menu for why we need this. */
@@ -3019,7 +3020,16 @@ keyedit_quick_revuid (ctrl_t ctrl, const char *username, const char *uidtorev)
}
fix_keyblock (&keyblock);
- setup_main_keyids (keyblock);
+ merge_keys_and_selfsig (keyblock);
+
+ /* Too make sure that we do not revoke the last valid UID, we first
+ count how many valid UIDs there are. */
+ valid_uids = 0;
+ for (node = keyblock; node; node = node->next)
+ valid_uids +=
+ node->pkt->pkttype == PKT_USER_ID
+ && ! node->pkt->pkt.user_id->is_revoked
+ && ! node->pkt->pkt.user_id->is_expired;
revlen = strlen (uidtorev);
/* find the right UID */
@@ -3031,6 +3041,15 @@ keyedit_quick_revuid (ctrl_t ctrl, const char *username, const char *uidtorev)
{
struct revocation_reason_info *reason;
+ /* Make sure that we do not revoke the last valid UID. */
+ if (valid_uids == 1
+ && ! node->pkt->pkt.user_id->is_revoked
+ && ! node->pkt->pkt.user_id->is_expired)
+ {
+ log_error (_("Cannot revoke the last valid user ID.\n"));
+ goto leave;
+ }
+
reason = get_default_uid_revocation_reason ();
err = core_revuid (ctrl, keyblock, node, reason, &modified);
release_revocation_reason_info (reason);
@@ -6429,6 +6448,7 @@ menu_revuid (ctrl_t ctrl, kbnode_t pub_keyblock)
int changed = 0;
int rc;
struct revocation_reason_info *reason = NULL;
+ size_t valid_uids;
/* Note that this is correct as per the RFCs, but nevertheless
somewhat meaningless in the real world. 1991 did define the 0x30
@@ -6445,11 +6465,30 @@ menu_revuid (ctrl_t ctrl, kbnode_t pub_keyblock)
goto leave;
}
+ /* Too make sure that we do not revoke the last valid UID, we first
+ count how many valid UIDs there are. */
+ valid_uids = 0;
+ for (node = pub_keyblock; node; node = node->next)
+ valid_uids +=
+ node->pkt->pkttype == PKT_USER_ID
+ && ! node->pkt->pkt.user_id->is_revoked
+ && ! node->pkt->pkt.user_id->is_expired;
+
reloop: /* (better this way because we are modifying the keyring) */
for (node = pub_keyblock; node; node = node->next)
if (node->pkt->pkttype == PKT_USER_ID && (node->flag & NODFLG_SELUID))
{
int modified = 0;
+
+ /* Make sure that we do not revoke the last valid UID. */
+ if (valid_uids == 1
+ && ! node->pkt->pkt.user_id->is_revoked
+ && ! node->pkt->pkt.user_id->is_expired)
+ {
+ log_error (_("Cannot revoke the last valid user ID.\n"));
+ goto leave;
+ }
+
rc = core_revuid (ctrl, pub_keyblock, node, reason, &modified);
if (rc)
goto leave;
diff --git a/tests/openpgp/quick-key-manipulation.scm b/tests/openpgp/quick-key-manipulation.scm
index 08ef626..9fd5b6b 100755
--- a/tests/openpgp/quick-key-manipulation.scm
+++ b/tests/openpgp/quick-key-manipulation.scm
@@ -81,6 +81,11 @@
(call-check `(, at GPG --quick-revoke-uid ,(exact bravo) ,charlie))
(error "Expected an error, but get none."))
+(info "Checking that we get an error revoking the last valid user ID.")
+(catch '()
+ (call-check `(, at GPG --quick-revoke-uid ,(exact bravo) ,bravo))
+ (error "Expected an error, but get none."))
+
(assert (= 1 (count-uids-of-secret-key bravo)))
(info "Checking that we can change the expiration time.")
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list