[Pkg-gnupg-commit] [gpgme] 51/132: core: Handle multiple TOFU_USER lines in verify
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Apr 26 01:01:22 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch experimental
in repository gpgme.
commit 195c73589232160f45d00f4901c9bb2b0162f0e5
Author: Andre Heinecke <aheinecke at intevation.de>
Date: Thu Feb 2 14:02:31 2017 +0100
core: Handle multiple TOFU_USER lines in verify
* src/verify.c (op_data_t): Add conflict_user_seen.
(parse_tofu_user): Return ERR_DUP_VALUE for mutltiple TOFU_USERS.
(_gpgme_verify_status_handler): Handle ERR_DUP_VALUE from
parse_tofu_user to ignore the next TOFU_STATS.
--
This fixes TOFU Conflict verification with GnuPG-2.1.17 and 2.1.18
GnuPG-Bug-Id: 2914
---
src/verify.c | 39 +++++++++++++++++++++++++++++++--------
1 file changed, 31 insertions(+), 8 deletions(-)
diff --git a/src/verify.c b/src/verify.c
index faa8deb..398cec5 100644
--- a/src/verify.c
+++ b/src/verify.c
@@ -46,6 +46,7 @@ typedef struct
int did_prepare_new_sig;
int only_newsig_seen;
int plaintext_seen;
+ int conflict_user_seen;
} *op_data_t;
@@ -680,6 +681,14 @@ parse_tofu_user (gpgme_signature_t sig, char *args, gpgme_protocol_t protocol)
goto leave;
}
+ if (sig->key && sig->key->fpr && strcmp (sig->key->fpr, fpr))
+ {
+ /* GnuPG since 2.1.17 emits multiple TOFU_USER lines with
+ different fingerprints in case of conflicts for a signature. */
+ err = GPG_ERR_DUP_VALUE;
+ goto leave;
+ }
+
args = tail;
tail = strchr (args, ' ');
if (tail == args)
@@ -708,12 +717,6 @@ parse_tofu_user (gpgme_signature_t sig, char *args, gpgme_protocol_t protocol)
err = trace_gpg_error (GPG_ERR_INTERNAL);
goto leave;
}
- else if (strcmp (sig->key->fpr, fpr))
- {
- /* The engine did not emit NEWSIG before a new key. */
- err = trace_gpg_error (GPG_ERR_INV_ENGINE);
- goto leave;
- }
err = _gpgme_key_append_name (sig->key, address, 0);
if (err)
@@ -930,6 +933,7 @@ _gpgme_verify_status_handler (void *priv, gpgme_status_code_t code, char *args)
calc_sig_summary (sig);
err = prepare_new_sig (opd);
opd->only_newsig_seen = 1;
+ opd->conflict_user_seen = 0;
return err;
case GPGME_STATUS_GOODSIG:
@@ -995,16 +999,35 @@ _gpgme_verify_status_handler (void *priv, gpgme_status_code_t code, char *args)
case GPGME_STATUS_TOFU_USER:
opd->only_newsig_seen = 0;
- return sig ? parse_tofu_user (sig, args, ctx->protocol)
- /* */ : trace_gpg_error (GPG_ERR_INV_ENGINE);
+ if (!sig)
+ return trace_gpg_error (GPG_ERR_INV_ENGINE);
+ err = parse_tofu_user (sig, args, ctx->protocol);
+ /* gpg emits TOFU User lines for each conflicting key.
+ GPGME does not expose this to have a clean API and
+ a GPGME user can do a keylisting with the address
+ normalisation.
+ So when a duplicated TOFU_USER line is encountered
+ we ignore the conflicting tofu stats emited afterwards.
+ */
+ if (err == GPG_ERR_DUP_VALUE)
+ {
+ opd->conflict_user_seen = 1;
+ break;
+ }
+ opd->conflict_user_seen = 0;
+ return trace_gpg_error (err);
case GPGME_STATUS_TOFU_STATS:
opd->only_newsig_seen = 0;
+ if (opd->conflict_user_seen)
+ break;
return sig ? parse_tofu_stats (sig, args)
/* */ : trace_gpg_error (GPG_ERR_INV_ENGINE);
case GPGME_STATUS_TOFU_STATS_LONG:
opd->only_newsig_seen = 0;
+ if (opd->conflict_user_seen)
+ break;
return sig ? parse_tofu_stats_long (sig, args, ctx->raw_description)
/* */ : trace_gpg_error (GPG_ERR_INV_ENGINE);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gpgme.git
More information about the Pkg-gnupg-commit
mailing list