[Pkg-gnupg-commit] [gnupg2] 113/185: gpg: Avoid asking by fpr and then by keyid during auto-key-retrieve.

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Aug 7 11:55:26 UTC 2017 

This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch experimental
in repository gnupg2.

commit 2e5459457473eb4b3e7b2b14815cb94faa66e8bb
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jul 19 13:03:43 2017 +0200

    gpg: Avoid asking by fpr and then by keyid during auto-key-retrieve.
    
    * g10/mainproc.c (check_sig_and_print): Track key server request via
    fingerprint.
    --
    
    New signatures carry the fingerprint and thus --auto-key-retrieve tries
    to lookup the key by fingerprint.  If that failed it used to also ask
    the same thing by KEYID - but the keyid is part of the fingerprint and
    thus it will either get no response or the wrong key back.  We can
    easily avoid this.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>
---
 g10/mainproc.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/g10/mainproc.c b/g10/mainproc.c
index c57925c..fddafd8 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -1658,6 +1658,7 @@ check_sig_and_print (CTX c, kbnode_t node)
   int is_revkey = 0;
   char *issuer_fpr;
   PKT_public_key *pk = NULL;  /* The public key for the signature or NULL. */
+  int tried_ks_by_fpr;
 
   if (opt.skip_verify)
     {
@@ -1886,6 +1887,7 @@ check_sig_and_print (CTX c, kbnode_t node)
    * that the signers fingerprint is encoded in the signature.  We
    * favor this over the WKD method (to be tried next), because an
    * arbitrary keyserver is less subject to web bug like monitoring.  */
+  tried_ks_by_fpr = 0;
   if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
       && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
       && keyserver_any_configured (c->ctrl))
@@ -1902,6 +1904,7 @@ check_sig_and_print (CTX c, kbnode_t node)
           pk = NULL;
           glo_ctrl.in_auto_key_retrieve++;
           res = keyserver_import_fprint (c->ctrl, p+1, n-1, opt.keyserver, 1);
+          tried_ks_by_fpr = 1;
           glo_ctrl.in_auto_key_retrieve--;
           if (!res)
             rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk);
@@ -1933,6 +1936,7 @@ check_sig_and_print (CTX c, kbnode_t node)
    * keyserver.  */
   if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
       && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
+      && !tried_ks_by_fpr
       && keyserver_any_configured (c->ctrl))
     {
       int res;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git

More information about the Pkg-gnupg-commit mailing list