[Pkg-gnupg-commit] [gnupg2] 144/185: gpg: Filter keys received via DANE

Mon Aug 7 11:55:30 UTC 2017

This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch experimental
in repository gnupg2.

commit f6f0dd4d5ea85e0b16e96d7678b1d508182049a8
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Jul 24 19:35:45 2017 +0200

    gpg: Filter keys received via DANE
    
    * g10/keyserver.c (keyserver_import_cert): Use an import filter in
    DANE mode.
    --
    
    We only want to see the user ids requested via DANE and not any
    additional ids.  This filter enables this in the same way we do this
    in WKD.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>
---
 g10/keyserver.c | 32 +++++++++++++++++++++++++++-----
 1 file changed, 27 insertions(+), 5 deletions(-)

diff --git a/g10/keyserver.c b/g10/keyserver.c
index bec30e3..a84961e 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -1926,14 +1926,36 @@ keyserver_import_cert (ctrl_t ctrl, const char *name, int dane_mode,
   else if (key)
     {
       int armor_status=opt.no_armor;
+      import_filter_t save_filt;
 
       /* CERTs and DANE records are always in binary format */
       opt.no_armor=1;
-
-      err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len,
-                                   (opt.keyserver_options.import_options
-                                    | IMPORT_NO_SECKEY),
-                                   NULL, NULL, KEYORG_DANE);
+      if (dane_mode)
+        {
+          save_filt = save_and_clear_import_filter ();
+          if (!save_filt)
+            err = gpg_error_from_syserror ();
+          else
+            {
+              char *filtstr = es_bsprintf ("keep-uid=mbox = %s", look);
+              err = filtstr? 0 : gpg_error_from_syserror ();
+              if (!err)
+                err = parse_and_set_import_filter (filtstr);
+              xfree (filtstr);
+              if (!err)
+                err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len,
+                                             IMPORT_NO_SECKEY,
+                                             NULL, NULL, KEYORG_DANE);
+              restore_import_filter (save_filt);
+            }
+        }
+      else
+        {
+          err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len,
+                                       (opt.keyserver_options.import_options
+                                        | IMPORT_NO_SECKEY),
+                                       NULL, NULL, 0);
+        }
 
       opt.no_armor=armor_status;
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git

