[Pkg-gnupg-commit] [gnupg2] 81/116: gpg: Clean bogus subkey binding when cleaning a key.

Tue Jan 24 04:40:56 UTC 2017

This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch master
in repository gnupg2.

commit 356323768a1a29138581d0aceed0336ab8be0d5c
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Jan 17 10:26:34 2017 +0100

    gpg: Clean bogus subkey binding when cleaning a key.
    
    * g10/trust.c (clean_key): Also clean bogus subkey bindings.
    --
    
    GnuPG-bug-id: 2922
    Signed-off-by: Werner Koch <wk at gnupg.org>
---
 g10/export.c |  1 +
 g10/trust.c  | 34 +++++++++++++++++++++++++++-------
 2 files changed, 28 insertions(+), 7 deletions(-)

diff --git a/g10/export.c b/g10/export.c
index ad42b41..b36200a 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -1518,6 +1518,7 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid,
   u32 subkidbuf[2], *subkid;
   kbnode_t kbctx, node;
 
+  /* NB: walk_kbnode skips packets marked as deleted.  */
   for (kbctx=NULL; (node = walk_kbnode (keyblock, &kbctx, 0)); )
     {
       if (skip_until_subkey)
diff --git a/g10/trust.c b/g10/trust.c
index 1024448..888b4ca 100644
--- a/g10/trust.c
+++ b/g10/trust.c
@@ -756,21 +756,41 @@ clean_one_uid (kbnode_t keyblock, kbnode_t uidnode, int noisy, int self_only,
 }
 
 
+/* NB: This function marks the deleted nodes only and the caller is
+ * responsible to skip or remove them.  */
 void
 clean_key (kbnode_t keyblock, int noisy, int self_only,
            int *uids_cleaned, int *sigs_cleaned)
 {
-  kbnode_t uidnode;
+  kbnode_t node;
 
   merge_keys_and_selfsig (keyblock);
 
-  for (uidnode = keyblock->next;
-       uidnode && !(uidnode->pkt->pkttype == PKT_PUBLIC_SUBKEY
-                    || uidnode->pkt->pkttype == PKT_SECRET_SUBKEY);
-       uidnode = uidnode->next)
+  for (node = keyblock->next;
+       node && !(node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+                    || node->pkt->pkttype == PKT_SECRET_SUBKEY);
+       node = node->next)
     {
-      if (uidnode->pkt->pkttype == PKT_USER_ID)
-        clean_one_uid (keyblock, uidnode,noisy, self_only,
+      if (node->pkt->pkttype == PKT_USER_ID)
+        clean_one_uid (keyblock, node, noisy, self_only,
                        uids_cleaned, sigs_cleaned);
     }
+
+  /* Remove bogus subkey binding signatures: The only signatures
+   * allowed are of class 0x18 and 0x28.  */
+  log_assert (!node || (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+                        || node->pkt->pkttype == PKT_SECRET_SUBKEY));
+  for (; node; node = node->next)
+    {
+      if (is_deleted_kbnode (node))
+        continue;
+      if (node->pkt->pkttype == PKT_SIGNATURE
+          && !(IS_SUBKEY_SIG (node->pkt->pkt.signature)
+                || IS_SUBKEY_REV (node->pkt->pkt.signature)))
+        {
+          delete_kbnode (node);
+          if (sigs_cleaned)
+            ++*sigs_cleaned;
+        }
+    }
 }

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git

