[Pkg-gnupg-commit] [gnupg2] 53/166: gpg: Ensure TOFU bindings associated with UTKs are registered as usual
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Mar 16 22:33:05 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch experimental
in repository gnupg2.
commit 769272ba87f282a69e8d5f9bb27c86e6bec4496b
Author: Neal H. Walfield <neal at g10code.com>
Date: Thu Feb 2 14:24:38 2017 +0100
gpg: Ensure TOFU bindings associated with UTKs are registered as usual
* g10/tofu.c (get_trust): Call get_policy before short-circuiting the
policy lookup for ultimately trusted keys to make sure the binding is
added to the bindings table, if necessary.
Signed-off-by: Neal H. Walfield <neal at g10code.com>
GnuPG-bug-id: 2929
---
g10/tofu.c | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/g10/tofu.c b/g10/tofu.c
index 41bdd5f..85347bb 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -2306,7 +2306,11 @@ build_conflict_set (tofu_dbs_t dbs,
/* Return the effective policy for the binding <FINGERPRINT, EMAIL>
* (email has already been normalized) and any conflict information in
* *CONFLICT_SETP, if CONFLICT_SETP is not NULL. Returns
- * _tofu_GET_POLICY_ERROR if an error occurs. */
+ * _tofu_GET_POLICY_ERROR if an error occurs.
+ *
+ * This function registers the binding in the bindings table if it has
+ * not yet been registered.
+ */
static enum tofu_policy
get_policy (tofu_dbs_t dbs, PKT_public_key *pk,
const char *fingerprint, const char *user_id, const char *email,
@@ -2677,6 +2681,14 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
&& _tofu_GET_TRUST_ERROR != TRUST_FULLY
&& _tofu_GET_TRUST_ERROR != TRUST_ULTIMATE);
+ begin_transaction (ctrl, 0);
+ in_transaction = 1;
+
+ /* We need to call get_policy even if the key is ultimately trusted
+ * to make sure the binding has been registered. */
+ policy = get_policy (dbs, pk, fingerprint, user_id, email,
+ &conflict_set, now);
+
/* If the key is ultimately trusted, there is nothing to do. */
{
u32 kid[2];
@@ -2690,11 +2702,6 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
}
}
- begin_transaction (ctrl, 0);
- in_transaction = 1;
-
- policy = get_policy (dbs, pk, fingerprint, user_id, email,
- &conflict_set, now);
if (policy == TOFU_POLICY_AUTO)
{
policy = opt.tofu_default_policy;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list