[Pkg-gnupg-commit] [gnupg2] 10/49: g10: Fix find_and_check_key for multiple keyrings.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Nov 8 19:30:52 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit d07de3862710d88bc80d6f6c5ca8da5cf38ff0eb
Author: NIIBE Yutaka <gniibe at fsij.org>
Date: Thu Oct 19 11:08:24 2017 +0900
g10: Fix find_and_check_key for multiple keyrings.
* g10/pkclist.c (find_and_check_key): Call get_validity on a specific
keyblock.
--
When we have multiple keyrings, get_validity after
get_best_pubkey_byname should access same keyring. Or else, the
situation of an expired key in keyring A but valid key in keyring B
causes SEGV.
Thanks to Guido Günther for the use case and the log.
Debian-bug-id: 878812
Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
---
g10/pkclist.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/g10/pkclist.c b/g10/pkclist.c
index 67d932e..220936c 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -826,6 +826,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
{
int rc;
PKT_public_key *pk;
+ KBNODE keyblock = NULL;
if (!name || !*name)
return gpg_error (GPG_ERR_INV_USER_ID);
@@ -838,7 +839,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
if (from_file)
rc = get_pubkey_fromfile (ctrl, pk, name);
else
- rc = get_best_pubkey_byname (ctrl, NULL, pk, name, NULL, 0, 0);
+ rc = get_best_pubkey_byname (ctrl, NULL, pk, name, &keyblock, 0, 0);
if (rc)
{
int code;
@@ -861,6 +862,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
if (rc)
{
/* Key found but not usable for us (e.g. sign-only key). */
+ release_kbnode (keyblock);
send_status_inv_recp (3, name); /* Wrong key usage */
log_error (_("%s: skipped: %s\n"), name, gpg_strerror (rc) );
free_public_key (pk);
@@ -872,7 +874,8 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
{
int trustlevel;
- trustlevel = get_validity (ctrl, NULL, pk, pk->user_id, NULL, 1);
+ trustlevel = get_validity (ctrl, keyblock, pk, pk->user_id, NULL, 1);
+ release_kbnode (keyblock);
if ( (trustlevel & TRUST_FLAG_DISABLED) )
{
/* Key has been disabled. */
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list