[Pkg-gnupg-commit] [gnupg2] 10/49: g10: Fix find_and_check_key for multiple keyrings.

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Nov 8 19:30:52 UTC 2017 

This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch master
in repository gnupg2.

commit d07de3862710d88bc80d6f6c5ca8da5cf38ff0eb
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Thu Oct 19 11:08:24 2017 +0900

    g10: Fix find_and_check_key for multiple keyrings.
    
    * g10/pkclist.c (find_and_check_key): Call get_validity on a specific
    keyblock.
    
    --
    
    When we have multiple keyrings, get_validity after
    get_best_pubkey_byname should access same keyring.  Or else, the
    situation of an expired key in keyring A but valid key in keyring B
    causes SEGV.
    
    Thanks to Guido Günther for the use case and the log.
    
    Debian-bug-id: 878812
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
---
 g10/pkclist.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/g10/pkclist.c b/g10/pkclist.c
index 67d932e..220936c 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -826,6 +826,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
 {
   int rc;
   PKT_public_key *pk;
+  KBNODE keyblock = NULL;
 
   if (!name || !*name)
     return gpg_error (GPG_ERR_INV_USER_ID);
@@ -838,7 +839,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
   if (from_file)
     rc = get_pubkey_fromfile (ctrl, pk, name);
   else
-    rc = get_best_pubkey_byname (ctrl, NULL, pk, name, NULL, 0, 0);
+    rc = get_best_pubkey_byname (ctrl, NULL, pk, name, &keyblock, 0, 0);
   if (rc)
     {
       int code;
@@ -861,6 +862,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
   if (rc)
     {
       /* Key found but not usable for us (e.g. sign-only key). */
+      release_kbnode (keyblock);
       send_status_inv_recp (3, name); /* Wrong key usage */
       log_error (_("%s: skipped: %s\n"), name, gpg_strerror (rc) );
       free_public_key (pk);
@@ -872,7 +874,8 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
     {
       int trustlevel;
 
-      trustlevel = get_validity (ctrl, NULL, pk, pk->user_id, NULL, 1);
+      trustlevel = get_validity (ctrl, keyblock, pk, pk->user_id, NULL, 1);
+      release_kbnode (keyblock);
       if ( (trustlevel & TRUST_FLAG_DISABLED) )
         {
           /* Key has been disabled. */

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git

More information about the Pkg-gnupg-commit mailing list