diff options
| author | David Shaw <[email protected]> | 2003-12-10 14:57:38 +0000 |
|---|---|---|
| committer | David Shaw <[email protected]> | 2003-12-10 14:57:38 +0000 |
| commit | c6f07b53b25e7e3b7633b9c808a464ebab04b1f2 (patch) | |
| tree | cb6e04b31510c263b77b3218aec47387ff8a0941 | |
| parent | * gpg.sgml: Fix a few missing semicolons in & entities. Noted by (diff) | |
| download | gnupg-c6f07b53b25e7e3b7633b9c808a464ebab04b1f2.tar.gz gnupg-c6f07b53b25e7e3b7633b9c808a464ebab04b1f2.zip | |
* getkey.c (get_pubkey_fast): This one is sort of obscure. get_pubkey_fast
returns the primary key when requesting a subkey, so if a user has a key
signed by a subkey (we don't do this, but used to), AND that key is not
self-signed, AND the algorithm of the subkey in question is not present in
GnuPG, AND the algorithm of the primary key that owns the subkey in
question is present in GnuPG, then we will try and verify the subkey
signature using the primary key algorithm and hit a BUG(). The fix is to
not return a hit if the keyid is not the primary. All other users of
get_pubkey_fast already expect a primary only.
| -rw-r--r-- | g10/ChangeLog | 13 | ||||
| -rw-r--r-- | g10/getkey.c | 17 |
2 files changed, 25 insertions, 5 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 8580977d9..6ced690c6 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,16 @@ +2003-12-10 David Shaw <[email protected]> + + * getkey.c (get_pubkey_fast): This one is sort of obscure. + get_pubkey_fast returns the primary key when requesting a subkey, + so if a user has a key signed by a subkey (we don't do this, but + used to), AND that key is not self-signed, AND the algorithm of + the subkey in question is not present in GnuPG, AND the algorithm + of the primary key that owns the subkey in question is present in + GnuPG, then we will try and verify the subkey signature using the + primary key algorithm and hit a BUG(). The fix is to not return a + hit if the keyid is not the primary. All other users of + get_pubkey_fast already expect a primary only. + 2003-12-04 David Shaw <[email protected]> * getkey.c (merge_selfsigs_main, merge_selfsigs_subkey, diff --git a/g10/getkey.c b/g10/getkey.c index 684e617d4..cfa65af3f 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -375,13 +375,15 @@ get_pubkey( PKT_public_key *pk, u32 *keyid ) /* Get a public key and store it into the allocated pk. This function differs from get_pubkey() in that it does not do a check of the key - to avoid recursion. It should be used only in very certain cases. */ + to avoid recursion. It should be used only in very certain cases. + It will only retrieve primary keys. */ int get_pubkey_fast (PKT_public_key *pk, u32 *keyid) { int rc = 0; KEYDB_HANDLE hd; KBNODE keyblock; + u32 pkid[2]; assert (pk); #if MAX_PK_CACHE_ENTRIES @@ -414,20 +416,25 @@ get_pubkey_fast (PKT_public_key *pk, u32 *keyid) log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc)); return G10ERR_NO_PUBKEY; } - + assert ( keyblock->pkt->pkttype == PKT_PUBLIC_KEY || keyblock->pkt->pkttype == PKT_PUBLIC_SUBKEY ); - copy_public_key (pk, keyblock->pkt->pkt.public_key ); + + keyid_from_pk(keyblock->pkt->pkt.public_key,pkid); + if(keyid[0]==pkid[0] && keyid[1]==pkid[1]) + copy_public_key (pk, keyblock->pkt->pkt.public_key ); + else + rc=G10ERR_NO_PUBKEY; + release_kbnode (keyblock); /* Not caching key here since it won't have all of the fields properly set. */ - return 0; + return rc; } - KBNODE get_pubkeyblock( u32 *keyid ) { |