aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--g10/ChangeLog6
-rw-r--r--g10/import.c29
2 files changed, 22 insertions, 13 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog
index c0d9ac896..140a99219 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,9 @@
+2002-03-13 David Shaw <[email protected]>
+
+ * import.c (chk_self_sigs): any valid self-sig should mark a user
+ ID or subkey as valid - otherwise, an attacker could DoS the user
+ by inventing a bogus invalid self-signature.
+
2002-03-07 David Shaw <[email protected]>
* g10.c (main): make a few more strings translatable.
diff --git a/g10/import.c b/g10/import.c
index 9658530f1..044716f98 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -815,16 +815,18 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
(ulong)keyid[1]);
return -1; /* the complete keyblock is invalid */
}
- rc = check_key_signature( keyblock, n, NULL);
- if( rc ) {
- log_info( rc == G10ERR_PUBKEY_ALGO ?
- _("key %08lX: unsupported public key algorithm\n"):
- _("key %08lX: invalid self-signature\n"),
- (ulong)keyid[1]);
- unode->flag |= 2; /* mark as invalid */
+ /* If it hasn't been marked valid yet, keep trying */
+ if(!(unode->flag&1)) {
+ rc = check_key_signature( keyblock, n, NULL);
+ if( rc )
+ log_info( rc == G10ERR_PUBKEY_ALGO ?
+ _("key %08lX: unsupported public key algorithm\n"):
+ _("key %08lX: invalid self-signature\n"),
+ (ulong)keyid[1]);
+ else
+ unode->flag |= 1; /* mark that signature checked */
}
- unode->flag |= 1; /* mark that signature checked */
}
else if( sig->sig_class == 0x18 ) {
KBNODE knode = find_prev_kbnode( keyblock,
@@ -839,16 +841,17 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
n->flag |= 4; /* delete this */
}
else {
+ /* If it hasn't been marked valid yet, keep trying */
+ if(!(knode->flag&1)) {
rc = check_key_signature( keyblock, n, NULL);
- if( rc ) {
+ if( rc )
log_info( rc == G10ERR_PUBKEY_ALGO ?
_("key %08lX: unsupported public key algorithm\n"):
_("key %08lX: invalid subkey binding\n"),
(ulong)keyid[1]);
-
- knode->flag |= 2; /* mark as invalid */
- }
- knode->flag |= 1; /* mark that signature checked */
+ else
+ knode->flag |= 1; /* mark that signature checked */
+ }
}
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-19 20:06:17 +0000