6 files changed, 92 insertions, 22 deletions

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 55a86fdc4..b82058350 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,7 +1,33 @@
+2001-12-15  Werner Koch  <[email protected]>
+
+	* keyserver.c (keyserver_spawn): Assert that we have dropped privs.
+
+2001-12-13  Werner Koch  <[email protected]>
+
+	* pubkey-enc.c (get_session_key): Check that the public key
+	algorithm is indeed usable for en/decryption.  This avoid a
+	strange error message from pubkey_decrypt if for some reasons a
+	bad algorithm indentifier is passed.
+
 2001-12-12  David Shaw  <[email protected]>
 
 	* Fixed some types for portability.  Noted by Stefan Bellon.
 
+2001-12-11  Werner Koch  <[email protected]>
+
+	* hkp.c (hkp_export): Do not print possible control characters
+	from a keyserver response.
+	(parse_hkp_index): Made uid an unsigned char* because it is passed to
+	isspace().
+	(hkp_search): Ditto for the char* vars.
+
+	* g10.c (main): Print the IDEA warning also for -c and -se.
+	
+	* g10.c (get_temp_dir): Assert that we have dropped privs
+
+	* encode.c (encode_crypt): Include the first key into the --pgp2
+	check.
+
 2001-12-07  David Shaw  <[email protected]>
 
 	* g10.c, options.h: New option --pgp2.  This is identical to
diff --git a/g10/encode.c b/g10/encode.c
index a90f35993..6c28b92a5 100644
--- a/g10/encode.c
+++ b/g10/encode.c
@@ -263,8 +263,8 @@ encode_crypt( const char *filename, STRLIST remusr )
     if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC)) )
 	return rc;
 
-    if(opt.pgp2)
-      for(work_list=pk_list;work_list->next!=NULL;work_list=work_list->next)
+    if(opt.pgp2) {
+      for(work_list=pk_list; work_list; work_list=work_list->next)
 	if(!(is_RSA(work_list->pk->pubkey_algo) &&
 	     nbits_from_pk(work_list->pk)<=2048))
 	  {
@@ -273,6 +273,7 @@ encode_crypt( const char *filename, STRLIST remusr )
 	    log_info(_("This message will not be usable by PGP 2.x\n"));
 	    break;
 	  }
+    }
 
     /* prepare iobufs */
     if( !(inp = iobuf_open(filename)) ) {
diff --git a/g10/g10.c b/g10/g10.c
index d9a524dcc..0b55d742e 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -1285,7 +1285,8 @@ main( int argc, char **argv )
 	opt.force_v3_sigs = 1;
 	opt.pgp2_workarounds = 1;
 	opt.def_cipher_algo = CIPHER_ALGO_IDEA;
-	if( cmd==aEncr && check_cipher_algo(CIPHER_ALGO_IDEA) ) {
+	if( (cmd==aEncr || cmd==aSym || cmd==aSignEncr)
+            && check_cipher_algo(CIPHER_ALGO_IDEA) ) {
 	  log_info(_("Encrypting a message to a PGP 2.x user requires "
 		     "the IDEA cipher module.\n"));
 	  log_error(_("Please see http://www.gnupg.org/why-not-idea.html"
@@ -2110,10 +2111,18 @@ check_policy_url( const char *s )
     return 0;
 }
 
-const char *get_temp_dir(void)
+const char *
+get_temp_dir(void)
 {
   char *tmp;
 
+#ifndef __MINGW32__
+  /* Don't allow to be setuid when we are going to create temporary
+     files or directories - yes, this is a bit paranoid */
+  if (getuid() != geteuid() )
+      BUG ();
+#endif
+
   if(opt.temp_dir)
     return opt.temp_dir;
 
diff --git a/g10/hkp.c b/g10/hkp.c
index 2586bdb5d..2b7cdd90f 100644
--- a/g10/hkp.c
+++ b/g10/hkp.c
@@ -165,7 +165,10 @@ hkp_export( STRLIST users )
 	if( opt.verbose ) {
 	    int c;
 	    while( (c=iobuf_get(hd.fp_read)) != EOF )
+              if ( c >= 32 && c < 127 )
 		putchar( c );
+              else
+                putchar ( '?' );
 	}
       #endif
 	if( (status/100) == 2 )
@@ -211,10 +214,12 @@ urlencode_filter( void *opaque, int control,
    LDAP server are close enough in output so the same function can
    parse them both. */
 
-static int parse_hkp_index(IOBUF buffer,char *line)
+static int 
+parse_hkp_index(IOBUF buffer,char *line)
 {
   static int open=0,revoked=0;
-  static char *key,*uid;
+  static char *key;
+  static unsigned char *uid;
   static u32 bits,createtime;
   int ret=0;
 
@@ -227,7 +232,7 @@ static int parse_hkp_index(IOBUF buffer,char *line)
 
       if(!(revoked && !opt.keyserver_options.include_revoked))
 	{
-	  char intstr[11];
+	  char intstr[20];
 
 	  iobuf_writestr(buffer,key);
 	  iobuf_writestr(buffer,":");
@@ -374,7 +379,8 @@ int hkp_search(STRLIST tokens)
 {
   int rc=0,len=0,first=1;
   unsigned int maxlen=1024,buflen=0;
-  char *searchstr=NULL,*searchurl=NULL,*request;
+  unsigned char *searchstr=NULL,*searchurl=NULL;
+  unsigned char *request;
   struct http_context hd;
   unsigned int hflags=opt.honor_http_proxy?HTTP_FLAG_TRY_PROXY:0;
   byte *line=NULL;
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 9c7e6b963..06f7150ae 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -49,7 +49,8 @@
 #define SEND   1
 #define SEARCH 2
 
-void parse_keyserver_options(char *options)
+void 
+parse_keyserver_options(char *options)
 {
   char *tok="";
 
@@ -98,7 +99,8 @@ void parse_keyserver_options(char *options)
     while(tok!=NULL);
 }
 
-int parse_keyserver_uri(char *uri)
+int 
+parse_keyserver_uri(char *uri)
 {
   /* Get the scheme */
 
@@ -134,7 +136,8 @@ int parse_keyserver_uri(char *uri)
 }
 
 /* Unquote only the delimiter character */
-static void printunquoted(char *string,char delim)
+static void 
+printunquoted(char *string,char delim)
 {
   char *ch=string;
 
@@ -160,7 +163,8 @@ static void printunquoted(char *string,char delim)
     }
 }
 
-static int print_keyinfo(int count,char *keystring,u32 *keyid)
+static int 
+print_keyinfo(int count,char *keystring,u32 *keyid)
 {
   char *certid,*userid,*keytype,*tok;
   int flags,keysize=0;
@@ -212,6 +216,7 @@ static int print_keyinfo(int count,char *keystring,u32 *keyid)
 
   printf("(%d)\t",count);
 
+#warning Hmmm, do we need to check for non-printable characters?  (wk)
   printunquoted(userid,':');
 
   if(flags&1)
@@ -235,7 +240,9 @@ static int print_keyinfo(int count,char *keystring,u32 *keyid)
   return 0;
 }
 
-static int keyserver_spawn(int action,STRLIST list,u32 (*kidlist)[2],int count)
+
+static int 
+keyserver_spawn(int action,STRLIST list,u32 (*kidlist)[2],int count)
 {
   int ret=KEYSERVER_INTERNAL_ERROR,i,to[2]={-1,-1},from[2]={-1,-1};
   pid_t child=0;
@@ -248,6 +255,13 @@ static int keyserver_spawn(int action,STRLIST list,u32 (*kidlist)[2],int count)
   IOBUF fromchild=NULL;
   int gotversion=0,madedir=0;
 
+#ifndef __MINGW32__
+  /* Don't allow to be setuid when we are going to create temporary
+     files or directories - yes, this is a bit paranoid */
+  if (getuid() != geteuid() )
+      BUG ();
+#endif
+
   /* Build the filename for the helper to execute */
 
   filename=m_alloc(strlen("gpgkeys_")+strlen(opt.keyserver_scheme)+1);
@@ -666,7 +680,8 @@ static int keyserver_spawn(int action,STRLIST list,u32 (*kidlist)[2],int count)
   return ret;
 }
 
-static int keyserver_work(int action,STRLIST list,u32 (*kidlist)[2],int count)
+static int 
+keyserver_work(int action,STRLIST list,u32 (*kidlist)[2],int count)
 {
   int rc=0;
 
@@ -732,12 +747,14 @@ static int keyserver_work(int action,STRLIST list,u32 (*kidlist)[2],int count)
   return 0;
 }
 
-int keyserver_export(STRLIST users)
+int 
+keyserver_export(STRLIST users)
 {
   return keyserver_work(SEND,users,NULL,0);
 }
 
-int keyserver_import(STRLIST users)
+int 
+keyserver_import(STRLIST users)
 {
   u32 (*kidlist)[2];
   int num=100,count=0;
@@ -779,7 +796,8 @@ int keyserver_import(STRLIST users)
   return rc;
 }
 
-int keyserver_import_keyid(u32 *keyid)
+int 
+keyserver_import_keyid(u32 *keyid)
 {
   STRLIST sl=NULL;
   char key[17];
@@ -797,7 +815,8 @@ int keyserver_import_keyid(u32 *keyid)
 }
 
 /* code mostly stolen from do_export_stream */
-static int keyidlist(STRLIST users,u32 (**kidlist)[2],int *count)
+static int 
+keyidlist(STRLIST users,u32 (**kidlist)[2],int *count)
 {
   int rc=0,ndesc,num=100;
   KBNODE keyblock=NULL,node;
@@ -873,7 +892,8 @@ static int keyidlist(STRLIST users,u32 (**kidlist)[2],int *count)
 /* Note this is different than the original HKP refresh.  It allows
    usernames to refresh only part of the keyring. */
 
-int keyserver_refresh(STRLIST users)
+int 
+keyserver_refresh(STRLIST users)
 {
   int rc;
   u32 (*kidlist)[2];
@@ -883,6 +903,12 @@ int keyserver_refresh(STRLIST users)
   if(rc)
     return rc;
 
+  /* fixme: this is is a problem: for Example in German you have 1
+     Schl�ssel, 2 Schl�ssel but 1 Auto, 2 Autos.  There is no
+     regularity in German (afaik); other languages have even more
+     complicates ways.  The latest gettext versions have some code to
+     cope with this, but I haven't looked into it.  The old suggestion
+     is to write 2 full strings and don't use %s */
   log_info(_("%d key%s to refresh\n"),count,count!=1?"s":"");
 
   if(count>0)
@@ -893,7 +919,8 @@ int keyserver_refresh(STRLIST users)
   return 0;
 }
 
-int keyserver_search(STRLIST tokens)
+int 
+keyserver_search(STRLIST tokens)
 {
   if(tokens)
     return keyserver_work(SEARCH,tokens,NULL,0);
@@ -903,7 +930,8 @@ int keyserver_search(STRLIST tokens)
 
 /* Count is just for cosmetics.  If it is too small, it will grow
    safely.  If it negative it disables the "Key x-y of z" messages. */
-void keyserver_search_prompt(IOBUF buffer,int count,const char *searchstr)
+void 
+keyserver_search_prompt(IOBUF buffer,int count,const char *searchstr)
 {
   int i=0,validcount=1;
   unsigned int maxlen=256,buflen=0;
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index 613c4737a..73e734e56 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -70,7 +70,7 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek )
     PKT_secret_key *sk = NULL;
     int rc;
 
-    rc = check_pubkey_algo( k->pubkey_algo );
+    rc = check_pubkey_algo2 (k->pubkey_algo, PUBKEY_USAGE_ENC);
     if( rc )
 	goto leave;