diff options
Diffstat (limited to '')
| -rw-r--r-- | g10/ChangeLog | 26 | ||||
| -rw-r--r-- | g10/gpg.c | 19 | ||||
| -rw-r--r-- | g10/mainproc.c | 62 | ||||
| -rw-r--r-- | g10/options.h | 4 | ||||
| -rw-r--r-- | g10/status.c | 1 | ||||
| -rw-r--r-- | g10/status.h | 2 |
6 files changed, 93 insertions, 21 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index bf8c92cec..c75dd7181 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,29 @@ +2007-03-01 David Shaw <[email protected]> + + * options.h, gpg.c (main), mainproc.c (check_sig_and_print): Allow + multiple sig verification again as this is protected via the + multiple-messages code. + +2007-02-26 Werner Koch <[email protected]> + + * gpg.c (main): Add verify option show-primary-uid-only. + * options.h (VERIFY_SHOW_PRIMARY_UID_ONLY): New. + * mainproc.c (check_sig_and_print): Implement it. + + * status.h (STATUS_ERROR): New status code. + * status.c (get_status_string): Ditto. + * mainproc.c (proc_plaintext): Emit it if multiple messages are + detected. + +2007-02-20 David Shaw <[email protected]> + + * mainproc.c (literals_seen): New. + (proc_plaintext): Error out if more than one plaintext packet is + encountered + + * options.h, gpg.c: New option --allow-multiple-messages and --no + variant. + 2007-02-13 David Shaw <[email protected]> * parse-packet.c (parse_signature): It's hex. @@ -367,6 +367,8 @@ enum cmd_and_opt_values oAllowMultisigVerification, oEnableDSA2, oDisableDSA2, + oAllowMultipleMessages, + oNoAllowMultipleMessages, oNoop }; @@ -710,6 +712,8 @@ static ARGPARSE_OPTS opts[] = { { oAllowMultisigVerification, "allow-multisig-verification", 0, "@"}, { oEnableDSA2, "enable-dsa2", 0, "@"}, { oDisableDSA2, "disable-dsa2", 0, "@"}, + { oAllowMultipleMessages, "allow-multiple-messages", 0, "@"}, + { oNoAllowMultipleMessages, "no-allow-multiple-messages", 0, "@"}, /* These two are aliases to help users of the PGP command line product use gpg with minimal pain. Many commands are common @@ -2581,6 +2585,8 @@ main (int argc, char **argv ) N_("show user ID validity during signature verification")}, {"show-unusable-uids",VERIFY_SHOW_UNUSABLE_UIDS,NULL, N_("show revoked and expired user IDs in signature verification")}, + {"show-primary-uid-only",VERIFY_SHOW_PRIMARY_UID_ONLY,NULL, + N_("show only the primary user ID in signature verification")}, {"pka-lookups",VERIFY_PKA_LOOKUPS,NULL, N_("validate signatures with PKA data")}, {"pka-trust-increase",VERIFY_PKA_TRUST_INCREASE,NULL, @@ -2774,13 +2780,18 @@ main (int argc, char **argv ) release_akl(); break; - case oAllowMultisigVerification: - opt.allow_multisig_verification = 1; - break; - case oEnableDSA2: opt.flags.dsa2=1; break; case oDisableDSA2: opt.flags.dsa2=0; break; + case oAllowMultisigVerification: + case oAllowMultipleMessages: + opt.flags.allow_multiple_messages=1; + break; + + case oNoAllowMultipleMessages: + opt.flags.allow_multiple_messages=0; + break; + case oNoop: break; default : pargs.err = configfp? 1:2; break; diff --git a/g10/mainproc.c b/g10/mainproc.c index cb4432a44..a1913864c 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -84,10 +84,9 @@ struct mainproc_context static int do_proc_packets( CTX c, IOBUF a ); - static void list_node( CTX c, KBNODE node ); static void proc_tree( CTX c, KBNODE node ); - +static int literals_seen; static void release_list( CTX c ) @@ -619,6 +618,8 @@ proc_plaintext( CTX c, PACKET *pkt ) int any, clearsig, only_md5, rc; KBNODE n; + literals_seen++; + if( pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8 ) ) log_info(_("NOTE: sender requested \"for-your-eyes-only\"\n")); else if( opt.verbose ) @@ -702,16 +703,37 @@ proc_plaintext( CTX c, PACKET *pkt ) if ( c->mfx.md2 ) md_start_debug( c->mfx.md2, "verify2" ); } - if ( c->pipemode.op == 'B' ) - rc = handle_plaintext( pt, &c->mfx, 1, 0 ); - else { - rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig ); - if( rc == G10ERR_CREATE_FILE && !c->sigs_only) { - /* can't write output but we hash it anyway to - * check the signature */ - rc = handle_plaintext( pt, &c->mfx, 1, clearsig ); - } - } + + rc=0; + + if(literals_seen>1) + { + log_info(_("WARNING: multiple plaintexts seen\n")); + + if(!opt.flags.allow_multiple_messages) + { + write_status_text (STATUS_ERROR, "proc_pkt.plaintext 89_BAD_DATA"); + log_inc_errorcount(); + rc=G10ERR_UNEXPECTED; + } + } + + if(!rc) + { + if ( c->pipemode.op == 'B' ) + rc = handle_plaintext( pt, &c->mfx, 1, 0 ); + else + { + rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig ); + if( rc == G10ERR_CREATE_FILE && !c->sigs_only) + { + /* can't write output but we hash it anyway to + * check the signature */ + rc = handle_plaintext( pt, &c->mfx, 1, clearsig ); + } + } + } + if( rc ) log_error( "handle plaintext failed: %s\n", g10_errstr(rc)); free_packet(pkt); @@ -1478,8 +1500,17 @@ check_sig_and_print( CTX c, KBNODE node ) n_sig++; if (!n_sig) goto ambiguous; - if (n && !opt.allow_multisig_verification) - goto ambiguous; + + /* If we wanted to disallow multiple sig verification, we'd do + something like this: + + if (n && !opt.allow_multisig_verification) + goto ambiguous; + + However, now that we have --allow-multiple-messages, this + can stay allowable as we can't get here unless multiple + messages (i.e. multiple literals) are allowed. */ + if (n_onepass != n_sig) { log_info ("number of one-pass packets does not match " @@ -1737,7 +1768,8 @@ check_sig_and_print( CTX c, KBNODE node ) /* If we have a good signature and already printed * the primary user ID, print all the other user IDs */ - if ( count && !rc ) { + if ( count && !rc + && !(opt.verify_options&VERIFY_SHOW_PRIMARY_UID_ONLY) ) { char *p; for( un=keyblock; un; un = un->next ) { if( un->pkt->pkttype != PKT_USER_ID ) diff --git a/g10/options.h b/g10/options.h index 8f866e2ad..c5f0f22d2 100644 --- a/g10/options.h +++ b/g10/options.h @@ -226,6 +226,7 @@ struct unsigned int use_embedded_filename:1; unsigned int utf8_filename:1; unsigned int dsa2:1; + unsigned int allow_multiple_messages:1; } flags; /* Linked list of ways to find a key if the key isn't on the local @@ -237,8 +238,6 @@ struct struct akl *next; } *auto_key_locate; - /* True if multiple concatenated signatures may be verified. */ - int allow_multisig_verification; int passwd_repeat; } opt; @@ -324,6 +323,7 @@ struct { #define VERIFY_SHOW_UNUSABLE_UIDS (1<<6) #define VERIFY_PKA_LOOKUPS (1<<7) #define VERIFY_PKA_TRUST_INCREASE (1<<8) +#define VERIFY_SHOW_PRIMARY_UID_ONLY (1<<9) #define KEYSERVER_USE_TEMP_FILES (1<<0) #define KEYSERVER_KEEP_TEMP_FILES (1<<1) diff --git a/g10/status.c b/g10/status.c index 204482008..627f41f73 100644 --- a/g10/status.c +++ b/g10/status.c @@ -166,6 +166,7 @@ get_status_string ( int no ) case STATUS_PKA_TRUST_BAD : s = "PKA_TRUST_BAD"; break; case STATUS_PKA_TRUST_GOOD : s = "PKA_TRUST_GOOD"; break; case STATUS_BEGIN_SIGNING : s = "BEGIN_SIGNING"; break; + case STATUS_ERROR : s = "ERROR"; break; default: s = "?"; break; } return s; diff --git a/g10/status.h b/g10/status.h index bc7271dc9..52f6b2081 100644 --- a/g10/status.h +++ b/g10/status.h @@ -120,6 +120,8 @@ #define STATUS_BEGIN_SIGNING 84 +#define STATUS_ERROR 85 + /*-- status.c --*/ void set_status_fd ( int fd ); |