From c6e2ee020784de63edfa83c76095e086eae49eef Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 4 Dec 2018 15:43:19 +0100
Subject: gpg: Prepare revocation keys for use with v5 keys.

* g10/packet.h (struct revocation_key): Add field 'fprlen'.
* g10/parse-packet.c (parse_revkeys): Set fprlen and allow for v5
keys.  Also fix reading of unitialized data at place where
MAX_FINGERPRINT_LEN is used.
* g10/revoke.c (gen_desig_revoke): Allow for v5 keys and use fprlen.
Do an explicit compare to avoid reading unitialized data.
* g10/sig-check.c (check_revocation_keys): Use the fprlen.
* g10/getkey.c (merge_selfsigs_main): Do an explicit copy to avoid
reading unitialized data.
* g10/import.c (revocation_present): Use fprlen.
* g10/keyedit.c (show_key_with_all_names): Use fprlen.
(menu_addrevoker): Use fprlen.  Allow for v5 keys.
* g10/keygen.c (keygen_add_revkey): Use fprlen.
(parse_revocation_key): Allow for v5 keys.
* g10/keyid.c (keyid_from_fingerprint): Allow for v5 keys.  Print a
better error message in case of bogus fingerprints.
* g10/keylist.c (print_revokers): Use fprlen.
--

The reading of uninitialized data is harmless but we better fix it to
make valgrind happy.  More serious was that we always passed
MAX_FINGERPRINT_LEN but we will need to support 20 and 32 octet
fingerprints and MAX_FINGERPRINT_LEN would be too large for a v4.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 g10/keyedit.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'g10/keyedit.c')

diff --git a/g10/keyedit.c b/g10/keyedit.c
index 9716ed9d6..63a54fa21 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -3524,7 +3524,7 @@ show_key_with_all_names (ctrl_t ctrl, estream_t fp,
 
 		    algo = gcry_pk_algo_name (pk->revkey[i].algid);
 		    keyid_from_fingerprint (ctrl, pk->revkey[i].fpr,
-					    MAX_FINGERPRINT_LEN, r_keyid);
+					    pk->revkey[i].fprlen, r_keyid);
 
 		    user = get_user_id_string_native (ctrl, r_keyid);
 		    tty_fprintf (fp,
@@ -4309,13 +4309,14 @@ menu_addrevoker (ctrl_t ctrl, kbnode_t pub_keyblock, int sensitive)
       xfree (answer);
 
       fingerprint_from_pk (revoker_pk, revkey.fpr, &fprlen);
-      if (fprlen != 20)
+      if (fprlen != 20 && fprlen != 32)
 	{
 	  log_error (_("cannot appoint a PGP 2.x style key as a "
 		       "designated revoker\n"));
 	  continue;
 	}
 
+      revkey.fprlen = fprlen;
       revkey.class = 0x80;
       if (sensitive)
 	revkey.class |= 0x40;
-- 
cgit v1.2.3