Fix returning new signatures when there are none.
* src/sign.c (gpgme_op_sign_result): Test that invalid and valid signatures add up to gpgme_signers_count(). -- When invalid and valid signatures do not equal gpgme_signers_count() it means that there was a bad passphrase during signing after the first signer. This leaves the result.signatures from previous signers intact which isn't correct since gpg will report: gpg: number of one-pass packets does not match number of signature packets gpg: can't handle this ambiguous signature data during verify. So when this happens append the valid signatures to the .invalid_signers list with .reason set to GPG_ERR_GENERAL.
This commit is contained in:
Ben Kibbey
Werner Koch
parent
a9ae0d1428
commit
5942b0c7e0
62
src/sign.c
62
src/sign.c
@ -54,12 +54,22 @@ typedef struct
|
|||||||
} *op_data_t;
|
} *op_data_t;
|
||||||
|
|
||||||
|
|
||||||
|
static void release_signatures (gpgme_new_signature_t sig)
|
||||||
|
{
|
||||||
|
while (sig)
|
||||||
|
{
|
||||||
|
gpgme_new_signature_t next = sig->next;
|
||||||
|
free (sig->fpr);
|
||||||
|
free (sig);
|
||||||
|
sig = next;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
release_op_data (void *hook)
|
release_op_data (void *hook)
|
||||||
{
|
{
|
||||||
op_data_t opd = (op_data_t) hook;
|
op_data_t opd = (op_data_t) hook;
|
||||||
gpgme_invalid_key_t invalid_signer = opd->result.invalid_signers;
|
gpgme_invalid_key_t invalid_signer = opd->result.invalid_signers;
|
||||||
gpgme_new_signature_t sig = opd->result.signatures;
|
|
||||||
|
|
||||||
while (invalid_signer)
|
while (invalid_signer)
|
||||||
{
|
{
|
||||||
@ -70,13 +80,7 @@ release_op_data (void *hook)
|
|||||||
invalid_signer = next;
|
invalid_signer = next;
|
||||||
}
|
}
|
||||||
|
|
||||||
while (sig)
|
release_signatures (opd->result.signatures);
|
||||||
{
|
|
||||||
gpgme_new_signature_t next = sig->next;
|
|
||||||
free (sig->fpr);
|
|
||||||
free (sig);
|
|
||||||
sig = next;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -115,6 +119,48 @@ gpgme_op_sign_result (gpgme_ctx_t ctx)
|
|||||||
sig = sig->next;
|
sig = sig->next;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (gpgme_signers_count (ctx)
|
||||||
|
&& signatures + inv_signers != gpgme_signers_count (ctx))
|
||||||
|
{
|
||||||
|
TRACE_LOG3 ("result: invalid signers: %i, signatures: %i, count: %i",
|
||||||
|
inv_signers, signatures, gpgme_signers_count (ctx));
|
||||||
|
|
||||||
|
sig = opd->result.signatures;
|
||||||
|
while (sig)
|
||||||
|
{
|
||||||
|
gpgme_invalid_key_t key;
|
||||||
|
|
||||||
|
key = malloc (sizeof (*key));
|
||||||
|
key->fpr = strdup (sig->fpr);
|
||||||
|
key->reason = GPG_ERR_GENERAL;
|
||||||
|
key->next = NULL;
|
||||||
|
|
||||||
|
inv_key = opd->result.invalid_signers;
|
||||||
|
if (!inv_key)
|
||||||
|
{
|
||||||
|
opd->result.invalid_signers = inv_key = key;
|
||||||
|
sig = sig->next;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
while (inv_key)
|
||||||
|
{
|
||||||
|
if (!inv_key->next)
|
||||||
|
{
|
||||||
|
inv_key->next = key;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
inv_key = inv_key->next;
|
||||||
|
}
|
||||||
|
|
||||||
|
sig = sig->next;
|
||||||
|
}
|
||||||
|
|
||||||
|
release_signatures (opd->result.signatures);
|
||||||
|
opd->result.signatures = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
TRACE_LOG2 ("result: invalid signers: %i, signatures: %i",
|
TRACE_LOG2 ("result: invalid signers: %i, signatures: %i",
|
||||||
inv_signers, signatures);
|
inv_signers, signatures);
|
||||||
inv_key = opd->result.invalid_signers;
|
inv_key = opd->result.invalid_signers;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user