From b1e5f3b183104a58d71821b7dbe44244d1c3f87f Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 29 Sep 2022 09:43:11 +0200 Subject: [PATCH] core: Fix SIG_CREATED status parsing for 0x1F sigs * src/sign.c (parse_sig_created): Special case the rfc4880 "1F" status. -- This has always been wrong but we can't simply force strtol to assume hex. Patch compiles but has received no specific test. For details see GnuPG-bug-id: 6223 --- doc/gpgme.texi | 3 ++- src/sign.c | 9 +++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/doc/gpgme.texi b/doc/gpgme.texi index 7f178158..a616e335 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -6265,7 +6265,8 @@ The public key algorithm used to create this signature. The hash algorithm used to create this signature. @item unsigned int sig_class -The signature class of this signature. +The signature class of this signature. Note that only the values 0, +1, and 2 are well-defined. @item long int timestamp The creation timestamp of this signature. diff --git a/src/sign.c b/src/sign.c index 31081aea..31db9bde 100644 --- a/src/sign.c +++ b/src/sign.c @@ -251,7 +251,16 @@ parse_sig_created (char *args, gpgme_new_signature_t *sigp, } args = tail; + /* strtol has been used wrongly here. We can't change this anymore + * but we now take care of the 0x1f class which would otherwise let + * us run into an error. */ sig->sig_class = strtol (args, &tail, 0); + if (!errno && args != tail && sig->sig_class == 1 + && (*tail == 'F' || *tail == 'f')) + { + tail++; + sig->sig_class = 131; /* Arbitrary unused value in rfc4880. */ + } sig->class = sig->sig_class; sig->_obsolete_class = sig->sig_class; if (errno || args == tail || *tail != ' ')