From b1e5f3b183104a58d71821b7dbe44244d1c3f87f Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 29 Sep 2022 09:43:11 +0200
Subject: core: Fix SIG_CREATED status parsing for 0x1F sigs

* src/sign.c (parse_sig_created): Special case the rfc4880 "1F" status.
--

This has always been wrong but we can't simply force strtol to assume
hex.  Patch compiles but has received no specific test.  For details
see
GnuPG-bug-id: 6223
---
 src/sign.c | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'src/sign.c')

diff --git a/src/sign.c b/src/sign.c
index 31081aea..31db9bde 100644
--- a/src/sign.c
+++ b/src/sign.c
@@ -251,7 +251,16 @@ parse_sig_created (char *args, gpgme_new_signature_t *sigp,
     }
   args = tail;
 
+  /* strtol has been used wrongly here.  We can't change this anymore
+   * but we now take care of the 0x1f class which would otherwise let
+   * us run into an error.  */
   sig->sig_class = strtol (args, &tail, 0);
+  if (!errno && args != tail && sig->sig_class == 1
+      && (*tail == 'F' || *tail == 'f'))
+    {
+      tail++;
+      sig->sig_class = 131; /* Arbitrary unused value in rfc4880. */
+    }
   sig->class = sig->sig_class;
   sig->_obsolete_class = sig->sig_class;
   if (errno || args == tail || *tail != ' ')
-- 
cgit v1.2.3