diff options
| author | Werner Koch <[email protected]> | 2015-10-01 15:59:03 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2015-10-01 15:59:22 +0000 |
| commit | 2acceba5cc299796c7b5b1851a9baeb75d9f32a1 (patch) | |
| tree | b33ee9a297a5e858abc0691a25d8e3f36855cf84 | |
| parent | gpg: Print more info with "check selfsig". (diff) | |
| download | gnupg-2acceba5cc299796c7b5b1851a9baeb75d9f32a1.tar.gz gnupg-2acceba5cc299796c7b5b1851a9baeb75d9f32a1.zip | |
gpg: Fix a practical hang after use of --faked-system-time.
* g10/sign.c (update_keysig_packet): Bail out if we would need to long
for a new timestamp.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to '')
| -rw-r--r-- | g10/packet.h | 2 | ||||
| -rw-r--r-- | g10/sign.c | 23 |
2 files changed, 17 insertions, 8 deletions
diff --git a/g10/packet.h b/g10/packet.h index 1906ec590..eb7da7520 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -663,7 +663,7 @@ int make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk, int (*mksubpkt)(PKT_signature *, void *), void *opaque, const char *cache_nonce); -int update_keysig_packet( PKT_signature **ret_sig, +gpg_error_t update_keysig_packet (PKT_signature **ret_sig, PKT_signature *orig_sig, PKT_public_key *pk, PKT_user_id *uid, diff --git a/g10/sign.c b/g10/sign.c index 4a30f1e16..782b9fcfa 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -1477,7 +1477,7 @@ make_keysig_packet (PKT_signature **ret_sig, PKT_public_key *pk, * * TODO: Merge this with make_keysig_packet. */ -int +gpg_error_t update_keysig_packet( PKT_signature **ret_sig, PKT_signature *orig_sig, PKT_public_key *pk, @@ -1488,7 +1488,7 @@ update_keysig_packet( PKT_signature **ret_sig, void *opaque) { PKT_signature *sig; - int rc = 0; + gpg_error_t rc = 0; int digest_algo; gcry_md_hd_t md; @@ -1524,11 +1524,19 @@ update_keysig_packet( PKT_signature **ret_sig, /* ... but we won't make a timestamp earlier than the existing one. */ - while(sig->timestamp<=orig_sig->timestamp) - { - gnupg_sleep (1); - sig->timestamp=make_timestamp(); - } + { + int tmout = 0; + while(sig->timestamp<=orig_sig->timestamp) + { + if (++tmout > 5 && !opt.ignore_time_conflict) + { + rc = gpg_error (GPG_ERR_TIME_CONFLICT); + goto leave; + } + gnupg_sleep (1); + sig->timestamp=make_timestamp(); + } + } /* Note that already expired sigs will remain expired (with a duration of 1) since build-packet.c:build_sig_subpkt_from_sig @@ -1550,6 +1558,7 @@ update_keysig_packet( PKT_signature **ret_sig, rc = complete_sig (sig, pksk, md, NULL); } + leave: gcry_md_close (md); if( rc ) free_seckey_enc (sig); |