* keygen.c (write_selfsigs): Rename from write_selfsig. Write the same

selfsig into both the pk and sk, so that someone importing their sk (which
will get an autoconvert to the pk) won't end up with two selfsigs.
(do_generate_keypair): Call it from here.

* parse-packet.c (can_handle_critical_notation): New.  Check for
particular notation tags that we will accept when critical. Currently,
that's only [email protected], since we know how to handle
it (pass it through to a mail program). (can_handle_critical): Call it
from here. (parse_one_sig_subpkt): Sanity check that notations are
well-formed in that the internal lengths add up to the size of the
subpacket.

3 files changed, 52 insertions, 19 deletions

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 04bac2be0..c9492c2c4 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,20 @@
+2005-05-11  David Shaw  <[email protected]>
+
+	* keygen.c (write_selfsigs): Rename from write_selfsig.  Write the
+	same selfsig into both the pk and sk, so that someone importing
+	their sk (which will get an autoconvert to the pk) won't end up
+	with two selfsigs.
+	(do_generate_keypair): Call it from here.
+
+	* parse-packet.c (can_handle_critical_notation): New.  Check for
+	particular notation tags that we will accept when critical.
+	Currently, that's only [email protected], since we
+	know how to handle it (pass it through to a mail program).
+	(can_handle_critical): Call it from here.
+	(parse_one_sig_subpkt): Sanity check that notations are
+	well-formed in that the internal lengths add up to the size of the
+	subpacket.
+
 2005-05-07  Werner Koch  <[email protected]>
 
 	* ccid-driver.c (do_close_reader): Don't do a reset before close.
diff --git a/g10/keygen.c b/g10/keygen.c
index d22dde75f..c4b9dab8f 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -882,8 +882,8 @@ write_direct_sig( KBNODE root, KBNODE pub_root, PKT_secret_key *sk,
 }
 
 static int
-write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_key *sk,
-               unsigned int use )
+write_selfsigs( KBNODE sec_root, KBNODE pub_root, PKT_secret_key *sk,
+		unsigned int use )
 {
     PACKET *pkt;
     PKT_signature *sig;
@@ -896,7 +896,7 @@ write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_key *sk,
 	log_info(_("writing self signature\n"));
 
     /* get the uid packet from the list */
-    node = find_kbnode( root, PKT_USER_ID );
+    node = find_kbnode( pub_root, PKT_USER_ID );
     if( !node )
 	BUG(); /* no user id packet in tree */
     uid = node->pkt->pkt.user_id;
@@ -921,7 +921,12 @@ write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_key *sk,
     pkt = m_alloc_clear( sizeof *pkt );
     pkt->pkttype = PKT_SIGNATURE;
     pkt->pkt.signature = sig;
-    add_kbnode( root, new_kbnode( pkt ) );
+    add_kbnode( sec_root, new_kbnode( pkt ) );
+
+    pkt = m_alloc_clear( sizeof *pkt );
+    pkt->pkttype = PKT_SIGNATURE;
+    pkt->pkt.signature = copy_signature(NULL,sig);
+    add_kbnode( pub_root, new_kbnode( pkt ) );
     return rc;
 }
 
@@ -2848,17 +2853,16 @@ do_generate_keypair( struct para_data_s *para,
 	  write_direct_sig(sec_root,pub_root,pri_sk,revkey);
       }
 
-    if( !rc && (s=get_parameter_value(para, pUSERID)) ) {
+    if( !rc && (s=get_parameter_value(para, pUSERID)) )
+      {
 	write_uid(pub_root, s );
 	if( !rc )
-	    write_uid(sec_root, s );
-	if( !rc )
-	    rc = write_selfsig(pub_root, pub_root, pri_sk,
-                               get_parameter_uint (para, pKEYUSAGE));
+	  write_uid(sec_root, s );
+
 	if( !rc )
-	    rc = write_selfsig(sec_root, pub_root, pri_sk,
-                               get_parameter_uint (para, pKEYUSAGE));
-    }
+	  rc = write_selfsigs(sec_root, pub_root, pri_sk,
+			      get_parameter_uint (para, pKEYUSAGE));
+      }
 
     /* Write the auth key to the card before the encryption key.  This
        is a partial workaround for a PGP bug (as of this writing, all
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index fde96c476..71d3d2fba 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -1,6 +1,6 @@
 /* parse-packet.c  - read packets
- * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
- *               2004, 2005 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+ *               2005 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -1016,7 +1016,10 @@ parse_one_sig_subpkt( const byte *buffer, size_t n, int type )
 	break;
       return 0;
     case SIGSUBPKT_NOTATION:
-      if( n < 8 ) /* minimum length needed */
+      /* minimum length needed, and the subpacket must be well-formed
+	 where the name length and value length all fit inside the
+	 packet. */
+      if(n<8 || 8+((buffer[4]<<8)|buffer[5])+((buffer[6]<<8)|buffer[7]) != n)
 	break;
       return 0;
     case SIGSUBPKT_PRIMARY_UID:
@@ -1032,6 +1035,15 @@ parse_one_sig_subpkt( const byte *buffer, size_t n, int type )
   return -2;
 }
 
+/* Not many critical notations we understand yet... */
+static int
+can_handle_critical_notation(const byte *name,size_t len)
+{
+  if(len==32 && memcmp(name,"[email protected]",32)==0)
+    return 1;
+
+  return 0;
+}
 
 static int
 can_handle_critical( const byte *buffer, size_t n, int type )
@@ -1039,10 +1051,10 @@ can_handle_critical( const byte *buffer, size_t n, int type )
   switch( type )
     {
     case SIGSUBPKT_NOTATION:
-      if( n >= 8 && (*buffer & 0x80) )
-	return 1; /* human readable is handled */
-      return 0;
-
+      if(n>=8)
+	return can_handle_critical_notation(buffer+8,(buffer[4]<<8)|buffer[5]);
+      else
+	return 0;
     case SIGSUBPKT_SIGNATURE:
     case SIGSUBPKT_SIG_CREATED:
     case SIGSUBPKT_SIG_EXPIRE: