diff options
| author | David Shaw <[email protected]> | 2006-03-14 03:16:21 +0000 |
|---|---|---|
| committer | David Shaw <[email protected]> | 2006-03-14 03:16:21 +0000 |
| commit | 9f524c4a040db97382cf3523bf53a422cf1eaa8e (patch) | |
| tree | f0f56504decd6239d1624d7f6967f2beb6772048 /g10/keyserver.c | |
| parent | * keyserver-internal.h, keyserver.c (keyserver_spawn, keyserver_work, (diff) | |
| download | gnupg-9f524c4a040db97382cf3523bf53a422cf1eaa8e.tar.gz gnupg-9f524c4a040db97382cf3523bf53a422cf1eaa8e.zip | |
* keyserver-internal.h, keyserver.c (keyserver_import_pka): Use the
same API as the other auto-key-locate fetchers.
* getkey.c (get_pubkey_byname): Use the fingerprint of the key that we
actually fetched. This helps prevent problems where the key that we
fetched doesn't have the same name that we used to fetch it. In the
case of CERT and PKA, this is an actual security requirement as the
URL might point to a key put in by an attacker. By forcing the use of
the fingerprint, we won't use the attacker's key here.
Diffstat (limited to '')
| -rw-r--r-- | g10/keyserver.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/g10/keyserver.c b/g10/keyserver.c index b4a8c14ac..31037c01d 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -2036,24 +2036,30 @@ keyserver_import_cert(const char *name,unsigned char **fpr,size_t *fpr_len) /* Import key pointed to by a PKA record. Return the requested fingerprint in fpr. */ int -keyserver_import_pka(const char *name,unsigned char *fpr) +keyserver_import_pka(const char *name,unsigned char **fpr,size_t *fpr_len) { char *uri; int rc=-1; - uri = get_pka_info (name, fpr); + *fpr=xmalloc(20); + *fpr_len=20; + + uri = get_pka_info (name, *fpr); if (uri) { struct keyserver_spec *spec; spec = parse_keyserver_uri (uri, 1, NULL, 0); if (spec) { - rc=keyserver_import_fprint (fpr, 20, spec); + rc=keyserver_import_fprint (*fpr, 20, spec); free_keyserver_spec (spec); } xfree (uri); } + if(rc!=0) + xfree(*fpr); + return rc; } |