* getkey.c (get_pubkey_byname): Fix minor security problem with PKA when

importing at -r time. The URL in the PKA record may point to a key put in by an attacker. Fix is to use the fingerprint from the PKA record as the recipient. This ensures that the PKA record is followed. * keyserver-internal.h, keyserver.c (keyserver_import_pka): Return the fingerprint we requested.
author: David Shaw <[email protected]> 2006-02-21 22:23:35 +0000
committer: David Shaw <[email protected]> 2006-02-21 22:23:35 +0000
commit: d038b36c8f814e518c64b608b51a551186c5440e (patch)
tree: 4a33646bcd060d9b5b1ee31cfa90b44a220e87b5 /g10/keyserver.c
parent: * curl-shim.h, curl-shim.c (curl_easy_init, curl_easy_setopt, (diff)
download: gnupg-d038b36c8f814e518c64b608b51a551186c5440e.tar.gz
gnupg-d038b36c8f814e518c64b608b51a551186c5440e.zip
1 files changed, 2 insertions, 3 deletions
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 240ea99e6..6eef109e4 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -1979,12 +1979,11 @@ keyserver_import_cert(const char *name)
 
 /* Import key pointed to by a PKA record */
 int
-keyserver_import_pka(const char *name)
+keyserver_import_pka(const char *name,unsigned char *fpr)
 {
-  unsigned char fpr[MAX_FINGERPRINT_LEN];
   char *uri;
   int rc=-1;
-      
+
   uri = get_pka_info (name, fpr);
   if (uri)
     {
author	David Shaw <[email protected]>	2006-02-21 22:23:35 +0000
committer	David Shaw <[email protected]>	2006-02-21 22:23:35 +0000
commit	d038b36c8f814e518c64b608b51a551186c5440e (patch)
tree	4a33646bcd060d9b5b1ee31cfa90b44a220e87b5 /g10/keyserver.c
parent	* curl-shim.h, curl-shim.c (curl_easy_init, curl_easy_setopt, (diff)
download	gnupg-d038b36c8f814e518c64b608b51a551186c5440e.tar.gz gnupg-d038b36c8f814e518c64b608b51a551186c5440e.zip