diff options
| author | Neal H. Walfield <[email protected]> | 2016-10-13 10:44:59 +0000 |
|---|---|---|
| committer | Neal H. Walfield <[email protected]> | 2016-10-13 10:44:59 +0000 |
| commit | 4c0389f8eb19ae7dfd9c5d784a629b386d93cc5c (patch) | |
| tree | de7bab354ce89648d13551ff6d7faac989760e0d /g10/tofu.c | |
| parent | g10: Still check if the key is an UTK or cross signed in batch mode. (diff) | |
| download | gnupg-4c0389f8eb19ae7dfd9c5d784a629b386d93cc5c.tar.gz gnupg-4c0389f8eb19ae7dfd9c5d784a629b386d93cc5c.zip | |
g10: Be more careful when checking cross signatures.
* g10/tofu.c (cross_sigs): When checking cross signatures, only
consider the signatures on the specified user id.
* tests/openpgp/tofu.scm: Add test for the above.
* tests/openpgp/tofu/cross-sigs/
1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg:
New file.
* tests/openpgp/tofu/cross-sigs/
1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt: New file.
* tests/openpgp/tofu/cross-sigs/
1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg: New file.
* tests/openpgp/tofu/cross-sigs/
1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt: New file.
* tests/openpgp/tofu/cross-sigs/
1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt: New file.
* tests/openpgp/tofu/cross-sigs/
1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg: New file.
* tests/openpgp/tofu/cross-sigs/
DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg: New file.
* tests/openpgp/tofu/cross-sigs/
DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt: New file.
* tests/openpgp/tofu/cross-sigs/
DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg: New file.
* tests/openpgp/tofu/cross-sigs/
DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt: New file.
* tests/openpgp/tofu/cross-sigs/
DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg: New file.
* tests/openpgp/tofu/cross-sigs/
DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt: New file.
* tests/openpgp/tofu/cross-sigs/
DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg: New file.
* tests/openpgp/tofu/cross-sigs/
DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg: New file.
* tests/openpgp/tofu/cross-sigs/README: New file.
--
Signed-off-by: Neal H. Walfield
Diffstat (limited to 'g10/tofu.c')
| -rw-r--r-- | g10/tofu.c | 28 |
1 files changed, 26 insertions, 2 deletions
diff --git a/g10/tofu.c b/g10/tofu.c index 8184c6f98..dcee6e70f 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -1211,7 +1211,7 @@ format_conflict_msg_part1 (int policy, strlist_t conflict_set, /* Return 1 if A signed B and B signed A. */ static int -cross_sigs (kbnode_t a, kbnode_t b) +cross_sigs (const char *email, kbnode_t a, kbnode_t b) { int i; @@ -1240,12 +1240,36 @@ cross_sigs (kbnode_t a, kbnode_t b) u32 *signer_kid = pk_main_keyid (signer_pk); kbnode_t n; + int saw_email = 0; + /* Iterate over SIGNEE's keyblock and see if there is a valid signature from SIGNER. */ for (n = signee; n; n = n->next) { PKT_signature *sig; + if (n->pkt->pkttype == PKT_USER_ID) + { + if (saw_email) + /* We're done: we've processed all signatures on the + user id. */ + break; + else + { + /* See if this is the matching user id. */ + PKT_user_id *user_id = n->pkt->pkt.user_id; + char *email2 = email_from_user_id (user_id->name); + + if (strcmp (email, email2) == 0) + saw_email = 1; + + xfree (email2); + } + } + + if (! saw_email) + continue; + if (n->pkt->pkttype != PKT_SIGNATURE) continue; @@ -1974,7 +1998,7 @@ build_conflict_set (tofu_dbs_t dbs, const char *fingerprint, const char *email) for (j = i + 1; j < conflict_set_count; j ++) /* Be careful: we might not have a key block for a key. */ - if (kb_all[i] && kb_all[j] && cross_sigs (kb_all[i], kb_all[j])) + if (kb_all[i] && kb_all[j] && cross_sigs (email, kb_all[i], kb_all[j])) die[j] = 1; } |