diff options
| author | Werner Koch <[email protected]> | 2017-10-18 11:55:56 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2017-10-18 11:56:12 +0000 |
| commit | 18e5946aef458cd95fdce4a04e144747b52b0472 (patch) | |
| tree | 85ae440593a083f33ebb3977c24aa04b76c23ff0 /g10/tofu.c | |
| parent | gpg,sm: New option --with-key-screening. (diff) | |
| download | gnupg-18e5946aef458cd95fdce4a04e144747b52b0472.tar.gz gnupg-18e5946aef458cd95fdce4a04e144747b52b0472.zip | |
gpg: Fix wrong Tofu DB consistency check.
* g10/tofu.c (build_conflict_set): Do not assume MAX_FINGERPRINT_LEN
is the size of the fingerprint.
--
This problem was exhibited by
commit ecbbafb88d920e713439b6b1b8e1b41a6f8d0e38.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'g10/tofu.c')
| -rw-r--r-- | g10/tofu.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/g10/tofu.c b/g10/tofu.c index ddd7f8cae..e63e98932 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -2083,13 +2083,16 @@ build_conflict_set (ctrl_t ctrl, tofu_dbs_t dbs, * policy to ask due to a conflict. */ for (iter = conflict_set; iter; iter = iter->next) { + /* Fixme: Why the check against N+1? */ int l = strlen (iter->d); - if (!(l == 2 * MAX_FINGERPRINT_LEN - || l == 2 * MAX_FINGERPRINT_LEN + 1)) + if (!(l == 2 * 20 + || l == 2 * 20 + 1 + || l == 2 * 32 + || l == 2 * 32 + 1)) { log_error (_("TOFU db corruption detected.\n")); - print_further_info ("fingerprint '%s' is not %d characters long", - iter->d, 2 * MAX_FINGERPRINT_LEN); + print_further_info ("fingerprint '%s' is %d characters long", + iter->d, l); } if (l >= 1 && iter->d[l - 1] == '!') |