From d038b36c8f814e518c64b608b51a551186c5440e Mon Sep 17 00:00:00 2001
From: David Shaw <dshaw@jabberwocky.com>
Date: Tue, 21 Feb 2006 22:23:35 +0000
Subject: * getkey.c (get_pubkey_byname): Fix minor security problem with PKA
 when importing at -r time.  The URL in the PKA record may point to a key put
 in by an attacker.  Fix is to use the fingerprint from the PKA record as the
 recipient.  This ensures that the PKA record is followed.

* keyserver-internal.h, keyserver.c (keyserver_import_pka): Return the
fingerprint we requested.
---
 g10/keyserver-internal.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'g10/keyserver-internal.h')

diff --git a/g10/keyserver-internal.h b/g10/keyserver-internal.h
index 48cb1ea4f..856f3f3ee 100644
--- a/g10/keyserver-internal.h
+++ b/g10/keyserver-internal.h
@@ -42,7 +42,7 @@ int keyserver_refresh(STRLIST users);
 int keyserver_search(STRLIST tokens);
 int keyserver_fetch(STRLIST urilist);
 int keyserver_import_cert(const char *name);
-int keyserver_import_pka(const char *name);
+int keyserver_import_pka(const char *name,unsigned char *fpr);
 int keyserver_import_name(const char *name);
 int keyserver_import_ldap(const char *name);
 
-- 
cgit v1.2.3