From d038b36c8f814e518c64b608b51a551186c5440e Mon Sep 17 00:00:00 2001
From: David Shaw <dshaw@jabberwocky.com>
Date: Tue, 21 Feb 2006 22:23:35 +0000
Subject: * getkey.c (get_pubkey_byname): Fix minor security problem with PKA
 when importing at -r time.  The URL in the PKA record may point to a key put
 in by an attacker.  Fix is to use the fingerprint from the PKA record as the
 recipient.  This ensures that the PKA record is followed.

* keyserver-internal.h, keyserver.c (keyserver_import_pka): Return the
fingerprint we requested.
---
 g10/keyserver.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'g10/keyserver.c')

diff --git a/g10/keyserver.c b/g10/keyserver.c
index 240ea99e6..6eef109e4 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -1979,12 +1979,11 @@ keyserver_import_cert(const char *name)
 
 /* Import key pointed to by a PKA record */
 int
-keyserver_import_pka(const char *name)
+keyserver_import_pka(const char *name,unsigned char *fpr)
 {
-  unsigned char fpr[MAX_FINGERPRINT_LEN];
   char *uri;
   int rc=-1;
-      
+
   uri = get_pka_info (name, fpr);
   if (uri)
     {
-- 
cgit v1.2.3