Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Alexander_Naumov:SLE-12:Update
gpg2.11996
0001-gpg-Make-screening-of-keyserver-result-wor...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-gpg-Make-screening-of-keyserver-result-work-with-mul.patch of Package gpg2.11996
From 044847a0e2013a2833605c1a9f80cfa6ef353309 Mon Sep 17 00:00:00 2001 From: Werner Koch <wk@gnupg.org> Date: Wed, 25 Jun 2014 14:33:34 +0200 Subject: [PATCH] gpg: Make screening of keyserver result work with multi-key commands. * g10/keyserver.c (ks_retrieval_filter_arg_s): new. (keyserver_retrieval_filter): Use new struct and check all descriptions. (keyserver_spawn): Pass filter arg suing the new struct. -- This is a fix for commit 5e933008. The old code did only work for a single key. It failed as soon as several keys are specified ("gpg --refresh-keys" or "gpg --recv-key A B C"). --- g10/keyserver.c | 68 ++++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 45 insertions(+), 23 deletions(-) diff --git a/g10/keyserver.c b/g10/keyserver.c index 83a4b955ccfc..aa41536fc9cf 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -982,13 +982,25 @@ direct_uri_map(const char *scheme,unsigned int is_direct) #define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\"" +/* Structure to convey the arg to keyserver_retrieval_filter. */ +struct ks_retrieval_filter_arg_s +{ + KEYDB_SEARCH_DESC *desc; + int ndesc; +}; + + /* Check whether a key matches the search description. The filter returns 0 if the key shall be imported. Note that this kind of filter is not related to the iobuf filters. */ static int -keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, void *arg) +keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, + void *opaque) { - KEYDB_SEARCH_DESC *desc = arg; + struct ks_retrieval_filter_arg_s *arg = opaque; + KEYDB_SEARCH_DESC *desc = arg->desc; + int ndesc = arg->ndesc; + int n; u32 keyid[2]; byte fpr[MAX_FINGERPRINT_LEN]; size_t fpr_len = 0; @@ -997,32 +1009,40 @@ keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, void *arg) if (sk) return G10ERR_GENERAL; + if (!ndesc) + return 0; /* Okay if no description given. */ + fingerprint_from_pk (pk, fpr, &fpr_len); keyid_from_pk (pk, keyid); /* Compare requested and returned fingerprints if available. */ - if (desc->mode == KEYDB_SEARCH_MODE_FPR20) - { - if (fpr_len != 20 || memcmp (fpr, desc->u.fpr, 20)) - return G10ERR_GENERAL; - } - else if (desc->mode == KEYDB_SEARCH_MODE_FPR16) - { - if (fpr_len != 16 || memcmp (fpr, desc->u.fpr, 16)) - return G10ERR_GENERAL; - } - else if (desc->mode == KEYDB_SEARCH_MODE_LONG_KID) - { - if (keyid[0] != desc->u.kid[0] || keyid[1] != desc->u.kid[1]) - return G10ERR_GENERAL; - } - else if (desc->mode == KEYDB_SEARCH_MODE_SHORT_KID) + for (n = 0; n < ndesc; n++) { - if (keyid[1] != desc->u.kid[1]) - return G10ERR_GENERAL; + if (desc[n].mode == KEYDB_SEARCH_MODE_FPR20) + { + if (fpr_len == 20 && !memcmp (fpr, desc[n].u.fpr, 20)) + return 0; + } + else if (desc[n].mode == KEYDB_SEARCH_MODE_FPR16) + { + if (fpr_len == 16 && !memcmp (fpr, desc[n].u.fpr, 16)) + return 0; + } + else if (desc[n].mode == KEYDB_SEARCH_MODE_LONG_KID) + { + if (keyid[0] == desc[n].u.kid[0] && keyid[1] == desc[n].u.kid[1]) + return 0; + } + else if (desc[n].mode == KEYDB_SEARCH_MODE_SHORT_KID) + { + if (keyid[1] == desc[n].u.kid[1]) + return 0; + } + else + return 0; } - return 0; + return G10ERR_GENERAL; } @@ -1535,6 +1555,7 @@ keyserver_spawn (enum ks_action action, strlist_t list, KEYDB_SEARCH_DESC *desc, case KS_GETNAME: { void *stats_handle; + struct ks_retrieval_filter_arg_s filterarg; stats_handle=import_new_stats_handle(); @@ -1547,11 +1568,12 @@ keyserver_spawn (enum ks_action action, strlist_t list, KEYDB_SEARCH_DESC *desc, that we don't allow the import of secret keys from a keyserver. Keyservers should never accept or send them but we better protect against rogue keyservers. */ - + filterarg.desc = desc; + filterarg.ndesc = count; import_keys_stream (spawn->fromchild, stats_handle, fpr, fpr_len, (opt.keyserver_options.import_options | IMPORT_NO_SECKEY), - keyserver_retrieval_filter, desc); + keyserver_retrieval_filter, &filterarg); import_print_stats(stats_handle); import_release_stats_handle(stats_handle); -- 2.6.3
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor