Andreas Stieger
129cca34ec
Fix invalid packet read error when reading keyrings [boo#914625] OBS-URL: https://build.opensuse.org/request/show/287676 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=94
77 lines
2.3 KiB
Diff
77 lines
2.3 KiB
Diff
From a8116aacd91b7e775762a62c268fab6cc3c77438 Mon Sep 17 00:00:00 2001
|
|
From: Werner Koch <wk@gnupg.org>
|
|
Date: Mon, 23 Feb 2015 16:37:57 +0100
|
|
Subject: [PATCH] gpg: Skip legacy keys while searching keyrings.
|
|
|
|
* g10/getkey.c (search_modes_are_fingerprint): New.
|
|
(lookup): Skip over legacy keys.
|
|
--
|
|
|
|
GnuPG-bug-id: 1847
|
|
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
---
|
|
g10/getkey.c | 39 +++++++++++++++++++++++++++++++++++++--
|
|
1 file changed, 37 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/g10/getkey.c b/g10/getkey.c
|
|
index 76ee493..116753c 100644
|
|
--- a/g10/getkey.c
|
|
+++ b/g10/getkey.c
|
|
@@ -2525,6 +2525,29 @@ found:
|
|
}
|
|
|
|
|
|
+/* Return true if all the search modes are fingerprints. */
|
|
+static int
|
|
+search_modes_are_fingerprint (getkey_ctx_t ctx)
|
|
+{
|
|
+ size_t n, found;
|
|
+
|
|
+ for (n=found=0; n < ctx->nitems; n++)
|
|
+ {
|
|
+ switch (ctx->items[n].mode)
|
|
+ {
|
|
+ case KEYDB_SEARCH_MODE_FPR16:
|
|
+ case KEYDB_SEARCH_MODE_FPR20:
|
|
+ case KEYDB_SEARCH_MODE_FPR:
|
|
+ found++;
|
|
+ break;
|
|
+ default:
|
|
+ break;
|
|
+ }
|
|
+ }
|
|
+ return found && found == ctx->nitems;
|
|
+}
|
|
+
|
|
+
|
|
/* The main function to lookup a key. On success the found keyblock
|
|
is stored at RET_KEYBLOCK and also in CTX. If WANT_SECRET is true
|
|
a corresponding secret key is required. */
|
|
@@ -2534,9 +2557,21 @@ lookup (getkey_ctx_t ctx, kbnode_t *ret_keyblock, int want_secret)
|
|
int rc;
|
|
int no_suitable_key = 0;
|
|
|
|
- rc = 0;
|
|
- while (!(rc = keydb_search (ctx->kr_handle, ctx->items, ctx->nitems, NULL)))
|
|
+ for (;;)
|
|
{
|
|
+ rc = keydb_search (ctx->kr_handle, ctx->items, ctx->nitems, NULL);
|
|
+ /* Skip over all legacy keys but only if they are not requested
|
|
+ by fingerprints.
|
|
+ Fixme: The lower level keydb code should actually do that but
|
|
+ then it would be harder to report the number of skipped
|
|
+ legacy keys during import. */
|
|
+ if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY
|
|
+ && !(ctx->nitems && ctx->items->mode == KEYDB_SEARCH_MODE_FIRST)
|
|
+ && !search_modes_are_fingerprint (ctx))
|
|
+ continue;
|
|
+ if (rc)
|
|
+ break;
|
|
+
|
|
/* If we are searching for the first key we have to make sure
|
|
that the next iteration does not do an implicit reset.
|
|
This can be triggered by an empty key ring. */
|
|
--
|
|
2.1.4
|
|
|