62 lines
1.6 KiB
Diff
62 lines
1.6 KiB
Diff
From: Werner Koch <wk@gnupg.org>
|
|
Date: Thu, 20 Dec 2012 08:43:41 +0000 (+0100)
|
|
Subject: gpg: Import only packets which are allowed in a keyblock.
|
|
X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=498882296ffac7987c644aaf2a0aa108a2925471
|
|
|
|
gpg: Import only packets which are allowed in a keyblock.
|
|
|
|
* g10/import.c (valid_keyblock_packet): New.
|
|
(read_block): Store only valid packets.
|
|
--
|
|
|
|
A corrupted key, which for example included a mangled public key
|
|
encrypted packet, used to corrupt the keyring. This change skips all
|
|
packets which are not allowed in a keyblock.
|
|
|
|
GnuPG-bug-id: 1455
|
|
|
|
(cherry-picked from commit 3a4b96e665fa639772854058737ee3d54ba0694e)
|
|
---
|
|
|
|
diff --git a/g10/import.c b/g10/import.c
|
|
index ba2439d..ad112d6 100644
|
|
--- a/g10/import.c
|
|
+++ b/g10/import.c
|
|
@@ -347,6 +347,27 @@ import_print_stats (void *hd)
|
|
}
|
|
|
|
|
|
+/* Return true if PKTTYPE is valid in a keyblock. */
|
|
+static int
|
|
+valid_keyblock_packet (int pkttype)
|
|
+{
|
|
+ switch (pkttype)
|
|
+ {
|
|
+ case PKT_PUBLIC_KEY:
|
|
+ case PKT_PUBLIC_SUBKEY:
|
|
+ case PKT_SECRET_KEY:
|
|
+ case PKT_SECRET_SUBKEY:
|
|
+ case PKT_SIGNATURE:
|
|
+ case PKT_USER_ID:
|
|
+ case PKT_ATTRIBUTE:
|
|
+ case PKT_RING_TRUST:
|
|
+ return 1;
|
|
+ default:
|
|
+ return 0;
|
|
+ }
|
|
+}
|
|
+
|
|
+
|
|
/****************
|
|
* Read the next keyblock from stream A.
|
|
* PENDING_PKT should be initialzed to NULL
|
|
@@ -424,7 +445,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root )
|
|
}
|
|
in_cert = 1;
|
|
default:
|
|
- if( in_cert ) {
|
|
+ if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
|
|
if( !root )
|
|
root = new_kbnode( pkt );
|
|
else
|