diff options
| author | Werner Koch <wk@gnupg.org> | 2012-12-20 09:43:41 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2012-12-20 12:37:01 +0100 |
| commit | f0b33b6fb8e0586e9584a7a409dcc31263776a67 (patch) | |
| tree | f7c503424759dcf7699a80f2556e71b94497b15b | |
| parent | gpg: Make commit 2b3cb2ee actually work (diff) | |
| download | gnupg2-f0b33b6fb8e0586e9584a7a409dcc31263776a67.tar.xz gnupg2-f0b33b6fb8e0586e9584a7a409dcc31263776a67.zip | |
gpg: Import only packets which are allowed in a keyblock.
* g10/import.c (valid_keyblock_packet): New.
(read_block): Store only valid packets.
--
A corrupted key, which for example included a mangled public key
encrypted packet, used to corrupt the keyring. This change skips all
packets which are not allowed in a keyblock.
GnuPG-bug-id: 1455
(cherry-picked from commit f795a0d59e197455f8723c300eebf59e09853efa)
| -rw-r--r-- | g10/import.c | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/g10/import.c b/g10/import.c index bfe02eb16..a57b32e3f 100644 --- a/g10/import.c +++ b/g10/import.c @@ -384,6 +384,27 @@ import_print_stats (void *hd) } +/* Return true if PKTTYPE is valid in a keyblock. */ +static int +valid_keyblock_packet (int pkttype) +{ + switch (pkttype) + { + case PKT_PUBLIC_KEY: + case PKT_PUBLIC_SUBKEY: + case PKT_SECRET_KEY: + case PKT_SECRET_SUBKEY: + case PKT_SIGNATURE: + case PKT_USER_ID: + case PKT_ATTRIBUTE: + case PKT_RING_TRUST: + return 1; + default: + return 0; + } +} + + /**************** * Read the next keyblock from stream A. * PENDING_PKT should be initialzed to NULL @@ -461,7 +482,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ) } in_cert = 1; default: - if( in_cert ) { + if (in_cert && valid_keyblock_packet (pkt->pkttype)) { if( !root ) root = new_kbnode( pkt ); else |