gpg: Clean bogus subkey binding when cleaning a key.

* g10/trust.c (clean_key): Also clean bogus subkey bindings. -- GnuPG-bug-id: 2922 Signed-off-by: Werner Koch <wk@gnupg.org>
author: Werner Koch <wk@gnupg.org> 2017-01-17 10:26:34 +0100
committer: Werner Koch <wk@gnupg.org> 2017-01-17 10:26:34 +0100
commit: 356323768a1a29138581d0aceed0336ab8be0d5c (patch)
tree: 1b786bd86924ea36450a37395cfc2665672139d8 /g10/trust.c
parent: gpg: Sync print of additional sig data in --edit-key. (diff)
download: gnupg2-356323768a1a29138581d0aceed0336ab8be0d5c.tar.xz
gnupg2-356323768a1a29138581d0aceed0336ab8be0d5c.zip
1 files changed, 27 insertions, 7 deletions
diff --git a/g10/trust.c b/g10/trust.c
index 102444865..888b4ca53 100644
--- a/g10/trust.c
+++ b/g10/trust.c
@@ -756,21 +756,41 @@ clean_one_uid (kbnode_t keyblock, kbnode_t uidnode, int noisy, int self_only,
 }
 
 
+/* NB: This function marks the deleted nodes only and the caller is
+ * responsible to skip or remove them.  */
 void
 clean_key (kbnode_t keyblock, int noisy, int self_only,
            int *uids_cleaned, int *sigs_cleaned)
 {
-  kbnode_t uidnode;
+  kbnode_t node;
 
   merge_keys_and_selfsig (keyblock);
 
-  for (uidnode = keyblock->next;
-       uidnode && !(uidnode->pkt->pkttype == PKT_PUBLIC_SUBKEY
-                    || uidnode->pkt->pkttype == PKT_SECRET_SUBKEY);
-       uidnode = uidnode->next)
+  for (node = keyblock->next;
+       node && !(node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+                    || node->pkt->pkttype == PKT_SECRET_SUBKEY);
+       node = node->next)
     {
-      if (uidnode->pkt->pkttype == PKT_USER_ID)
-        clean_one_uid (keyblock, uidnode,noisy, self_only,
+      if (node->pkt->pkttype == PKT_USER_ID)
+        clean_one_uid (keyblock, node, noisy, self_only,
                        uids_cleaned, sigs_cleaned);
     }
+
+  /* Remove bogus subkey binding signatures: The only signatures
+   * allowed are of class 0x18 and 0x28.  */
+  log_assert (!node || (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+                        || node->pkt->pkttype == PKT_SECRET_SUBKEY));
+  for (; node; node = node->next)
+    {
+      if (is_deleted_kbnode (node))
+        continue;
+      if (node->pkt->pkttype == PKT_SIGNATURE
+          && !(IS_SUBKEY_SIG (node->pkt->pkt.signature)
+                || IS_SUBKEY_REV (node->pkt->pkt.signature)))
+        {
+          delete_kbnode (node);
+          if (sigs_cleaned)
+            ++*sigs_cleaned;
+        }
+    }
 }
author	Werner Koch <wk@gnupg.org>	2017-01-17 10:26:34 +0100
committer	Werner Koch <wk@gnupg.org>	2017-01-17 10:26:34 +0100
commit	356323768a1a29138581d0aceed0336ab8be0d5c (patch)
tree	1b786bd86924ea36450a37395cfc2665672139d8 /g10/trust.c
parent	gpg: Sync print of additional sig data in --edit-key. (diff)
download	gnupg2-356323768a1a29138581d0aceed0336ab8be0d5c.tar.xz gnupg2-356323768a1a29138581d0aceed0336ab8be0d5c.zip