diff options
| author | Werner Koch <wk@gnupg.org> | 2022-10-28 11:17:39 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2022-10-28 11:20:04 +0200 |
| commit | 0ef54e644f1945337c5c492dbcad898baee83026 (patch) | |
| tree | 8d5407b7e4d204e29345cb5e2b48a97693d24ae6 /g10/trustdb.c | |
| parent | gpg: Import stray revocation certificates. (diff) | |
| download | gnupg2-0ef54e644f1945337c5c492dbcad898baee83026.tar.xz gnupg2-0ef54e644f1945337c5c492dbcad898baee83026.zip | |
gpg: Fix trusted introducer for user-ids with only the mbox.
* g10/trustdb.c (check_regexp): Kludge to match user-ids with only an
mbox.
--
(Also re-indented the function)
GnuPG-bug-id: 6238
Diffstat (limited to 'g10/trustdb.c')
| -rw-r--r-- | g10/trustdb.c | 50 |
1 files changed, 31 insertions, 19 deletions
diff --git a/g10/trustdb.c b/g10/trustdb.c index 7e2486446..051a534f9 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1707,38 +1707,50 @@ sanitize_regexp(const char *old) return new; } + /* Used by validate_one_keyblock to confirm a regexp within a trust - signature. Returns 1 for match, and 0 for no match or regex - error. */ + * signature. Returns 1 for match, and 0 for no match or regex + * error. */ static int -check_regexp(const char *expr,const char *string) +check_regexp (const char *expr,const char *string) { int ret; char *regexp; + char *stringbuf = NULL; + regex_t pat; - regexp=sanitize_regexp(expr); - - { - regex_t pat; + regexp = sanitize_regexp (expr); - ret=regcomp(&pat,regexp,REG_ICASE|REG_EXTENDED); - if(ret==0) - { - ret=regexec(&pat,string,0,NULL,0); - regfree(&pat); - } - ret=(ret==0); - } + ret = regcomp (&pat, regexp, (REG_ICASE|REG_EXTENDED)); + if (!ret) + { + if (*regexp == '<' && !strchr (string, '<') + && is_valid_mailbox (string)) + { + /* The R.E. starts with an angle bracket but STRING seems to + * be a plain mailbox (e.g. "foo@example.org"). The + * commonly used R.E. pattern "<[^>]+[@.]example\.org>$" + * won't be able to detect this. Thus we enclose STRING + * into angle brackets for checking. */ + stringbuf = xstrconcat ("<", string, ">", NULL); + string = stringbuf; + } + ret = regexec (&pat, string, 0, NULL, 0); + regfree (&pat); + } - if(DBG_TRUST) - log_debug("regexp '%s' ('%s') on '%s': %s\n", - regexp,expr,string,ret?"YES":"NO"); + ret = !ret; - xfree(regexp); + if (DBG_TRUST) + log_debug ("regexp '%s' ('%s') on '%s'%s: %s\n", + regexp, expr, string, stringbuf? " (fixed)":"", ret? "YES":"NO"); + xfree (regexp); + xfree (stringbuf); return ret; } + /* * Return true if the key is signed by one of the keys in the given * key ID list. User IDs with a valid signature are marked by node |