From: Neal H. Walfield Date: Thu, 2 Feb 2017 13:24:38 +0000 (+0100) Subject: gpg: Ensure TOFU bindings associated with UTKs are registered as usual X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?a=commitdiff_plain;h=2fc26dbcbd6a2b47d850e1dbeeb97d44d204795a;p=gnupg2.git gpg: Ensure TOFU bindings associated with UTKs are registered as usual * g10/tofu.c (get_trust): Call get_policy before short-circuiting the policy lookup for ultimately trusted keys to make sure the binding is added to the bindings table, if necessary. Signed-off-by: Neal H. Walfield GnuPG-bug-id: 2929 (cherry picked from commit 769272ba87f282a69e8d5f9bb27c86e6bec4496b) Gbp-Pq: Name 0024-gpg-Ensure-TOFU-bindings-associated-with-UTKs-are-re.patch --- diff --git a/g10/tofu.c b/g10/tofu.c index 41bdd5f..85347bb 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -2306,7 +2306,11 @@ build_conflict_set (tofu_dbs_t dbs, /* Return the effective policy for the binding * (email has already been normalized) and any conflict information in * *CONFLICT_SETP, if CONFLICT_SETP is not NULL. Returns - * _tofu_GET_POLICY_ERROR if an error occurs. */ + * _tofu_GET_POLICY_ERROR if an error occurs. + * + * This function registers the binding in the bindings table if it has + * not yet been registered. + */ static enum tofu_policy get_policy (tofu_dbs_t dbs, PKT_public_key *pk, const char *fingerprint, const char *user_id, const char *email, @@ -2677,6 +2681,14 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, && _tofu_GET_TRUST_ERROR != TRUST_FULLY && _tofu_GET_TRUST_ERROR != TRUST_ULTIMATE); + begin_transaction (ctrl, 0); + in_transaction = 1; + + /* We need to call get_policy even if the key is ultimately trusted + * to make sure the binding has been registered. */ + policy = get_policy (dbs, pk, fingerprint, user_id, email, + &conflict_set, now); + /* If the key is ultimately trusted, there is nothing to do. */ { u32 kid[2]; @@ -2690,11 +2702,6 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, } } - begin_transaction (ctrl, 0); - in_transaction = 1; - - policy = get_policy (dbs, pk, fingerprint, user_id, email, - &conflict_set, now); if (policy == TOFU_POLICY_AUTO) { policy = opt.tofu_default_policy;