1 From: "Neal H. Walfield" <neal@g10code.com>
2 Date: Fri, 17 Mar 2017 13:36:51 +0100
3 Subject: gpg: Make sure the conflict set includes the current key.
5 * g10/tofu.c (get_trust): Sanity check CONFLICT_SET after calling
6 get_policy. If POLICY is 'auto' and the default policy is 'ask', make
7 sure CONFLICT_SET includes the current key.
10 Signed-off-by: Neal H. Walfield <neal@g10code.com>
14 Signed-off-by: Neal H. Walfield <neal@g10code.com>
15 (cherry picked from commit b1106b4d640325c60a7212a4a44e4f67c0e3312d)
17 g10/tofu.c | 28 +++++++++++++++++++++++++---
18 1 file changed, 25 insertions(+), 3 deletions(-)
20 diff --git a/g10/tofu.c b/g10/tofu.c
21 index 449e921..39457a5 100644
24 @@ -2304,9 +2304,14 @@ build_conflict_set (tofu_dbs_t dbs,
27 /* Return the effective policy for the binding <FINGERPRINT, EMAIL>
28 - * (email has already been normalized) and any conflict information in
29 - * *CONFLICT_SETP, if CONFLICT_SETP is not NULL. Returns
30 - * _tofu_GET_POLICY_ERROR if an error occurs.
31 + * (email has already been normalized). Returns
32 + * _tofu_GET_POLICY_ERROR if an error occurs. Returns any conflict
33 + * information in *CONFLICT_SETP if CONFLICT_SETP is not NULL and the
34 + * returned policy is TOFU_POLICY_ASK (consequently, if there is a
35 + * conflict, but the user set the policy to good *CONFLICT_SETP will
36 + * empty). Note: as per build_conflict_set, which is used to build
37 + * the conflict information, the conflict information includes the
38 + * current user id as the first element of the linked list.
40 * This function registers the binding in the bindings table if it has
41 * not yet been registered.
42 @@ -2689,6 +2694,15 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
43 policy = get_policy (dbs, pk, fingerprint, user_id, email,
46 + if (policy == TOFU_POLICY_ASK)
47 + /* The conflict set should always contain at least one element:
48 + * the current key. */
49 + log_assert (conflict_set);
51 + /* If the policy is not TOFU_POLICY_ASK, then conflict_set will be
53 + log_assert (! conflict_set);
55 /* If the key is ultimately trusted, there is nothing to do. */
58 @@ -2710,6 +2724,14 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
59 " auto (default: %s).\n",
61 tofu_policy_str (opt.tofu_default_policy));
63 + if (policy == TOFU_POLICY_ASK)
64 + /* The default policy is ASK, but there is no conflict (policy
65 + * was 'auto'). In this case, we need to make sure the
66 + * conflict set includes at least the current user id. */
68 + add_to_strlist (&conflict_set, fingerprint);