1 From: "Neal H. Walfield" <neal@g10code.com>
2 Date: Thu, 2 Feb 2017 14:24:38 +0100
3 Subject: gpg: Ensure TOFU bindings associated with UTKs are registered as
6 * g10/tofu.c (get_trust): Call get_policy before short-circuiting the
7 policy lookup for ultimately trusted keys to make sure the binding is
8 added to the bindings table, if necessary.
10 Signed-off-by: Neal H. Walfield <neal@g10code.com>
12 (cherry picked from commit 769272ba87f282a69e8d5f9bb27c86e6bec4496b)
14 g10/tofu.c | 19 +++++++++++++------
15 1 file changed, 13 insertions(+), 6 deletions(-)
17 diff --git a/g10/tofu.c b/g10/tofu.c
18 index 41bdd5f30..85347bb74 100644
21 @@ -2306,7 +2306,11 @@ build_conflict_set (tofu_dbs_t dbs,
22 /* Return the effective policy for the binding <FINGERPRINT, EMAIL>
23 * (email has already been normalized) and any conflict information in
24 * *CONFLICT_SETP, if CONFLICT_SETP is not NULL. Returns
25 - * _tofu_GET_POLICY_ERROR if an error occurs. */
26 + * _tofu_GET_POLICY_ERROR if an error occurs.
28 + * This function registers the binding in the bindings table if it has
29 + * not yet been registered.
31 static enum tofu_policy
32 get_policy (tofu_dbs_t dbs, PKT_public_key *pk,
33 const char *fingerprint, const char *user_id, const char *email,
34 @@ -2677,6 +2681,14 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
35 && _tofu_GET_TRUST_ERROR != TRUST_FULLY
36 && _tofu_GET_TRUST_ERROR != TRUST_ULTIMATE);
38 + begin_transaction (ctrl, 0);
41 + /* We need to call get_policy even if the key is ultimately trusted
42 + * to make sure the binding has been registered. */
43 + policy = get_policy (dbs, pk, fingerprint, user_id, email,
44 + &conflict_set, now);
46 /* If the key is ultimately trusted, there is nothing to do. */
49 @@ -2690,11 +2702,6 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
53 - begin_transaction (ctrl, 0);
56 - policy = get_policy (dbs, pk, fingerprint, user_id, email,
57 - &conflict_set, now);
58 if (policy == TOFU_POLICY_AUTO)
60 policy = opt.tofu_default_policy;