From ac0fdba6400c9810df9da850cb859f04b471dffe Mon Sep 17 00:00:00 2001 From: "Neal H. Walfield" Date: Fri, 17 Mar 2017 13:36:51 +0100 Subject: [PATCH] gpg: Make sure the conflict set includes the current key. * g10/tofu.c (get_trust): Sanity check CONFLICT_SET after calling get_policy. If POLICY is 'auto' and the default policy is 'ask', make sure CONFLICT_SET includes the current key. -- Signed-off-by: Neal H. Walfield GnuPG-bug-id: 2959 Debian-bug-id: 854829 Signed-off-by: Neal H. Walfield (cherry picked from commit b1106b4d640325c60a7212a4a44e4f67c0e3312d) Gbp-Pq: Name 0052-gpg-Make-sure-the-conflict-set-includes-the-current-.patch --- g10/tofu.c | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/g10/tofu.c b/g10/tofu.c index 449e921..39457a5 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -2304,9 +2304,14 @@ build_conflict_set (tofu_dbs_t dbs, /* Return the effective policy for the binding - * (email has already been normalized) and any conflict information in - * *CONFLICT_SETP, if CONFLICT_SETP is not NULL. Returns - * _tofu_GET_POLICY_ERROR if an error occurs. + * (email has already been normalized). Returns + * _tofu_GET_POLICY_ERROR if an error occurs. Returns any conflict + * information in *CONFLICT_SETP if CONFLICT_SETP is not NULL and the + * returned policy is TOFU_POLICY_ASK (consequently, if there is a + * conflict, but the user set the policy to good *CONFLICT_SETP will + * empty). Note: as per build_conflict_set, which is used to build + * the conflict information, the conflict information includes the + * current user id as the first element of the linked list. * * This function registers the binding in the bindings table if it has * not yet been registered. @@ -2689,6 +2694,15 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, policy = get_policy (dbs, pk, fingerprint, user_id, email, &conflict_set, now); + if (policy == TOFU_POLICY_ASK) + /* The conflict set should always contain at least one element: + * the current key. */ + log_assert (conflict_set); + else + /* If the policy is not TOFU_POLICY_ASK, then conflict_set will be + * NULL. */ + log_assert (! conflict_set); + /* If the key is ultimately trusted, there is nothing to do. */ { u32 kid[2]; @@ -2710,6 +2724,14 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, " auto (default: %s).\n", fingerprint, email, tofu_policy_str (opt.tofu_default_policy)); + + if (policy == TOFU_POLICY_ASK) + /* The default policy is ASK, but there is no conflict (policy + * was 'auto'). In this case, we need to make sure the + * conflict set includes at least the current user id. */ + { + add_to_strlist (&conflict_set, fingerprint); + } } switch (policy) { -- 2.30.2