Package: gnupg2 / 2.2.12-1+deb10u1

from-2.2.16/gpg-Use-just-the-addrspec-from-the-Signer-s-UID.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
From: Werner Koch <wk@gnupg.org>
Date: Fri, 3 May 2019 10:53:34 +0200
Subject: gpg: Use just the addrspec from the Signer's UID.

* g10/parse-packet.c (parse_signature): Take only the addrspec from a
Signer's UID subpacket.
--

This is to address a problem in the currentr OpenKeychain which put
the entire UID into the subpacket.  For example our Tofu code can only
use the addrspec and not the entire UID.

Reported-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 05204b72497db093f5d2da4a2446c0264a946296)
---
 g10/parse-packet.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 05f63e9..3aa11a4 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -35,6 +35,7 @@
 #include "main.h"
 #include "../common/i18n.h"
 #include "../common/host2net.h"
+#include "../common/mbox-util.h"
 
 
 /* Maximum length of packets to avoid excessive memory allocation.  */
@@ -2064,12 +2065,20 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
       p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIGNERS_UID, &len);
       if (p && len)
         {
+          char *mbox;
+
           sig->signers_uid = try_make_printable_string (p, len, 0);
           if (!sig->signers_uid)
             {
               rc = gpg_error_from_syserror ();
               goto leave;
             }
+          mbox = mailbox_from_userid (sig->signers_uid);
+          if (mbox)
+            {
+              xfree (sig->signers_uid);
+              sig->signers_uid = mbox;
+            }
         }
 
       p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_NOTATION, NULL);