File gnupg-CVE-2019-13050_4_of_5.patch of Package gpg2.11995
commit eec150eca78a053193a0994a96482791b5da36be
Author: Werner Koch <wk@gnupg.org>
Date: Tue Jul 9 11:07:35 2019 +0200
gpg: Fix regression in option "self-sigs-only".
* g10/import.c (read_block): Make sure KEYID is availabale also on a
pending packet.
--
Reported-by: Phil Pennock
Fixes-commit: 2e349bb6173789e0e9e42c32873d89c7bc36cea4
Signed-off-by: Werner Koch <wk@gnupg.org>
Index: gnupg-2.2.5/g10/import.c
===================================================================
--- gnupg-2.2.5.orig/g10/import.c
+++ gnupg-2.2.5/g10/import.c
@@ -784,6 +784,7 @@ read_block( IOBUF a, int with_meta,
kbnode_t root = NULL;
int in_cert, in_v3key;
u32 keyid[2];
+ int got_keyid = 0;
unsigned int dropped_nonselfsigs = 0;
*r_v3keys = 0;
@@ -792,7 +793,11 @@ read_block( IOBUF a, int with_meta,
{
root = new_kbnode( *pending_pkt );
*pending_pkt = NULL;
+ log_assert (root->pkt->pkttype == PKT_PUBLIC_KEY
+ || root->pkt->pkttype == PKT_SECRET_KEY);
in_cert = 1;
+ keyid_from_pk (root->pkt->pkt.public_key, keyid);
+ got_keyid = 1;
}
else
in_cert = 0;
@@ -881,6 +886,7 @@ read_block( IOBUF a, int with_meta,
goto x_default;
if (!(options & IMPORT_SELF_SIGS_ONLY))
goto x_default;
+ log_assert (got_keyid);
if (pkt->pkt.signature->keyid[0] == keyid[0]
&& pkt->pkt.signature->keyid[1] == keyid[1])
{ /* This is likely a self-signature. We import this one.
@@ -903,6 +909,11 @@ read_block( IOBUF a, int with_meta,
case PKT_PUBLIC_KEY:
case PKT_SECRET_KEY:
+ if (!got_keyid)
+ {
+ keyid_from_pk (pkt->pkt.public_key, keyid);
+ got_keyid = 1;
+ }
if (in_cert) /* Store this packet. */
{
*pending_pkt = pkt;
@@ -910,7 +921,6 @@ read_block( IOBUF a, int with_meta,
goto ready;
}
in_cert = 1;
- keyid_from_pk (pkt->pkt.public_key, keyid);
goto x_default;
default:
