gpg: Use just the addrspec from the Signer's UID.
authorWerner Koch <wk@gnupg.org>
Fri, 3 May 2019 08:53:34 +0000 (10:53 +0200)
committerWerner Koch <wk@gnupg.org>
Fri, 3 May 2019 08:54:31 +0000 (10:54 +0200)
* g10/parse-packet.c (parse_signature): Take only rthe addrspec from a
Signer's UID subpacket.
--

This is to address a problem in the currentr OpenKeychain which put
the entire UID into the subpacket.  For example our Tofu code can only
use the addrspec and not the entire UID.

Reported-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>
Signed-off-by: Werner Koch <wk@gnupg.org>
g10/parse-packet.c

index 5b4b1c9..f67edc5 100644 (file)
@@ -35,6 +35,7 @@
 #include "main.h"
 #include "../common/i18n.h"
 #include "../common/host2net.h"
+#include "../common/mbox-util.h"
 
 
 /* Maximum length of packets to avoid excessive memory allocation.  */
@@ -2118,12 +2119,20 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
       p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIGNERS_UID, &len);
       if (p && len)
         {
+          char *mbox;
+
           sig->signers_uid = try_make_printable_string (p, len, 0);
           if (!sig->signers_uid)
             {
               rc = gpg_error_from_syserror ();
               goto leave;
             }
+          mbox = mailbox_from_userid (sig->signers_uid, 0);
+          if (mbox)
+            {
+              xfree (sig->signers_uid);
+              sig->signers_uid = mbox;
+            }
         }
 
       p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_NOTATION, NULL);