Fix bug 894.
authorWerner Koch <wk@gnupg.org>
Tue, 25 Mar 2008 08:33:31 +0000 (08:33 +0000)
committerWerner Koch <wk@gnupg.org>
Tue, 25 Mar 2008 08:33:31 +0000 (08:33 +0000)
Change default keyserver.
Allow key protection with Camellia.

NEWS
g10/ChangeLog
g10/import.c
g10/options.skel
g10/parse-packet.c

diff --git a/NEWS b/NEWS
index 4be0218..d70582e 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,8 @@ Noteworthy changes in version 2.0.9 (unreleased)
 
  * Fixed a bug in the ambigious name detection.
 
+ * Fixed possible memory corruption while importing OpenPGP keys.
+
  * Minor bug fixes.
 
 
index 80de445..c9ad8f9 100644 (file)
@@ -1,3 +1,15 @@
+2008-03-25  David Shaw  <dshaw@jabberwocky.com>  (wk)
+
+       * import.c (collapse_uids): Fix bug 894: possible memory
+       corruption around deduplication of user IDs.
+
+2008-03-25  Werner Koch  <wk@g10code.com>
+
+       * parse-packet.c (parse_key): Parse a secret key encrypted with
+       Camellia.
+
+       * options.skel: Make the default keyserver keys.gnupg.net.
+
 2008-03-18  Werner Koch  <wk@g10code.com>
 
        * seckey-cert.c (do_check): Use GCRYMPI_FMT_PGP for v3 keys.
index 41198b6..61bbef7 100644 (file)
@@ -1661,11 +1661,17 @@ collapse_uids( KBNODE *keyblock )
     {
       KBNODE uid2;
 
+      if(is_deleted_kbnode(uid1))
+       continue;
+
       if(uid1->pkt->pkttype!=PKT_USER_ID)
        continue;
 
       for(uid2=uid1->next;uid2;uid2=uid2->next)
        {
+         if(is_deleted_kbnode(uid2))
+           continue;
+
          if(uid2->pkt->pkttype!=PKT_USER_ID)
            continue;
 
@@ -1681,6 +1687,9 @@ collapse_uids( KBNODE *keyblock )
                 uid1 */
              for(last=uid2;last->next;last=last->next)
                {
+                 if(is_deleted_kbnode(last))
+                   continue;
+
                  if(last->next->pkt->pkttype==PKT_USER_ID
                     || last->next->pkt->pkttype==PKT_PUBLIC_SUBKEY
                     || last->next->pkt->pkttype==PKT_SECRET_SUBKEY)
@@ -1693,13 +1702,16 @@ collapse_uids( KBNODE *keyblock )
              /* Now put uid2 in place as part of uid1 */
              last->next=uid1->next;
              uid1->next=uid2;
-             remove_kbnode(keyblock,uid2);
+             delete_kbnode(uid2);
 
              /* Now dedupe uid1 */
              for(sig1=uid1->next;sig1;sig1=sig1->next)
                {
                  KBNODE sig2;
 
+                 if(is_deleted_kbnode(sig1))
+                   continue;
+
                  if(sig1->pkt->pkttype==PKT_USER_ID
                     || sig1->pkt->pkttype==PKT_PUBLIC_SUBKEY
                     || sig1->pkt->pkttype==PKT_SECRET_SUBKEY)
@@ -1710,6 +1722,9 @@ collapse_uids( KBNODE *keyblock )
 
                  for(sig2=sig1->next,last=sig1;sig2;last=sig2,sig2=sig2->next)
                    {
+                     if(is_deleted_kbnode(sig2))
+                       continue;
+
                      if(sig2->pkt->pkttype==PKT_USER_ID
                         || sig2->pkt->pkttype==PKT_PUBLIC_SUBKEY
                         || sig2->pkt->pkttype==PKT_SECRET_SUBKEY)
@@ -1723,7 +1738,7 @@ collapse_uids( KBNODE *keyblock )
                        {
                          /* We have a match, so delete the second
                             signature */
-                         remove_kbnode(&uid1,sig2);
+                         delete_kbnode(sig2);
                          sig2=last;
                        }
                    }
@@ -1732,6 +1747,8 @@ collapse_uids( KBNODE *keyblock )
        }
     }
 
+  commit_kbnode(keyblock);
+
   if(any && !opt.quiet)
     {
       const char *key="???";
index 1178048..aa47305 100644 (file)
@@ -98,7 +98,8 @@ require-cross-certification
 # servers can be HKP, email, or LDAP (if GnuPG is built with LDAP
 # support).
 #
-# Example HKP keyserver:
+# Example HKP keyservers:
+#      hkp://keys.gnupg.net
 #      hkp://subkeys.pgp.net
 #
 # Example email keyserver:
@@ -121,11 +122,12 @@ require-cross-certification
 # Note that most servers (with the notable exception of
 # ldap://keyserver.pgp.com) synchronize changes with each other.  Note
 # also that a single server name may actually point to multiple
-# servers via DNS round-robin.  hkp://subkeys.pgp.net is an example of
+# servers via DNS round-robin.  hkp://keys.gnupg.net is an example of
 # such a "server", which spreads the load over a number of physical
-# servers.
+# servers.  To see the IP address of the server actually used, you may use
+# the "--keyserver-options debug".
 
-keyserver hkp://subkeys.pgp.net
+keyserver hkp://keys.gnupg.net
 #keyserver mailto:pgp-public-keys@keys.nl.pgp.net
 #keyserver ldap://pgp.surfnet.nl:11370
 #keyserver ldap://keyserver.pgp.com
index 6b8e79e..409daab 100644 (file)
@@ -1906,8 +1906,9 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
             * enlarge temp.
             */
            switch( sk->protect.algo ) {
-             case 7: case 8: case 9: /* reserved for AES */
+             case 7: case 8: case 9: /* AES */
              case 10: /* Twofish */
+              case 11: case 12: /* Camellia */
                sk->protect.ivlen = 16;
                break;
              default: