X-Git-Url: http://the.earth.li/gitweb/?a=blobdiff_plain;f=cleankey.c;h=fe24c3b6a31a7502de8554ce12bf692b3d18dbb5;hb=a799cc2909f47d918d1ec7171a9edba28a9f5136;hp=5608ef04926213893794f83756c20b7ad7b9c4e0;hpb=e17ef1fac72bcfeff58e7c88af18eea6f9d6bc85;p=onak.git
diff --git a/cleankey.c b/cleankey.c
index 5608ef0..fe24c3b 100644
--- a/cleankey.c
+++ b/cleankey.c
@@ -13,8 +13,7 @@
* more details.
*
* You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 51
- * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * this program. If not, see .
*/
#include
@@ -27,7 +26,7 @@
#include "log.h"
#include "mem.h"
#include "merge.h"
-#include "onak-conf.h"
+#include "openpgp.h"
#include "sigcheck.h"
/**
@@ -180,28 +179,86 @@ int clean_key_sighashes(struct openpgp_publickey *key)
return removed;
}
+#define UAT_LIMIT 0xFFFF
+#define UID_LIMIT 1024
+#define PACKET_LIMIT 8383 /* Fits in 2 byte packet length */
+int clean_large_packets(struct openpgp_publickey *key)
+{
+ struct openpgp_signedpacket_list **curuid = NULL;
+ struct openpgp_signedpacket_list *tmp = NULL;
+ bool drop;
+ int dropped = 0;
+
+ log_assert(key != NULL);
+ curuid = &key->uids;
+ while (*curuid != NULL) {
+ drop = false;
+ switch ((*curuid)->packet->tag) {
+ case OPENPGP_PACKET_UID:
+ if ((*curuid)->packet->length > UID_LIMIT)
+ drop = true;
+ break;
+ case OPENPGP_PACKET_UAT:
+ if ((*curuid)->packet->length > UAT_LIMIT)
+ drop = true;
+ break;
+ default:
+ if ((*curuid)->packet->length > PACKET_LIMIT)
+ drop = true;
+ break;
+ }
+
+ if (drop) {
+ logthing(LOGTHING_INFO,
+ "Dropping large (%d) packet, type %d",
+ (*curuid)->packet->length,
+ (*curuid)->packet->tag);
+ /* Remove the entire large signed packet list */
+ tmp = *curuid;
+ *curuid = (*curuid)->next;
+ tmp->next = NULL;
+ free_signedpacket_list(tmp);
+ dropped++;
+ } else {
+ curuid = &(*curuid)->next;
+ }
+ }
+
+ return dropped;
+}
+
/**
* cleankeys - Apply all available cleaning options on a list of keys.
- * @keys: The list of keys to clean.
+ * @policies: The cleaning policies to apply.
*
- * Applies all the cleaning options we can (eg duplicate key ids) to a
- * list of keys. Returns 0 if no changes were made, otherwise the number
- * of keys cleaned.
+ * Applies the requested cleaning policies to a list of keys. These are
+ * specified from the ONAK_CLEAN_* set of flags, or ONAK_CLEAN_ALL to
+ * apply all available cleaning options. Returns 0 if no changes were
+ * made, otherwise the number of keys cleaned. Note that some options
+ * may result in keys being removed entirely from the list.
*/
-int cleankeys(struct openpgp_publickey *keys)
+int cleankeys(struct openpgp_publickey **keys, uint64_t policies)
{
- int changed = 0, count;
+ struct openpgp_publickey *curkey;
+ int changed = 0, count = 0;
+
+ if (keys == NULL)
+ return 0;
- while (keys != NULL) {
- count = dedupuids(keys);
- count += dedupsubkeys(keys);
- if (config.check_sighash) {
- count += clean_key_sighashes(keys);
+ curkey = *keys;
+ while (curkey != NULL) {
+ if (policies & ONAK_CLEAN_LARGE_PACKETS) {
+ count += clean_large_packets(curkey);
+ }
+ count += dedupuids(curkey);
+ count += dedupsubkeys(curkey);
+ if (policies & ONAK_CLEAN_CHECK_SIGHASH) {
+ count += clean_key_sighashes(curkey);
}
if (count > 0) {
changed++;
}
- keys = keys->next;
+ curkey = curkey->next;
}
return changed;