]> the.earth.li Git - onak.git/commitdiff
projects / onak.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9ae9b73)
Cope with colliding 64 bit keyids when verifying signatures
authorJonathan McDowell <noodles@earth.li>
Fri, 17 Jan 2020 19:28:18 +0000 (19:28 +0000)
committerJonathan McDowell <noodles@earth.li>
Fri, 17 Jan 2020 19:28:18 +0000 (19:28 +0000)
Signature keys can be indicated by 64 bit keyid rather than full
fingerprint; there are very few of this collisions but they do exist and
we should handle them gracefully rather than incorrectly dropping a
signature.

cleankey.c patch | blob | history

diff --git a/cleankey.c b/cleankey.c
index 51274fe874b25898a1405e006ddd20296deebc9d..3a74098c4683e114ef37421099fc46f67a0ca3a2 100644 (file)
--- a/cleankey.c
+++ b/cleankey.c
@@ -141,7 +141,7 @@ int clean_sighashes(struct onak_dbctx *dbctx,
                bool *selfsig, bool *othersig)
 {
        struct openpgp_packet_list *tmpsig;
-       struct openpgp_publickey *sigkey = NULL;
+       struct openpgp_publickey *sigkeys = NULL, *curkey;
        onak_status_t ret;
        uint8_t hashtype;
        uint8_t hash[64];
@@ -198,10 +198,20 @@ int clean_sighashes(struct onak_dbctx *dbctx,
                                }
                        }
 
-                       if (remove && dbctx->fetch_key_id(dbctx, sigid,
-                                               &sigkey, false)) {
+                       if (remove) {
+                               dbctx->fetch_key_id(dbctx, sigid,
+                                               &sigkeys, false);
+                       }
+
+                       /*
+                        * A 64 bit collision is probably a sign of something
+                        * sneaky happening, but if the signature verifies we
+                        * should keep it.
+                        */
+                       for (curkey = sigkeys; curkey != NULL;
+                                       curkey = curkey->next) {
 
-                               ret = onak_check_hash_sig(sigkey,
+                               ret = onak_check_hash_sig(curkey,
                                                (*sigs)->packet,
                                                hash, hashtype);
 
@@ -211,11 +221,12 @@ int clean_sighashes(struct onak_dbctx *dbctx,
                                        if (othersig != NULL) {
                                                *othersig = true;
                                        }
+                                       break;
                                }
-
-                               free_publickey(sigkey);
-                               sigkey = NULL;
                        }
+
+                       free_publickey(sigkeys);
+                       sigkeys = NULL;
                }
 #endif
 
OpenPGP key server