From: Jonathan McDowell Date: Fri, 17 Jan 2020 19:28:18 +0000 (+0000) Subject: Cope with colliding 64 bit keyids when verifying signatures X-Git-Tag: onak-0.6.0~5 X-Git-Url: https://the.earth.li/gitweb/?a=commitdiff_plain;h=00e37c36f214bf9d2e9794d3089e64522a6275a2;p=onak.git Cope with colliding 64 bit keyids when verifying signatures Signature keys can be indicated by 64 bit keyid rather than full fingerprint; there are very few of this collisions but they do exist and we should handle them gracefully rather than incorrectly dropping a signature. --- diff --git a/cleankey.c b/cleankey.c index 51274fe..3a74098 100644 --- a/cleankey.c +++ b/cleankey.c @@ -141,7 +141,7 @@ int clean_sighashes(struct onak_dbctx *dbctx, bool *selfsig, bool *othersig) { struct openpgp_packet_list *tmpsig; - struct openpgp_publickey *sigkey = NULL; + struct openpgp_publickey *sigkeys = NULL, *curkey; onak_status_t ret; uint8_t hashtype; uint8_t hash[64]; @@ -198,10 +198,20 @@ int clean_sighashes(struct onak_dbctx *dbctx, } } - if (remove && dbctx->fetch_key_id(dbctx, sigid, - &sigkey, false)) { + if (remove) { + dbctx->fetch_key_id(dbctx, sigid, + &sigkeys, false); + } + + /* + * A 64 bit collision is probably a sign of something + * sneaky happening, but if the signature verifies we + * should keep it. + */ + for (curkey = sigkeys; curkey != NULL; + curkey = curkey->next) { - ret = onak_check_hash_sig(sigkey, + ret = onak_check_hash_sig(curkey, (*sigs)->packet, hash, hashtype); @@ -211,11 +221,12 @@ int clean_sighashes(struct onak_dbctx *dbctx, if (othersig != NULL) { *othersig = true; } + break; } - - free_publickey(sigkey); - sigkey = NULL; } + + free_publickey(sigkeys); + sigkeys = NULL; } #endif