gpg: Use just the addrspec from the Signer's UID.

* g10/parse-packet.c (parse_signature): Take only the addrspec from a
Signer's UID subpacket.
--

This is to address a problem in the currentr OpenKeychain which put
the entire UID into the subpacket.  For example our Tofu code can only
use the addrspec and not the entire UID.

Reported-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 05204b72497db093f5d2da4a2446c0264a946296)

Gbp-Pq: Topic from-2.2.16
Gbp-Pq: Name gpg-Use-just-the-addrspec-from-the-Signer-s-UID.patch

diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 05f63e928aeb445aa7667e4727a5faaa277f5430..3aa11a45fa05cfb97e1ea9d39927f69d6e38a9c3 100644 (file)
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -35,6 +35,7 @@
 #include "main.h"
 #include "../common/i18n.h"
 #include "../common/host2net.h"
+#include "../common/mbox-util.h"
 
 
 /* Maximum length of packets to avoid excessive memory allocation.  */
@@ -2064,12 +2065,20 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
       p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIGNERS_UID, &len);
       if (p && len)
         {
+          char *mbox;
+
           sig->signers_uid = try_make_printable_string (p, len, 0);
           if (!sig->signers_uid)
             {
               rc = gpg_error_from_syserror ();
               goto leave;
             }
+          mbox = mailbox_from_userid (sig->signers_uid);
+          if (mbox)
+            {
+              xfree (sig->signers_uid);
+              sig->signers_uid = mbox;
+            }
         }
 
       p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_NOTATION, NULL);