From: Werner Koch Date: Fri, 3 May 2019 08:53:34 +0000 (+0200) Subject: gpg: Use just the addrspec from the Signer's UID. X-Git-Tag: archive/raspbian/2.2.12-1+rpi1+deb10u2^2~45 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=d78f67bbbd3f3cae1635b0e662d5df84f5e0ce55;p=gnupg2.git gpg: Use just the addrspec from the Signer's UID. * g10/parse-packet.c (parse_signature): Take only the addrspec from a Signer's UID subpacket. -- This is to address a problem in the currentr OpenKeychain which put the entire UID into the subpacket. For example our Tofu code can only use the addrspec and not the entire UID. Reported-by: Wiktor Kwapisiewicz Signed-off-by: Werner Koch (cherry picked from commit 05204b72497db093f5d2da4a2446c0264a946296) Gbp-Pq: Topic from-2.2.16 Gbp-Pq: Name gpg-Use-just-the-addrspec-from-the-Signer-s-UID.patch --- diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 05f63e9..3aa11a4 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -35,6 +35,7 @@ #include "main.h" #include "../common/i18n.h" #include "../common/host2net.h" +#include "../common/mbox-util.h" /* Maximum length of packets to avoid excessive memory allocation. */ @@ -2064,12 +2065,20 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen, p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIGNERS_UID, &len); if (p && len) { + char *mbox; + sig->signers_uid = try_make_printable_string (p, len, 0); if (!sig->signers_uid) { rc = gpg_error_from_syserror (); goto leave; } + mbox = mailbox_from_userid (sig->signers_uid); + if (mbox) + { + xfree (sig->signers_uid); + sig->signers_uid = mbox; + } } p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_NOTATION, NULL);