diff options
| author | Werner Koch <wk@gnupg.org> | 2019-03-15 19:50:37 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2019-03-15 20:41:38 +0100 |
| commit | f799e9728bcadb3d4148a47848c78c5647860ea4 (patch) | |
| tree | 3d1428e8d0ea4070d0bcac2defe05d45235dad76 /g10/kbnode.c | |
| parent | tests: Add sample secret key w/o binding signatures. (diff) | |
| download | gnupg2-f799e9728bcadb3d4148a47848c78c5647860ea4.tar.xz gnupg2-f799e9728bcadb3d4148a47848c78c5647860ea4.zip | |
gpg: Avoid importing secret keys if the keyblock is not valid.
* g10/keydb.h (struct kbnode_struct): Replace unused field RECNO by
new field TAG.
* g10/kbnode.c (alloc_node): Change accordingly.
* g10/import.c (import_one): Add arg r_valid.
(sec_to_pub_keyblock): Set tags.
(resync_sec_with_pub_keyblock): New.
(import_secret_one): Change return code to gpg_error_t. Return an
error code if sec_to_pub_keyblock failed. Resync secret keyblock.
--
When importing an invalid secret key ring for example without key
binding signatures or no UIDs, gpg used to let gpg-agent store the
secret keys anyway. This is clearly a bug because the diagnostics
before claimed that for example the subkeys have been skipped.
Importing the secret key parameters then anyway is surprising in
particular because a gpg -k does not show the key. After importing
the public key the secret keys suddenly showed up.
This changes the behaviour of
GnuPG-bug-id: 4392
to me more consistent but is not a solution to the actual bug.
Caution: The ecc.scm test now fails because two of the sample keys
don't have binding signatures.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'g10/kbnode.c')
| -rw-r--r-- | g10/kbnode.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/g10/kbnode.c b/g10/kbnode.c index 64def0509..93035e8f6 100644 --- a/g10/kbnode.c +++ b/g10/kbnode.c @@ -68,8 +68,8 @@ alloc_node (void) n->next = NULL; n->pkt = NULL; n->flag = 0; + n->tag = 0; n->private_flag=0; - n->recno = 0; return n; } |