gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures.
ddb012be7fe2
Actions

Description

gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures.

* g10/sig-check.c (check_signature_over_key_or_uid): Always initialize
IS_SELFSIG because it is later used to detect SHA1 non-selfsignatures.

The value of is_selfsig was also used to decide whether to reject a a
SHA_signature if it is not a self-signature. However, a code path
exists where is_selfsig was set to stub_is_selfsig and not initilaized
in this case.

Fixes-commit: c4f2d9e3e1d77d2f1f168764fcdfed32f7d1dfc4
Reported-by: 8b79fe4dd0581c1cd000e1fbecba9f39e16a396a

Details

Provenance

• werner

Authored on Wed, Oct 22, 11:19 AM

Parents

rGadb0837956fb: nl: Update Dutch translation

Branches

Unknown

Tags

Unknown

Event Timeline

• werner committed rGddb012be7fe2: gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures. (authored by • werner).Wed, Oct 22, 2:04 PM

Changes (1)

Path

Size

g10/

sig-check.c

rGddb012be7fe2

View Options