From eb7b41a68faf0ffea61ea688e3da17ddb8b56599 Mon Sep 17 00:00:00 2001 From: Lubos Kardos Date: Mon, 13 Jul 2015 17:05:23 +0200 Subject: [PATCH] Properly import all public key certificates into rpmdb. When somebody tried to import public key certificates from one file that contained several certificates then only one package gpg-pubkey-* was created in rpmdb. And it contained all certificates but it behaves as if it had contained just one certificate. The fix properly splits certificates into several gpg-pubkey-* packages (rhbz:#1238717). --- lib/rpmchecksig.c | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/lib/rpmchecksig.c b/lib/rpmchecksig.c index 7ab7f65ca1..5f369de1fe 100644 --- a/lib/rpmchecksig.c +++ b/lib/rpmchecksig.c @@ -35,14 +35,32 @@ static int doImport(rpmts ts, const char *fn, char *buf, ssize_t blen) do { uint8_t *pkt = NULL; + uint8_t *pkti = NULL; size_t pktlen = 0; + size_t certlen; /* Read pgp packet. */ if (pgpParsePkts(start, &pkt, &pktlen) == PGPARMOR_PUBKEY) { - /* Import pubkey packet(s). */ - if (rpmtsImportPubkey(ts, pkt, pktlen) != RPMRC_OK) { - rpmlog(RPMLOG_ERR, _("%s: key %d import failed.\n"), fn, keyno); - res++; + pkti = pkt; + + /* Iterate over certificates in pkt */ + while (pktlen > 0) { + if(pgpPubKeyCertLen(pkti, pktlen, &certlen)) { + rpmlog(RPMLOG_ERR, _("%s: key %d import failed.\n"), fn, + keyno); + res++; + continue; + } + + /* Import pubkey certificate. */ + if (rpmtsImportPubkey(ts, pkti, certlen) != RPMRC_OK) { + rpmlog(RPMLOG_ERR, _("%s: key %d import failed.\n"), fn, + keyno); + res++; + continue; + } + pkti += certlen; + pktlen -= certlen; } } else { rpmlog(RPMLOG_ERR, _("%s: key %d not an armored public key.\n"),