1 files changed, 61 insertions, 0 deletions

diff --git a/core/gnupg/valid-keyblock-packet.patch b/core/gnupg/valid-keyblock-packet.patch
new file mode 100644
index 000000000..64bf1c2da
--- /dev/null
+++ b/core/gnupg/valid-keyblock-packet.patch
@@ -0,0 +1,61 @@
+From: Werner Koch <wk@gnupg.org>
+Date: Thu, 20 Dec 2012 08:43:41 +0000 (+0100)
+Subject: gpg: Import only packets which are allowed in a keyblock.
+X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=498882296ffac7987c644aaf2a0aa108a2925471;hp=20c95ef258f8520283406239f7c6f4729341d463
+
+gpg: Import only packets which are allowed in a keyblock.
+
+* g10/import.c (valid_keyblock_packet): New.
+(read_block): Store only valid packets.
+--
+
+A corrupted key, which for example included a mangled public key
+encrypted packet, used to corrupt the keyring.  This change skips all
+packets which are not allowed in a keyblock.
+
+GnuPG-bug-id: 1455
+
+(cherry-picked from commit 3a4b96e665fa639772854058737ee3d54ba0694e)
+---
+
+diff --git a/g10/import.c b/g10/import.c
+index ba2439d..ad112d6 100644
+--- a/g10/import.c
++++ b/g10/import.c
+@@ -347,6 +347,27 @@ import_print_stats (void *hd)
+ }
+ 
+ 
++/* Return true if PKTTYPE is valid in a keyblock.  */
++static int
++valid_keyblock_packet (int pkttype)
++{
++  switch (pkttype)
++    {
++    case PKT_PUBLIC_KEY:
++    case PKT_PUBLIC_SUBKEY:
++    case PKT_SECRET_KEY:
++    case PKT_SECRET_SUBKEY:
++    case PKT_SIGNATURE:
++    case PKT_USER_ID:
++    case PKT_ATTRIBUTE:
++    case PKT_RING_TRUST:
++      return 1;
++    default:
++      return 0;
++    }
++}
++
++
+ /****************
+  * Read the next keyblock from stream A.
+  * PENDING_PKT should be initialzed to NULL
+@@ -424,7 +445,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root )
+ 	    }
+ 	    in_cert = 1;
+ 	  default:
+-	    if( in_cert ) {
++	    if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
+ 		if( !root )
+ 		    root = new_kbnode( pkt );
+ 		else