[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[PATCH] Handle non-critical SIG_SUBPACKET per RFC4880

Section states that there can be 0 or more signature subpackets.
The RFC states that any implementation SHOULD ignore any subpacket it
doesn't recognize; however those marked as critical on Bit 7 should be
treated as an error rather than ignored. It further states that an
evaluator may 'recognize' but not implement a subpacket type. As DAK
doesn't actually implement and only needs to recognize this patch only
adds critical SIG_SUBPACKET keywords that will generate an error as
SIG_SUBPACKET is not listed in known_keywords when ran through the
check_signature() function.
 daklib/utils.py |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/daklib/utils.py b/daklib/utils.py
index 0896d57..fb6b8b0 100755
--- a/daklib/utils.py
+++ b/daklib/utils.py
@@ -1205,6 +1205,8 @@ def process_gpgv_output(status):
         if keywords.has_key(keyword) and keyword not in [ "NODATA", "SIGEXPIRED", "KEYEXPIRED" ]:
             internal_error += "found duplicate status token ('%s').\n" % (keyword)
+        if keyword in [ "SIG_SUBPACKET" ] and args[1] != 2:
+            continue
             keywords[keyword] = args

Reply to: