[PATCH] Handle non-critical SIG_SUBPACKET per RFC4880
Section 5.2.3.1 states that there can be 0 or more signature subpackets.
The RFC states that any implementation SHOULD ignore any subpacket it
doesn't recognize; however those marked as critical on Bit 7 should be
treated as an error rather than ignored. It further states that an
evaluator may 'recognize' but not implement a subpacket type. As DAK
doesn't actually implement and only needs to recognize this patch only
adds critical SIG_SUBPACKET keywords that will generate an error as
SIG_SUBPACKET is not listed in known_keywords when ran through the
check_signature() function.
---
daklib/utils.py | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/daklib/utils.py b/daklib/utils.py
index 0896d57..fb6b8b0 100755
--- a/daklib/utils.py
+++ b/daklib/utils.py
@@ -1205,6 +1205,8 @@ def process_gpgv_output(status):
if keywords.has_key(keyword) and keyword not in [ "NODATA", "SIGEXPIRED", "KEYEXPIRED" ]:
internal_error += "found duplicate status token ('%s').\n" % (keyword)
continue
+ if keyword in [ "SIG_SUBPACKET" ] and args[1] != 2:
+ continue
else:
keywords[keyword] = args
--
1.6.3.3
Reply to: