changeset 1104:382972712208

Allow short key format in check_signature()
author Mikael Berthe <mikael@lilotux.net>
date Wed, 13 Dec 2006 21:51:51 +0100
parents d0ffa34bec3a
children 265e1d873d3e
files mcabber/src/jabglue.c
diffstat 1 files changed, 29 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/mcabber/src/jabglue.c	Wed Dec 13 14:45:08 2006 +0100
+++ b/mcabber/src/jabglue.c	Wed Dec 13 21:51:51 2006 +0100
@@ -1480,6 +1480,34 @@
                  "Warning: you're not connected to the server.");
 }
 
+//  keys_mismatch(key, expectedkey)
+// Return TRUE if both keys are non-null and "expectedkey" doesn't match
+// the end of "key".
+// If one of the keys is null, return FALSE.
+// If expectedkey is less than 8 bytes long, return TRUE.
+//
+// Example: keys_mismatch("C9940A9BB0B92210", "B0B92210") will return FALSE.
+static bool keys_mismatch(const char *key, const char *expectedkey)
+{
+  int lk, lek;
+
+  if (!expectedkey || !key)
+    return FALSE;
+
+  lk = strlen(key);
+  lek = strlen(expectedkey);
+
+  // If the expectedkey is less than 8 bytes long, this is probably a
+  // user mistake so we consider it's a mismatch.
+  if (lek < 8)
+    return TRUE;
+
+  if (lek < lk)
+    key += lk - lek;
+
+  return strcasecmp(key, expectedkey);
+}
+
 //  check_signature(barejid, resourcename, xmldata, text)
 // Verify the signature (in xmldata) of "text" for the contact
 // barejid/resourcename.
@@ -1533,7 +1561,7 @@
     }
     // Verify that the key id is the one we expect.
     expectedkey = settings_pgp_getkeyid(barejid);
-    if (expectedkey && strcasecmp(key, expectedkey)) {
+    if (keys_mismatch(key, expectedkey)) {
       buf = g_strdup_printf("Warning: The KeyId from <%s/%s> doesn't match "
                             "the key you set up", barejid, rname);
       scr_WriteIncomingMessage(barejid, buf, 0, HBB_PREFIX_INFO);