Fixed Security Issue #447

Added a reporttable, for better usability.
pull/1/head
root 17 years ago
parent e7fb63d744
commit 0871ec4cf5

@ -26,6 +26,11 @@
loadem("account");
if($oldid == "0")
{
if($_REQUEST['process'] == _("Submit") && $_REQUEST['CSR'] == "")
@ -38,14 +43,48 @@
$keyid="";
//if($_SESSION["profile"]["id"] != 5897)
//{
// showheader(_("Welcome to CAcert.org"));
// echo "The OpenPGP signing system is currently shutdown due to a security problem. We hope to get it fixed within the next few weeks. We are very sorry for the inconvenience. If you want to help us to fix the problem, please contact our software developers.";
//
// exit(0);
//}
function verifyName($name)
{
if($name == "") return 1;
if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']) return 1;
if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname']." ".$_SESSION['profile']['lname']) return 1;
if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix']) return 1;
if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname']." ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix']) return 1;
return 0;
}
function verifyEmail($email)
{
if($email == "") return 1;
if(mysql_num_rows(mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `email`='".mysql_real_escape_string($email)."' and `deleted`=0 and `hash`=''")) > 0) return 1;
return 0;
}
$ToBeDeleted=array();
if($oldid == "0" && $_REQUEST['CSR'] != "")
{
$debugkey = $gpgkey = clean_csr(stripslashes($_REQUEST['CSR']));
$debugpg = $gpg = mysql_real_escape_string(trim(`echo "$gpgkey"|gpg --with-colons --homedir /tmp 2>&1`));
$debugpg = $gpg = trim(`echo "$gpgkey"|gpg --with-colons --homedir /tmp 2>&1`);
$lines = "";
$gpgarr = explode("\n", $gpg);
foreach($gpgarr as $line)
{
#echo "Line[]: $line <br/>\n";
if(substr($line, 0, 3) == "pub" || substr($line, 0, 3) == "uid")
{
if($lines != "")
@ -55,9 +94,14 @@
}
$gpg = $lines;
$expires = 0;
$nerr=0; $nok=0;
$multiple = 0;
$resulttable=_("The following UIDs were found your key:")."<br/><table border='1'><tr><td>#</td><td>"._("Name")."</td><td>"._("Email")."</td><td>Result</td>";
$i=0;
foreach(explode("\n", $gpg) as $line)
{
$resulttable.="<tr><td>".++$i."</td>";
$name = $comment = "";
$bits = explode(":", $line);
if($bits[0] == "pub" && (!$keyid || !$when))
@ -77,8 +121,8 @@
$pos = strpos($bits[9], "<") - 1;
}
$name = trim(hex2bin(trim(substr($bits[9], 0, $pos))));
if($name != "")
$names[] = $name;
$nameok=verifyName($name);
$resulttable.="<td bgcolor='#".($nameok?"c0ffc0":"ffc0c0")."'>$name</td>";
if($nocomment == 0)
{
$pos += 2;
@ -92,56 +136,81 @@
}
$pos2 = strpos($bits[9], ">", $pos);
$mail = trim(hex2bin(trim(substr($bits[9], $pos, $pos2 - $pos))));
if($mail != "")
$emailaddies[] = $mail;
}
$multiple = 0;
if(count($emailaddies) > 1)
$multiple = 1;
$emailok=verifyEmail($mail);
$resulttable.="<td bgcolor='#".($emailok?"c0ffc0":"ffc0c0")."'>$mail</td>";
$uidok=0;
if($mail=="" and $name=="")
{
$rmessage=_("Error: Both Name and Email address are empty");
}
elseif($emailok and $nameok)
{
$uidok=1;
$rmessage=_("Name and Email OK.");
}
elseif(!$emailok and !$nameok)
{
$rmessage=_("Name and Email both cannot be matched with your account.");
}
elseif($emailok and $name=="")
{
$uidok=1;
$rmessage=_("Email OK. Name empty.");
}
elseif($nameok and $mail="")
{
$uidok=1;
$rmessage=_("Email OK. Name empty.");
}
elseif(!$emailok)
{
$rmessage=_("The email address has not been registered and verified in your account. Please add the email address to your account first.");
}
elseif(!$nameok)
{
$rmessage=_("The name in the UID does not match the name in your account. Please verify the name.");
}
if(is_array($names))
{
foreach($names as $name)
else
{
$rmessage=_("Error");
}
if($uidok)
{
$nok++;
$resulttable.="<td>$rmessage</td>";
}
else
{
if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname'])
continue;
if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname']." ".$_SESSION['profile']['lname'])
continue;
if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix'])
continue;
if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname']." ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix'])
continue;
$_SESSION['_config']['errmsg'] = _("No suitable name combination could be matched from your PGP/GPG keys to what we have in the database ('$name')");
unset($_REQUEST['process']);
$id = $oldid;
unset($oldid);
$do = `echo "$debugkey\n--\n$debugpg\n--" >> /www/tmp/gpg.debug`;
$nerr++;
//$ToBeDeleted[]=$i;
//echo "Adding UID $i\n";
$resulttable.="<td bgcolor='#ffc0c0'>$rmessage</td>";
}
$resulttable.="</tr>\n";
if($emailok) $multiple++;
}
$resulttable.="</table>";
if(is_array($emailaddies) && count($emailaddies) >= 1)
if($nok==0)
{
foreach($emailaddies as $email)
{
if(mysql_num_rows(mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and
`email`='".mysql_real_escape_string($email)."' and `deleted`=0 and `hash`=''")) > 0)
continue;
$_SESSION['_config']['errmsg'] = _("No suitable emails could be matched from your PGP/GPG keys to what we have in the database. ('$email')");
unset($_REQUEST['process']);
$id = $oldid;
unset($oldid);
$do = `echo "$debugkey\n--\n$debugpg\n--" >> /www/tmp/gpg.debug`;
}
} else {
$_SESSION['_config']['errmsg'] = _("No emails found on your key");
$_SESSION['_config']['errmsg'] = _("No valid UIDs found on your key");
unset($_REQUEST['process']);
$id = $oldid;
unset($oldid);
$do = `echo "$debugkey\n--\n$debugpg\n--" >> /www/tmp/gpg.debug`;
}
elseif($nerr)
{
$resulttable.=_("The unverified UIDs have been removed, the verified UIDs have been signed.");
}
}
if($oldid == "0" && $_REQUEST['CSR'] != "")
{
$query = "insert into `gpg` set `memid`='".$_SESSION['profile']['id']."',
@ -163,6 +232,84 @@
system("gpg --homedir $cwd --import $cwd/gpg.csr");
$debugpg = $gpg = trim(`gpg --homedir $cwd --with-colons --fixed-list-mode --list-keys $keyid 2>&1`);
$lines = "";
$gpgarr = explode("\n", $gpg);
foreach($gpgarr as $line)
{
//echo "Line[]: $line <br/>\n";
if(substr($line, 0, 4) == "uid:")
{
$name = $comment = "";
$bits = explode(":", $line);
$pos = strpos($bits[9], "(") - 1;
$nocomment = 0;
if($pos < 0)
{
$nocomment = 1;
$pos = strpos($bits[9], "<") - 1;
}
$name = trim(hex2bin(trim(substr($bits[9], 0, $pos))));
$nameok=verifyName($name);
if($nocomment == 0)
{
$pos += 2;
$pos2 = strpos($bits[9], ")");
$comm = trim(hex2bin(trim(substr($bits[9], $pos, $pos2 - $pos))));
if($comm != "")
$comment[] = $comm;
$pos = $pos2 + 3;
} else {
$pos = strpos($bits[9], "<") + 1;
}
$pos2 = strpos($bits[9], ">", $pos);
$mail = trim(hex2bin(trim(substr($bits[9], $pos, $pos2 - $pos))));
$emailok=verifyEmail($mail);
$uidid=$bits[7];
if($mail=="" and $name=="")
{
//echo "$uidid will be deleted\n";
$ToBeDeleted[]=$uidid;
}
elseif($emailok and $nameok)
{
}
elseif(!$emailok and !$nameok)
{
//echo "$uidid will be deleted\n";
$ToBeDeleted[]=$uidid;
}
elseif($emailok and $name=="")
{
}
elseif($nameok and $mail="")
{
}
elseif(!$emailok)
{
//echo "$uidid will be deleted\n";
$ToBeDeleted[]=$uidid;
}
elseif(!$nameok)
{
//echo "$uidid will be deleted\n";
$ToBeDeleted[]=$uidid;
}
}
}
if(count($ToBeDeleted)>0)
{
$descriptorspec = array(
0 => array("pipe", "r"), // stdin is a pipe that the child will read from
1 => array("pipe", "w"), // stdout is a pipe that the child will write to
@ -172,16 +319,15 @@
$stderr = fopen('php://stderr', 'w');
//echo "Keyid: $keyid\n";
//echo "Keyid: $keyid\n";
$process = proc_open("/usr/bin/gpg --homedir $cwd --command-fd 0 --status-fd 1 --logger-fd 2 --edit-key $keyid", $descriptorspec, $pipes);
$process = proc_open("/usr/bin/gpg --homedir $cwd --no-tty --command-fd 0 --status-fd 1 --logger-fd 2 --edit-key $keyid", $descriptorspec, $pipes);
//echo "Process: $process\n";
//fputs($stderr,"Process: $process\n");
$ToBeDeleted=array(2);
if (is_resource($process)) {
//fputs($stderr,"it is a resource\n");
//echo("it is a resource\n");
// $pipes now looks like this:
// 0 => writeable handle connected to child stdin
// 1 => readable handle connected to child stdout
@ -189,28 +335,31 @@
while (!feof($pipes[1]))
{
$buffer = fgets($pipes[1], 4096);
echo $buffer;
//echo $buffer;
if($buffer == "[GNUPG:] GET_BOOL keyedit.sign_all.okay\n")
{
fprintf($pipes[0],"yes\n");
fputs($pipes[0],"yes\n");
}
elseif($buffer == "[GNUPG:] GOT_IT\n")
{
}
elseif(ereg("^\[GNUPG:\] GET_BOOL keyedit\.remove\.uid\.okay\s*",$buffer))
{
fprintf($pipes[0],"yes\n");
fputs($pipes[0],"yes\n");
}
elseif($buffer == "[GNUPG:] GET_LINE keyedit.prompt")
elseif(ereg("^\[GNUPG:\] GET_LINE keyedit\.prompt\s*",$buffer))
{
if(count($ToBeDeleted)>0)
{
fprintf($pipes[0],pop($ToBeDeleted)."\n");
$delthisuid=array_pop($ToBeDeleted);
//echo "Deleting an UID $delthisuid\n";
fputs($pipes[0],"uid ".$delthisuid."\n");
}
else
{
fprintf($pipes[0],$state?"save\n":"deluid\n");
//echo "Saving\n";
fputs($pipes[0],$state?"save\n":"deluid\n");
$state++;
}
}
@ -224,6 +373,7 @@
}
elseif($buffer == "")
{
//echo "Empty!\n";
}
else
{
@ -250,6 +400,9 @@
}
}
$do=`gpg --homedir $cwd --batch --export-options export-minimal --export $keyid >../csr/gpg-$id.csr`;
@ -260,12 +413,16 @@
//fclose($fp);
if(1)
{
mysql_query("update `gpg` set `csr`='../csr/gpg-$id.csr' where `id`='$id'");
waitForResult('gpg', $id);
}
showheader(_("Welcome to CAcert.org"));
echo $resulttable;
$query = "select * from `gpg` where `id`='$id' and `crt`!=''";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)

Loading…
Cancel
Save