From 43a32f23e1edcec12bd83d9cb6595c18265e8656 Mon Sep 17 00:00:00 2001
From: csoler <retroshare.project@gmail.com>
Date: Tue, 21 Jan 2014 18:09:05 +0000
Subject: [PATCH] fixed potential attack by supplying non hexadecimal strings
 as certificate common name

git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@7048 b45a01b8-16f6-495d-af2f-9b41ad6348cc
---
 libretroshare/src/pqi/authgpg.cc | 50 ++++++++++++++++++--------------
 1 file changed, 29 insertions(+), 21 deletions(-)

diff --git a/libretroshare/src/pqi/authgpg.cc b/libretroshare/src/pqi/authgpg.cc
index 2e197b3af..6f08b633e 100644
--- a/libretroshare/src/pqi/authgpg.cc
+++ b/libretroshare/src/pqi/authgpg.cc
@@ -470,29 +470,37 @@ bool AuthGPG::getGPGDetails(const std::string& id, RsPeerDetails &d)
 		return false ;
 	}
 
-	const PGPCertificateInfo *pc = PGPHandler::getCertificateInfo(PGPIdType(id)) ;
+	try
+	{
+		const PGPCertificateInfo *pc = PGPHandler::getCertificateInfo(PGPIdType(id)) ;
 
-	if(pc == NULL)
+		if(pc == NULL)
+			return false ;
+
+		const PGPCertificateInfo& cert(*pc) ;
+
+		d.id = id ;
+		d.gpg_id = id ;
+		d.name = cert._name;
+		d.lastUsed = cert._time_stamp;
+		d.email = cert._email;
+		d.trustLvl = cert._trustLvl;
+		d.validLvl = cert._trustLvl;
+		d.ownsign = cert._flags & PGPCertificateInfo::PGP_CERTIFICATE_FLAG_HAS_OWN_SIGNATURE;
+		d.gpgSigners.clear() ;
+
+		for(std::set<std::string>::const_iterator it(cert.signers.begin());it!=cert.signers.end();++it)
+			d.gpgSigners.push_back( *it ) ;
+
+		d.fpr = cert._fpr.toStdString();
+		d.accept_connection = cert._flags & PGPCertificateInfo::PGP_CERTIFICATE_FLAG_ACCEPT_CONNEXION;
+		d.hasSignedMe = cert._flags & PGPCertificateInfo::PGP_CERTIFICATE_FLAG_HAS_SIGNED_ME;
+	}
+	catch(std::exception& e)
+	{
+		std::cerr << "(EE) exception raised while constructing a PGP certificate: " << e.what() << std::endl;
 		return false ;
-
-	const PGPCertificateInfo& cert(*pc) ;
-
-	d.id = id ;
-	d.gpg_id = id ;
-	d.name = cert._name;
-	d.lastUsed = cert._time_stamp;
-	d.email = cert._email;
-	d.trustLvl = cert._trustLvl;
-	d.validLvl = cert._trustLvl;
-	d.ownsign = cert._flags & PGPCertificateInfo::PGP_CERTIFICATE_FLAG_HAS_OWN_SIGNATURE;
-	d.gpgSigners.clear() ;
-	for(std::set<std::string>::const_iterator it(cert.signers.begin());it!=cert.signers.end();++it)
-		d.gpgSigners.push_back( *it ) ;
-
-	d.fpr = cert._fpr.toStdString();
-
-	d.accept_connection = cert._flags & PGPCertificateInfo::PGP_CERTIFICATE_FLAG_ACCEPT_CONNEXION;
-	d.hasSignedMe = cert._flags & PGPCertificateInfo::PGP_CERTIFICATE_FLAG_HAS_SIGNED_ME;
+	}
 
 	return true;
 }