Don't allow untrusted users to set info.ultimate

Note that a trusted signature was still required in this case so it
was not a huge deal.
This commit is contained in:
Eelco Dolstra 2017-05-11 13:58:09 +02:00
parent 6f245bf24a
commit 1a8e15053a
No known key found for this signature in database
GPG Key ID: 8170B4726D7198DE

View File

@ -621,6 +621,8 @@ static void performOp(ref<LocalStore> store, bool trusted, unsigned int clientVe
from >> info.ca >> repair >> dontCheckSigs; from >> info.ca >> repair >> dontCheckSigs;
if (!trusted && dontCheckSigs) if (!trusted && dontCheckSigs)
dontCheckSigs = false; dontCheckSigs = false;
if (!trusted)
info.ultimate = false;
TeeSink tee(from); TeeSink tee(from);
parseDump(tee, tee.source); parseDump(tee, tee.source);