[git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.14-6-gd90a1d2
by Werner Koch
cvs at cvs.gnupg.org
Wed Oct 2 10:02:18 CEST 2013
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-1-4 has been updated
via d90a1d23404f482cc4a5a2b2ee0f296d67ff2227 (commit)
from 9dc6dd0572102a2fa27df28ba4d66728827eb03d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d90a1d23404f482cc4a5a2b2ee0f296d67ff2227
Author: Werner Koch <wk at gnupg.org>
Date: Wed Oct 2 09:11:43 2013 +0200
gpg: Fix bug with deeply nested compressed packets.
* g10/mainproc.c (MAX_NESTING_DEPTH): New.
(proc_compressed): Return an error code.
(check_nesting): New.
(do_proc_packets): Check packet nesting depth. Handle errors from
check_compressed.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/NEWS b/NEWS
index c632f0a..6223900 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,9 @@
Noteworthy changes in version 1.4.15 (unreleased)
-------------------------------------------------
+ * Fixed bug with deeply nested compressed packets.
+
+
Noteworthy changes in version 1.4.14 (2013-07-25)
-------------------------------------------------
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 9cbf9ad..d03a9a7 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -1,6 +1,7 @@
/* mainproc.c - handle packets
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
* 2008 Free Software Foundation, Inc.
+ * Copyright (C) 2013 Werner Koch
*
* This file is part of GnuPG.
*
@@ -41,6 +42,11 @@
#include "photoid.h"
+/* Put an upper limit on nested packets. The 32 is an arbitrary
+ value, a much lower should actually be sufficient. */
+#define MAX_NESTING_DEPTH 32
+
+
struct kidlist_item {
struct kidlist_item *next;
u32 kid[2];
@@ -775,7 +781,7 @@ proc_encrypt_cb( IOBUF a, void *info )
return proc_encryption_packets( info, a );
}
-static void
+static int
proc_compressed( CTX c, PACKET *pkt )
{
PKT_compressed *zd = pkt->pkt.compressed;
@@ -794,6 +800,7 @@ proc_compressed( CTX c, PACKET *pkt )
log_error("uncompressing failed: %s\n", g10_errstr(rc));
free_packet(pkt);
c->last_was_session_key = 0;
+ return rc;
}
/****************
@@ -1224,14 +1231,37 @@ proc_encryption_packets( void *anchor, IOBUF a )
}
-int
+static int
+check_nesting (CTX c)
+{
+ int level;
+
+ for (level = 0; c; c = c->anchor)
+ level++;
+
+ if (level > MAX_NESTING_DEPTH)
+ {
+ log_error ("input data with too deeply nested packets\n");
+ write_status_text (STATUS_UNEXPECTED, "1");
+ return G10ERR_UNEXPECTED;
+ }
+ return 0;
+}
+
+
+static int
do_proc_packets( CTX c, IOBUF a )
{
- PACKET *pkt = xmalloc( sizeof *pkt );
- int rc=0;
- int any_data=0;
+ PACKET *pkt;
+ int rc = 0;
+ int any_data = 0;
int newpkt;
+ rc = check_nesting (c);
+ if (rc)
+ return rc;
+
+ pkt = xmalloc( sizeof *pkt );
c->iobuf = a;
init_packet(pkt);
while( (rc=parse_packet(a, pkt)) != -1 ) {
@@ -1251,7 +1281,7 @@ do_proc_packets( CTX c, IOBUF a )
case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break;
case PKT_ENCRYPTED:
case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break;
- case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
+ case PKT_COMPRESSED: rc = proc_compressed( c, pkt ); break;
default: newpkt = 0; break;
}
}
@@ -1269,7 +1299,7 @@ do_proc_packets( CTX c, IOBUF a )
goto leave;
case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break;
case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break;
- case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
+ case PKT_COMPRESSED: rc = proc_compressed( c, pkt ); break;
case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break;
case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
default: newpkt = 0; break;
@@ -1289,7 +1319,7 @@ do_proc_packets( CTX c, IOBUF a )
case PKT_ENCRYPTED:
case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break;
case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break;
- case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
+ case PKT_COMPRESSED: rc = proc_compressed( c, pkt ); break;
case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break;
case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
default: newpkt = 0; break;
@@ -1314,13 +1344,17 @@ do_proc_packets( CTX c, IOBUF a )
case PKT_ENCRYPTED:
case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break;
case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break;
- case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
+ case PKT_COMPRESSED: rc = proc_compressed( c, pkt ); break;
case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break;
case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
case PKT_RING_TRUST: newpkt = add_ring_trust( c, pkt ); break;
default: newpkt = 0; break;
}
}
+
+ if (rc)
+ goto leave;
+
/* This is a very ugly construct and frankly, I don't remember why
* I used it. Adding the MDC check here is a hack.
* The right solution is to initiate another context for encrypted
-----------------------------------------------------------------------
Summary of changes:
NEWS | 3 +++
g10/mainproc.c | 52 +++++++++++++++++++++++++++++++++++++++++++---------
2 files changed, 46 insertions(+), 9 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list