[git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-250-g0899f6d

by Werner Koch cvs at cvs.gnupg.org
Wed Oct 2 10:08:18 CEST 2013


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  0899f6d4be0406c9efbf9c3f342825804f359b5a (commit)
       via  daba481fe7d4aad730c3669c6d93c1bf03184fe2 (commit)
      from  6466db10fb22a4f24df4edad9c5cb33ec67321bd (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 0899f6d4be0406c9efbf9c3f342825804f359b5a
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Oct 2 09:11:43 2013 +0200

    gpg: Fix bug with deeply nested compressed packets.
    
    * g10/mainproc.c (MAX_NESTING_DEPTH): New.
    (proc_compressed): Return an error code.
    (check_nesting): New.
    (do_proc_packets): Check packet nesting depth.  Handle errors from
    check_compressed.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/NEWS b/NEWS
index eb1bdbc..ab1c597 100644
--- a/NEWS
+++ b/NEWS
@@ -24,6 +24,8 @@ Noteworthy changes in version 2.1.0-betaN (unreleased)
 
  * Fixed GPG to decrypt using an OpenPGP card.
 
+ * Fixed bug with deeply nested compressed packets.
+
 
 Noteworthy changes in version 2.1.0beta3 (2011-12-20)
 -----------------------------------------------------
diff --git a/doc/DETAILS b/doc/DETAILS
index d5c5cea..100755a 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -786,6 +786,7 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
 *** UNEXPECTED <what>
     Unexpected data has been encountered.  Codes for WHAT are:
     - 0 :: Not further specified
+    - 1 :: Corrupted message structure
 
 *** TRUNCATED <maxno>
     The output was truncated to MAXNO items.  This status code is
diff --git a/g10/mainproc.c b/g10/mainproc.c
index d0d76ab..4dec748 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -1,6 +1,7 @@
 /* mainproc.c - handle packets
  * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
  *               2008, 2009 Free Software Foundation, Inc.
+ * Copyright (C) 2013 Werner Koch
  *
  * This file is part of GnuPG.
  *
@@ -42,6 +43,11 @@
 #include "pka.h"
 
 
+/* Put an upper limit on nested packets.  The 32 is an arbitrary
+   value, a much lower should actually be sufficient.  */
+#define MAX_NESTING_DEPTH 32
+
+
 struct kidlist_item {
     struct kidlist_item *next;
     u32 kid[2];
@@ -768,7 +774,7 @@ proc_encrypt_cb (IOBUF a, void *info )
   return proc_encryption_packets (c->ctrl, info, a );
 }
 
-static void
+static int
 proc_compressed( CTX c, PACKET *pkt )
 {
     PKT_compressed *zd = pkt->pkt.compressed;
@@ -785,6 +791,7 @@ proc_compressed( CTX c, PACKET *pkt )
 	log_error("uncompressing failed: %s\n", g10_errstr(rc));
     free_packet(pkt);
     c->last_was_session_key = 0;
+    return rc;
 }
 
 /****************
@@ -1282,14 +1289,37 @@ proc_encryption_packets (ctrl_t ctrl, void *anchor, IOBUF a )
 }
 
 
-int
+static int
+check_nesting (CTX c)
+{
+  int level;
+
+  for (level = 0; c; c = c->anchor)
+    level++;
+
+  if (level > MAX_NESTING_DEPTH)
+    {
+      log_error ("input data with too deeply nested packets\n");
+      write_status_text (STATUS_UNEXPECTED, "1");
+      return G10ERR_UNEXPECTED;
+    }
+  return 0;
+}
+
+
+static int
 do_proc_packets( CTX c, IOBUF a )
 {
-    PACKET *pkt = xmalloc( sizeof *pkt );
-    int rc=0;
-    int any_data=0;
+    PACKET *pkt;
+    int rc = 0;
+    int any_data = 0;
     int newpkt;
 
+    rc = check_nesting (c);
+    if (rc)
+      return rc;
+
+    pkt = xmalloc( sizeof *pkt );
     c->iobuf = a;
     init_packet(pkt);
     while( (rc=parse_packet(a, pkt)) != -1 ) {
@@ -1310,7 +1340,7 @@ do_proc_packets( CTX c, IOBUF a )
 	      case PKT_SYMKEY_ENC:  proc_symkey_enc( c, pkt ); break;
 	      case PKT_ENCRYPTED:
 	      case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break;
-	      case PKT_COMPRESSED:  proc_compressed( c, pkt ); break;
+	      case PKT_COMPRESSED:  rc = proc_compressed( c, pkt ); break;
 	      default: newpkt = 0; break;
 	    }
 	}
@@ -1328,7 +1358,7 @@ do_proc_packets( CTX c, IOBUF a )
 		goto leave;
 	      case PKT_SIGNATURE:   newpkt = add_signature( c, pkt ); break;
 	      case PKT_PLAINTEXT:   proc_plaintext( c, pkt ); break;
-	      case PKT_COMPRESSED:  proc_compressed( c, pkt ); break;
+	      case PKT_COMPRESSED:  rc = proc_compressed( c, pkt ); break;
 	      case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break;
               case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
 	      default: newpkt = 0; break;
@@ -1348,7 +1378,7 @@ do_proc_packets( CTX c, IOBUF a )
 	      case PKT_ENCRYPTED:
 	      case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break;
 	      case PKT_PLAINTEXT:   proc_plaintext( c, pkt ); break;
-	      case PKT_COMPRESSED:  proc_compressed( c, pkt ); break;
+	      case PKT_COMPRESSED:  rc = proc_compressed( c, pkt ); break;
 	      case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break;
 	      case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
 	      default: newpkt = 0; break;
@@ -1373,13 +1403,17 @@ do_proc_packets( CTX c, IOBUF a )
 	      case PKT_ENCRYPTED:
 	      case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break;
 	      case PKT_PLAINTEXT:   proc_plaintext( c, pkt ); break;
-	      case PKT_COMPRESSED:  proc_compressed( c, pkt ); break;
+	      case PKT_COMPRESSED:  rc = proc_compressed( c, pkt ); break;
 	      case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break;
               case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
 	      case PKT_RING_TRUST:  newpkt = add_ring_trust( c, pkt ); break;
 	      default: newpkt = 0; break;
 	    }
 	}
+
+        if (rc)
+          goto leave;
+
         /* This is a very ugly construct and frankly, I don't remember why
          * I used it.  Adding the MDC check here is a hack.
          * The right solution is to initiate another context for encrypted

commit daba481fe7d4aad730c3669c6d93c1bf03184fe2
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Oct 1 14:40:46 2013 +0200

    Register DCO for Kyle Butt.
    
    --

diff --git a/AUTHORS b/AUTHORS
index f237d53..c9a0bc0 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -137,11 +137,14 @@ Authors with a DCO
 Christian Aistleitner <christian at quelltextlich.at>
 2013-05-26:20130626112332.GA2228 at quelltextlich.at:
 
+Hans of Guardian <hans at guardianproject.info>
+2013-06-26:D84473D7-F3F7-43D5-A9CE-16580B88D574 at guardianproject.info:
+
 Jonas Borgström <jonas at borgstrom.se>
 2013-08-29:521F1E7A.5080602 at borgstrom.se:
 
-Hans of Guardian <hans at guardianproject.info>
-2013-06-26:D84473D7-F3F7-43D5-A9CE-16580B88D574 at guardianproject.info:
+Kyle Butt <kylebutt at gmail.com>
+2013-05-29:CAAODAYLbCtqOG6msLLL0UTdASKWT6u2ptxsgUQ1JpusBESBoNQ at mail.gmail.com:
 
 Werner Koch <wk at gnupg.org>
 2013-03-29:87620ahchj.fsf at vigenere.g10code.de:

-----------------------------------------------------------------------

Summary of changes:
 AUTHORS        |    7 +++++--
 NEWS           |    2 ++
 doc/DETAILS    |    1 +
 g10/mainproc.c |   52 +++++++++++++++++++++++++++++++++++++++++++---------
 4 files changed, 51 insertions(+), 11 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org




More information about the Gnupg-commits mailing list