[git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-252-g7c5d290
by Werner Koch
cvs at cvs.gnupg.org
Fri Oct 4 15:05:20 CEST 2013
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 7c5d2909ddaf0d84192405d9f446b95d1806936a (commit)
via e6175055fbca958b7fa43aaf84359574ca7f3ebb (commit)
from 0899f6d4be0406c9efbf9c3f342825804f359b5a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 7c5d2909ddaf0d84192405d9f446b95d1806936a
Author: Werner Koch <wk at gnupg.org>
Date: Fri Oct 4 14:31:35 2013 +0200
doc: Some gpg and gpgv clarifications.
--
GnuPG-bug-id: 1486, 1537
diff --git a/doc/gpg.texi b/doc/gpg.texi
index a88ddca..c588d7a 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -252,6 +252,14 @@ signed stuff from STDIN, use @samp{-} as the second filename. For
security reasons a detached signature cannot read the signed material
from STDIN without denoting it in the above way.
+Note: When verifying a cleartext signature, @command{gpg} verifies
+only what makes up the cleartext signed data and not any extra data
+outside of the cleartext signature or header lines following directly
+the dash marker line. The option @code{--output} may be used to write
+out the actual signed data; but there are other pitfalls with this
+format as well. It is suggested to avoid cleartext signatures in
+favor of detached signatures.
+
@item --multifile
@opindex multifile
This modifies certain other commands to accept multiple files for
diff --git a/doc/gpgv.texi b/doc/gpgv.texi
index b6047f4..0cb2360 100644
--- a/doc/gpgv.texi
+++ b/doc/gpgv.texi
@@ -62,10 +62,15 @@ the public keys used to make the signature are valid. There are
no configuration files and only a few options are implemented.
@code{@gpgvname} assumes that all keys in the keyring are trustworthy.
-By default it uses a keyring named @file{trustedkeys.gpg} which is
-assumed to be in the home directory as defined by GnuPG or set by an
-option or an environment variable. An option may be used to specify
-another keyring or even multiple keyrings.
+That does also mean that it does not check for expired or revoked
+keys.
+
+By default a keyring named @file{trustedkeys.gpg} is used. This
+default keyring is assumed to be in the home directory of GnuPG,
+either the default home directory or the one set by an option or an
+environment variable. The option @code{--keyring} may be used to
+specify a different keyring or even multiple keyrings.
+
@noindent
@mansect options
commit e6175055fbca958b7fa43aaf84359574ca7f3ebb
Author: Werner Koch <wk at gnupg.org>
Date: Fri Oct 4 08:20:49 2013 +0200
gpg: Limit the nesting level of I/O filters.
* common/iobuf.c (MAX_NESTING_FILTER): New.
(iobuf_push_filter2): Limit the nesting level.
* g10/mainproc.c (mainproc_context): New field ANY. Change HAVE_DATA
and ANY_SIG_SIGN to bit fields of ANY. Add bit field
UNCOMPRESS_FAILED.
(proc_compressed): Avoid printing multiple Bad Data messages.
(check_nesting): Return GPG_ERR_BAD_DATA instead of UNEXPECTED_DATA.
--
This is a more general fix for the nested compression packet bug. In
particular this helps g10/import.c:read_block to stop pushing
compression filters onto an iobuf stream. This patch also reduces the
number of error messages for the non-import case.
Signed-off-by: Werner Koch <wk at gnupg.org>
(cherry picked from commit 35e40e2d514223c950c2f6d1214e02e92d87e997)
Resolved conflicts:
common/iobuf.c
g10/mainproc.c
diff --git a/common/iobuf.c b/common/iobuf.c
index a305830..7193020 100644
--- a/common/iobuf.c
+++ b/common/iobuf.c
@@ -60,6 +60,10 @@
test "armored_key_8192" in armor.test! */
#define IOBUF_BUFFER_SIZE 8192
+/* To avoid a potential DoS with compression packets we better limit
+ the number of filters in a chain. */
+#define MAX_NESTING_FILTER 64
+
/*-- End configurable part. --*/
@@ -1599,6 +1603,13 @@ iobuf_push_filter2 (iobuf_t a,
if (a->use == 2 && (rc = iobuf_flush (a)))
return rc;
+
+ if (a->subno >= MAX_NESTING_FILTER)
+ {
+ log_error ("i/o filter too deeply nested - corrupted data?\n");
+ return GPG_ERR_BAD_DATA;
+ }
+
/* make a copy of the current stream, so that
* A is the new stream and B the original one.
* The contents of the buffers are transferred to the
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 4dec748..bd5cac5 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -92,12 +92,16 @@ struct mainproc_context
DEK *dek;
int last_was_session_key;
KBNODE list; /* The current list of packets. */
- int have_data;
IOBUF iobuf; /* Used to get the filename etc. */
int trustletter; /* Temporary usage in list_node. */
ulong symkeys;
struct kidlist_item *pkenc_list; /* List of encryption packets. */
- int any_sig_seen; /* Set to true if a signature packet has been seen. */
+ struct {
+ unsigned int sig_seen:1; /* Set to true if a signature packet
+ has been seen. */
+ unsigned int data:1; /* Any data packet seen */
+ unsigned int uncompress_failed:1;
+ } any;
};
@@ -126,7 +130,8 @@ release_list( CTX c )
}
c->pkenc_list = NULL;
c->list = NULL;
- c->have_data = 0;
+ c->any.data = 0;
+ c->any.uncompress_failed = 0;
c->last_was_session_key = 0;
xfree(c->dek); c->dek = NULL;
}
@@ -204,7 +209,7 @@ add_signature( CTX c, PACKET *pkt )
{
KBNODE node;
- c->any_sig_seen = 1;
+ c->any.sig_seen = 1;
if( pkt->pkttype == PKT_SIGNATURE && !c->list ) {
/* This is the first signature for the following datafile.
* GPG does not write such packets; instead it always uses
@@ -777,21 +782,34 @@ proc_encrypt_cb (IOBUF a, void *info )
static int
proc_compressed( CTX c, PACKET *pkt )
{
- PKT_compressed *zd = pkt->pkt.compressed;
- int rc;
+ PKT_compressed *zd = pkt->pkt.compressed;
+ int rc;
- /*printf("zip: compressed data packet\n");*/
- if (c->sigs_only)
- rc = handle_compressed (c->ctrl, c, zd, proc_compressed_cb, c );
- else if( c->encrypt_only )
- rc = handle_compressed (c->ctrl, c, zd, proc_encrypt_cb, c );
- else
- rc = handle_compressed (c->ctrl, c, zd, NULL, NULL );
- if( rc )
- log_error("uncompressing failed: %s\n", g10_errstr(rc));
- free_packet(pkt);
- c->last_was_session_key = 0;
- return rc;
+ /*printf("zip: compressed data packet\n");*/
+ if (c->sigs_only)
+ rc = handle_compressed (c->ctrl, c, zd, proc_compressed_cb, c);
+ else if( c->encrypt_only )
+ rc = handle_compressed (c->ctrl, c, zd, proc_encrypt_cb, c);
+ else
+ rc = handle_compressed (c->ctrl, c, zd, NULL, NULL);
+
+ if (gpg_err_code (rc) == GPG_ERR_BAD_DATA)
+ {
+ if (!c->any.uncompress_failed)
+ {
+ CTX cc;
+
+ for (cc=c; cc; cc = cc->anchor)
+ cc->any.uncompress_failed = 1;
+ log_error ("uncompressing failed: %s\n", gpg_strerror (rc));
+ }
+ }
+ else if (rc)
+ log_error ("uncompressing failed: %s\n", gpg_strerror (rc));
+
+ free_packet(pkt);
+ c->last_was_session_key = 0;
+ return rc;
}
/****************
@@ -1213,7 +1231,7 @@ proc_signature_packets (ctrl_t ctrl, void *anchor, IOBUF a,
Using log_error is required because verify_files does not check
error codes for each file but we want to terminate the process
with an error. */
- if (!rc && !c->any_sig_seen)
+ if (!rc && !c->any.sig_seen)
{
write_status_text (STATUS_NODATA, "4");
log_error (_("no signature found\n"));
@@ -1223,8 +1241,8 @@ proc_signature_packets (ctrl_t ctrl, void *anchor, IOBUF a,
/* Propagate the signature seen flag upward. Do this only on
success so that we won't issue the nodata status several
times. */
- if (!rc && c->anchor && c->any_sig_seen)
- c->anchor->any_sig_seen = 1;
+ if (!rc && c->anchor && c->any.sig_seen)
+ c->anchor->any.sig_seen = 1;
xfree( c );
return rc;
@@ -1257,7 +1275,7 @@ proc_signature_packets_by_fd (ctrl_t ctrl,
Using log_error is required because verify_files does not check
error codes for each file but we want to terminate the process
with an error. */
- if (!rc && !c->any_sig_seen)
+ if (!rc && !c->any.sig_seen)
{
write_status_text (STATUS_NODATA, "4");
log_error (_("no signature found\n"));
@@ -1266,8 +1284,8 @@ proc_signature_packets_by_fd (ctrl_t ctrl,
/* Propagate the signature seen flag upward. Do this only on success
so that we won't issue the nodata status several times. */
- if (!rc && c->anchor && c->any_sig_seen)
- c->anchor->any_sig_seen = 1;
+ if (!rc && c->anchor && c->any.sig_seen)
+ c->anchor->any.sig_seen = 1;
xfree ( c );
return rc;
@@ -1294,14 +1312,14 @@ check_nesting (CTX c)
{
int level;
- for (level = 0; c; c = c->anchor)
+ for (level=0; c; c = c->anchor)
level++;
if (level > MAX_NESTING_DEPTH)
{
log_error ("input data with too deeply nested packets\n");
write_status_text (STATUS_UNEXPECTED, "1");
- return G10ERR_UNEXPECTED;
+ return GPG_ERR_BAD_DATA;
}
return 0;
}
@@ -1423,7 +1441,7 @@ do_proc_packets( CTX c, IOBUF a )
* Hmmm: Rewrite this whole module here??
*/
if( pkt->pkttype != PKT_SIGNATURE && pkt->pkttype != PKT_MDC )
- c->have_data = pkt->pkttype == PKT_PLAINTEXT;
+ c->any.data = (pkt->pkttype == PKT_PLAINTEXT);
if( newpkt == -1 )
;
@@ -2061,7 +2079,7 @@ proc_tree( CTX c, KBNODE node )
}
else if( node->pkt->pkttype == PKT_ONEPASS_SIG ) {
/* check all signatures */
- if( !c->have_data ) {
+ if( !c->any.data ) {
int use_textmode = 0;
free_md_filter_context( &c->mfx );
@@ -2114,7 +2132,7 @@ proc_tree( CTX c, KBNODE node )
&& node->pkt->pkt.gpg_control->control
== CTRLPKT_CLEARSIGN_START ) {
/* clear text signed message */
- if( !c->have_data ) {
+ if( !c->any.data ) {
log_error("cleartext signature without data\n" );
return;
}
@@ -2156,7 +2174,7 @@ proc_tree( CTX c, KBNODE node )
if( sig->sig_class != 0x00 && sig->sig_class != 0x01 )
log_info(_("standalone signature of class 0x%02x\n"),
sig->sig_class);
- else if( !c->have_data ) {
+ else if( !c->any.data ) {
/* detached signature */
free_md_filter_context( &c->mfx );
if (gcry_md_open (&c->mfx.md, sig->digest_algo, 0))
-----------------------------------------------------------------------
Summary of changes:
common/iobuf.c | 11 ++++++++
doc/gpg.texi | 8 ++++++
doc/gpgv.texi | 13 ++++++---
g10/mainproc.c | 78 ++++++++++++++++++++++++++++++++++---------------------
4 files changed, 76 insertions(+), 34 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list