[git] GnuPG - branch, master, updated. gnupg-2.1.0-beta751-3-g5b34e34
by Werner Koch
cvs at cvs.gnupg.org
Mon Jul 21 14:37:42 CEST 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 5b34e347b612765f31061d077b7c343e08662ba9 (commit)
via bab9cdd971f35ff47e153c00034c95e7ffeaa09a (commit)
from 97f887a0f5a7eba246dd68d860d3b6518de57daf (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5b34e347b612765f31061d077b7c343e08662ba9
Author: Werner Koch <wk at gnupg.org>
Date: Mon Jul 21 14:37:13 2014 +0200
gpg: Improve --list-packets output for faulty packets.
* g10/parse-packet.c: Add list_mode output for certain failures.
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index b967df5..c69393a 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -1,6 +1,7 @@
/* parse-packet.c - read packets
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
* 2007, 2009, 2010 Free Software Foundation, Inc.
+ * Copyright (C) 2014 Werner Koch
*
* This file is part of GnuPG.
*
@@ -853,6 +854,8 @@ parse_marker (IOBUF inp, int pkttype, unsigned long pktlen)
fail:
log_error ("invalid marker packet\n");
+ if (list_mode)
+ es_fputs (":marker packet: [invalid]\n", listfp);
iobuf_skip_rest (inp, pktlen, 0);
return G10ERR_INVALID_PACKET;
}
@@ -869,6 +872,8 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
if (pktlen < 4)
{
log_error ("packet(%d) too short\n", pkttype);
+ if (list_mode)
+ es_fprintf (listfp, ":symkey enc packet: [too short]\n");
rc = gpg_error (GPG_ERR_INV_PACKET);
goto leave;
}
@@ -877,12 +882,16 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
if (version != 4)
{
log_error ("packet(%d) with unknown version %d\n", pkttype, version);
+ if (list_mode)
+ es_fprintf (listfp, ":symkey enc packet: [unknown version]\n");
rc = gpg_error (GPG_ERR_INV_PACKET);
goto leave;
}
if (pktlen > 200)
{ /* (we encode the seskeylen in a byte) */
log_error ("packet(%d) too large\n", pkttype);
+ if (list_mode)
+ es_fprintf (listfp, ":symkey enc packet: [too large]\n");
rc = gpg_error (GPG_ERR_INV_PACKET);
goto leave;
}
@@ -905,11 +914,15 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
break;
default:
log_error ("unknown S2K mode %d\n", s2kmode);
+ if (list_mode)
+ es_fprintf (listfp, ":symkey enc packet: [unknown S2K mode]\n");
goto leave;
}
if (minlen > pktlen)
{
log_error ("packet with S2K %d too short\n", s2kmode);
+ if (list_mode)
+ es_fprintf (listfp, ":symkey enc packet: [too short]\n");
rc = gpg_error (GPG_ERR_INV_PACKET);
goto leave;
}
@@ -983,6 +996,8 @@ parse_pubkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
if (pktlen < 12)
{
log_error ("packet(%d) too short\n", pkttype);
+ if (list_mode)
+ es_fputs (":pubkey enc packet: [too short]\n", listfp);
rc = gpg_error (GPG_ERR_INV_PACKET);
goto leave;
}
@@ -991,6 +1006,8 @@ parse_pubkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
if (k->version != 2 && k->version != 3)
{
log_error ("packet(%d) with unknown version %d\n", pkttype, k->version);
+ if (list_mode)
+ es_fputs (":pubkey enc packet: [unknown version]\n", listfp);
rc = gpg_error (GPG_ERR_INV_PACKET);
goto leave;
}
@@ -1561,6 +1578,8 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
if (pktlen < 16)
{
log_error ("packet(%d) too short\n", pkttype);
+ if (list_mode)
+ es_fputs (":signature packet: [too short]\n", listfp);
goto leave;
}
sig->version = iobuf_get_noeof (inp);
@@ -1571,6 +1590,8 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
{
log_error ("packet(%d) with unknown version %d\n",
pkttype, sig->version);
+ if (list_mode)
+ es_fputs (":signature packet: [unknown version]\n", listfp);
rc = gpg_error (GPG_ERR_INV_PACKET);
goto leave;
}
@@ -1604,6 +1625,8 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
if (n > 10000)
{
log_error ("signature packet: hashed data too long\n");
+ if (list_mode)
+ es_fputs (":signature packet: [hashed data too long]\n", listfp);
rc = G10ERR_INVALID_PACKET;
goto leave;
}
@@ -1616,6 +1639,8 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
{
log_error ("premature eof while reading "
"hashed signature data\n");
+ if (list_mode)
+ es_fputs (":signature packet: [premature eof]\n", listfp);
rc = -1;
goto leave;
}
@@ -1626,6 +1651,8 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
if (n > 10000)
{
log_error ("signature packet: unhashed data too long\n");
+ if (list_mode)
+ es_fputs (":signature packet: [unhashed data too long]\n", listfp);
rc = G10ERR_INVALID_PACKET;
goto leave;
}
@@ -1638,6 +1665,8 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
{
log_error ("premature eof while reading "
"unhashed signature data\n");
+ if (list_mode)
+ es_fputs (":signature packet: [premature eof]\n", listfp);
rc = -1;
goto leave;
}
@@ -1648,6 +1677,8 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
if (pktlen < 5) /* Sanity check. */
{
log_error ("packet(%d) too short\n", pkttype);
+ if (list_mode)
+ es_fputs (":signature packet: [too short]\n", listfp);
rc = G10ERR_INVALID_PACKET;
goto leave;
}
@@ -1811,6 +1842,8 @@ parse_onepass_sig (IOBUF inp, int pkttype, unsigned long pktlen,
if (pktlen < 13)
{
log_error ("packet(%d) too short\n", pkttype);
+ if (list_mode)
+ es_fputs (":onepass_sig packet: [too short]\n", listfp);
rc = gpg_error (GPG_ERR_INV_PACKET);
goto leave;
}
@@ -1819,6 +1852,8 @@ parse_onepass_sig (IOBUF inp, int pkttype, unsigned long pktlen,
if (version != 3)
{
log_error ("onepass_sig with unknown version %d\n", version);
+ if (list_mode)
+ es_fputs (":onepass_sig packet: [unknown version]\n", listfp);
rc = gpg_error (GPG_ERR_INV_PACKET);
goto leave;
}
@@ -1942,6 +1977,8 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
else if (version != 2 && version != 3)
{
log_error ("packet(%d) with unknown version %d\n", pkttype, version);
+ if (list_mode)
+ es_fputs (":key packet: [unknown version]\n", listfp);
err = gpg_error (GPG_ERR_INV_PACKET);
goto leave;
}
@@ -1949,6 +1986,8 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
if (pktlen < 11)
{
log_error ("packet(%d) too short\n", pkttype);
+ if (list_mode)
+ es_fputs (":key packet: [too short]\n", listfp);
err = gpg_error (GPG_ERR_INV_PACKET);
goto leave;
}
@@ -2405,6 +2444,8 @@ parse_user_id (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * packet)
if (pktlen > 2048)
{
log_error ("packet(%d) too large\n", pkttype);
+ if (list_mode)
+ es_fprintf (listfp, ":user ID packet: [too large]\n");
iobuf_skip_rest (inp, pktlen, 0);
return G10ERR_INVALID_PACKET;
}
@@ -2528,6 +2569,9 @@ parse_comment (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * packet)
if (pktlen > 65536)
{
log_error ("packet(%d) too large\n", pkttype);
+ if (list_mode)
+ es_fprintf (listfp, ":%scomment packet: [too large]\n",
+ pkttype == PKT_OLD_COMMENT ? "OpenPGP draft " : "");
iobuf_skip_rest (inp, pktlen, 0);
return G10ERR_INVALID_PACKET;
}
@@ -2605,6 +2649,8 @@ parse_plaintext (IOBUF inp, int pkttype, unsigned long pktlen,
if (!partial && pktlen < 6)
{
log_error ("packet(%d) too short (%lu)\n", pkttype, (ulong) pktlen);
+ if (list_mode)
+ es_fputs (":literal data packet: [too short]\n", listfp);
rc = gpg_error (GPG_ERR_INV_PACKET);
goto leave;
}
@@ -2715,6 +2761,8 @@ parse_encrypted (IOBUF inp, int pkttype, unsigned long pktlen,
{
log_error ("encrypted_mdc packet with unknown version %d\n",
version);
+ if (list_mode)
+ es_fputs (":encrypted data packet: [unknown version]\n", listfp);
/*skip_rest(inp, pktlen); should we really do this? */
rc = gpg_error (GPG_ERR_INV_PACKET);
goto leave;
@@ -2731,6 +2779,8 @@ parse_encrypted (IOBUF inp, int pkttype, unsigned long pktlen,
{
/* Actually this is blocksize+2. */
log_error ("packet(%d) too short\n", pkttype);
+ if (list_mode)
+ es_fputs (":encrypted data packet: [too short]\n", listfp);
rc = G10ERR_INVALID_PACKET;
iobuf_skip_rest (inp, pktlen, partial);
goto leave;
commit bab9cdd971f35ff47e153c00034c95e7ffeaa09a
Author: Werner Koch <wk at gnupg.org>
Date: Mon Jul 21 13:50:36 2014 +0200
gpg: Cap size of attribute packets at 16MB.
* g10/parse-packet.c (parse_attribute): Avoid xmalloc failure and cap
size of packet.
--
Tavis Ormandy reported a fatal error for attribute packets with a zero
length payload. This is due to a check in Libgcrypt's xmalloc which
rejects a malloc(0) instead of silently allocating 1 byte. The fix is
obvious.
In addition we cap the size of attribute packets similar to what we do
with user id packets. OpenPGP keys are not the proper way to store
movies.
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 28f9016..b967df5 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -2478,11 +2478,23 @@ parse_attribute (IOBUF inp, int pkttype, unsigned long pktlen,
(void) pkttype;
+ /* We better cap the size of an attribute packet to make DoS not too
+ easy. 16MB should be more then enough for one attribute packet
+ (ie. a photo). */
+ if (pktlen > 16*1024*1024)
+ {
+ log_error ("packet(%d) too large\n", pkttype);
+ if (list_mode)
+ es_fprintf (listfp, ":attribute packet: [too large]\n");
+ iobuf_skip_rest (inp, pktlen, 0);
+ return G10ERR_INVALID_PACKET;
+ }
+
#define EXTRA_UID_NAME_SPACE 71
packet->pkt.user_id = xmalloc_clear (sizeof *packet->pkt.user_id
+ EXTRA_UID_NAME_SPACE);
packet->pkt.user_id->ref = 1;
- packet->pkt.user_id->attrib_data = xmalloc (pktlen);
+ packet->pkt.user_id->attrib_data = xmalloc (pktlen? pktlen:1);
packet->pkt.user_id->attrib_len = pktlen;
p = packet->pkt.user_id->attrib_data;
-----------------------------------------------------------------------
Summary of changes:
g10/parse-packet.c | 64 +++++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 63 insertions(+), 1 deletion(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list