[git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.23-5-gceef556
by Werner Koch
cvs at cvs.gnupg.org
Mon Jun 23 13:13:35 CEST 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via ceef5568d53b286efe639c6fd1d37f154be133ef (commit)
via 014b2103fcb12f261135e3954f26e9e07b39e342 (commit)
from 52b96ef6b81951ddacf146a74e88e5512efd03a0 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ceef5568d53b286efe639c6fd1d37f154be133ef
Author: Werner Koch <wk at gnupg.org>
Date: Mon Jun 23 13:16:44 2014 +0200
ssh: Fix for newer Libgcrypt versions.
* common/ssh-utils.c (get_fingerprint): Add GCRY_PK_ECC case.
--
Reported-by: Anatol Pomozov
diff --git a/common/ssh-utils.c b/common/ssh-utils.c
index d8f057d..11ff0fb 100644
--- a/common/ssh-utils.c
+++ b/common/ssh-utils.c
@@ -89,6 +89,7 @@ get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len,
elems = "pqgy";
gcry_md_write (md, "\0\0\0\x07ssh-dss", 11);
break;
+ case GCRY_PK_ECC:
case GCRY_PK_ECDSA:
/* We only support the 3 standard curves for now. It is just a
quick hack. */
commit 014b2103fcb12f261135e3954f26e9e07b39e342
Author: Werner Koch <wk at gnupg.org>
Date: Fri Jun 20 10:39:26 2014 +0200
gpg: Avoid infinite loop in uncompressing garbled packets.
* g10/compress.c (do_uncompress): Limit the number of extra FF bytes.
--
A packet like (a3 01 5b ff) leads to an infinite loop. Using
--max-output won't help if it is a partial packet. This patch
actually fixes a regression introduced on 1999-05-31 (c34c6769).
Actually it would be sufficient to stuff just one extra 0xff byte.
Given that this problem popped up only after 15 years, I feel safer to
allow for a very few FF bytes.
Thanks to Olivier Levillain and Florian Maury for their detailed
report.
diff --git a/g10/compress.c b/g10/compress.c
index a91dd23..6e151bc 100644
--- a/g10/compress.c
+++ b/g10/compress.c
@@ -161,7 +161,8 @@ do_uncompress( compress_filter_context_t *zfx, z_stream *zs,
IOBUF a, size_t *ret_len )
{
int zrc;
- int rc=0;
+ int rc = 0;
+ int leave = 0;
size_t n;
int nread, count;
int refill = !zs->avail_in;
@@ -179,13 +180,14 @@ do_uncompress( compress_filter_context_t *zfx, z_stream *zs,
nread = iobuf_read( a, zfx->inbuf + n, count );
if( nread == -1 ) nread = 0;
n += nread;
- /* If we use the undocumented feature to suppress
- * the zlib header, we have to give inflate an
- * extra dummy byte to read */
- if( nread < count && zfx->algo == 1 ) {
- *(zfx->inbuf + n) = 0xFF; /* is it really needed ? */
- zfx->algo1hack = 1;
+ /* Algo 1 has no zlib header which requires us to to give
+ * inflate an extra dummy byte to read. To be on the safe
+ * side we allow for up to 4 ff bytes. */
+ if( nread < count && zfx->algo == 1 && zfx->algo1hack < 4) {
+ *(zfx->inbuf + n) = 0xFF;
+ zfx->algo1hack++;
n++;
+ leave = 1;
}
zs->avail_in = n;
}
@@ -205,7 +207,8 @@ do_uncompress( compress_filter_context_t *zfx, z_stream *zs,
else
log_fatal("zlib inflate problem: rc=%d\n", zrc );
}
- } while( zs->avail_out && zrc != Z_STREAM_END && zrc != Z_BUF_ERROR );
+ } while (zs->avail_out && zrc != Z_STREAM_END && zrc != Z_BUF_ERROR
+ && !leave);
*ret_len = zfx->outbufsize - zs->avail_out;
if( DBG_FILTER )
-----------------------------------------------------------------------
Summary of changes:
common/ssh-utils.c | 1 +
g10/compress.c | 19 +++++++++++--------
2 files changed, 12 insertions(+), 8 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list