[git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.26-20-g1f9dfe1

by Werner Koch cvs at cvs.gnupg.org
Mon Nov 24 19:26:59 CET 2014 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-0 has been updated
       via  1f9dfe1fedad215140011257d9b1bb21bc368179 (commit)
       via  7a068ac50bc48de26e93cfeadf412b37257f97d5 (commit)
       via  92a7949ae6331b5e188480b76ce29a86ede6e89e (commit)
      from  a1c861ed380548ccd2819d3f6506ebbad9246561 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 1f9dfe1fedad215140011257d9b1bb21bc368179
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Nov 24 19:24:47 2014 +0100

    gpg: Fix use of uninit.value in listing sig subpkts.
    
    * g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket
    sanitized.
    --
    
    We may not use "%s" to print an arbitrary buffer.  At least "%.*s"
    should have been used.  However, it is in general preferable to escape
    control characters while printf user data.
    
    Reported-by: Hanno Böck
    Signed-off-by: Werner Koch <wk at gnupg.org>
    
    (backported from commit 596ae9f5433ca3b0e01f7acbe06fd2e424c42ae8)

diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 99ff7b7..63b97f0 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -972,7 +972,11 @@ dump_sig_subpkt( int hashed, int type, int critical,
 	if(!length)
 	  p="[invalid regexp subpacket]";
 	else
-	  fprintf (listfp, "regular expression: \"%s\"",buffer);
+          {
+            fprintf (listfp, "regular expression: \"");
+            print_string (listfp, buffer, length, '\"');
+            p = "\"";
+          }
 	break;
       case SIGSUBPKT_REVOCABLE:
 	if( length )

commit 7a068ac50bc48de26e93cfeadf412b37257f97d5
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Nov 24 19:12:37 2014 +0100

    gpg: Fix off-by-one read in the attribute subpacket parser.
    
    * g10/parse-packet.c (parse_attribute_subpkts): Check that the
    attribute packet is large enough for the subpacket type.
    --
    
    Reported-by: Hanno Böck
    Signed-off-by: Werner Koch <wk at gnupg.org>
    
    (backported from commit 0988764397f99db4efef1eabcdb8072d6159af76)

diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index f1d7f71..99ff7b7 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -2102,6 +2102,14 @@ parse_attribute_subpkts(PKT_user_id *uid)
       if( buflen < n )
 	goto too_short;
 
+      if (!n)
+        {
+          /* Too short to encode the subpacket type.  */
+          if (opt.verbose)
+            log_info ("attribute subpacket too short\n");
+          break;
+        }
+
       attribs=xrealloc(attribs,(count+1)*sizeof(struct user_attribute));
       memset(&attribs[count],0,sizeof(struct user_attribute));
 

commit 92a7949ae6331b5e188480b76ce29a86ede6e89e
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Nov 24 18:19:31 2014 +0100

    gpg: Fix a NULL-deref for invalid input data.
    
    * g10/mainproc.c (proc_encrypted): Take care of canceled passpharse
    entry.
    --
    
    GnuPG-bug-id: 1761
    Signed-off-by: Werner Koch <wk at gnupg.org>
    
    (backported from commit 32e85668b82f6fbcb824eea9548970804fb41d9e)

diff --git a/g10/mainproc.c b/g10/mainproc.c
index 3abcb15..6288030 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -520,7 +520,9 @@ proc_encrypted( CTX c, PACKET *pkt )
 	result = -1;
     else if( !c->dek && !c->last_was_session_key ) {
         int algo;
-        STRING2KEY s2kbuf, *s2k = NULL;
+        STRING2KEY s2kbuf;
+        STRING2KEY *s2k = NULL;
+        int canceled;
 
 	if(opt.override_session_key)
 	  {
@@ -562,9 +564,13 @@ proc_encrypted( CTX c, PACKET *pkt )
 		log_info (_("assuming %s encrypted data\n"), "IDEA");
 	      }
 
-	    c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 3, NULL, NULL );
+	    c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 3, NULL,&canceled);
 	    if (c->dek)
 	      c->dek->algo_info_printed = 1;
+            else if (canceled)
+              result = gpg_error (GPG_ERR_CANCELED);
+            else
+              result = gpg_error (GPG_ERR_INV_PASSPHRASE);
 	  }
     }
     else if( !c->dek )
@@ -585,7 +591,7 @@ proc_encrypted( CTX c, PACKET *pkt )
 	else if(!opt.no_mdc_warn)
 	    log_info (_("WARNING: message was not integrity protected\n"));
     }
-    else if( result == G10ERR_BAD_SIGN ) {
+    else if( gpg_err_code (result) == G10ERR_BAD_SIGN ) {
 	log_error(_("WARNING: encrypted message has been manipulated!\n"));
 	write_status( STATUS_BADMDC );
 	write_status( STATUS_DECRYPTION_FAILED );

-----------------------------------------------------------------------

Summary of changes:
 g10/mainproc.c     |   12 +++++++++---
 g10/parse-packet.c |   14 +++++++++++++-
 2 files changed, 22 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list