[git] GnuPG - branch, master, updated. gnupg-2.1.7-48-g348a6eb

by Neal H. Walfield cvs at cvs.gnupg.org
Mon Aug 24 16:18:21 CEST 2015 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  348a6ebb63523305ce9f47d0f3e8a9086c338fed (commit)
      from  3cf02192a890d04f8f558cb72d46f9bd7a378322 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 348a6ebb63523305ce9f47d0f3e8a9086c338fed
Author: Neal H. Walfield <neal at g10code.com>
Date:   Mon Aug 24 16:14:09 2015 +0200

    agent: Raise the maximum password length.  Don't hard code it.
    
    * agent/agent.h (MAX_PASSPHRASE_LEN): Define.
    * agent/command-ssh.c (ssh_identity_register): Use it instead of a
    hard-coded literal.
    * agent/cvt-openpgp.c (convert_from_openpgp_main): Likewise.
    * agent/findkey.c (unprotect): Likewise.
    * agent/genkey.c (agent_ask_new_passphrase): Likewise.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>.
    GnuPG-bug-id: 2038

diff --git a/agent/agent.h b/agent/agent.h
index 958e3be..a1b3794 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -47,6 +47,11 @@
 /* Maximum length of a digest.  */
 #define MAX_DIGEST_LEN 64
 
+/* The maximum length of a passphrase (in bytes).  Note: this is
+   further contrained by the Assuan line length (and any other text on
+   the same line).  However, the Assuan line length is 1k bytes so
+   this shouldn't be a problem in practice.  */
+#define MAX_PASSPHRASE_LEN 255
 
 
 /* A large struct name "opt" to keep global flags */
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 2a3037c..3d29f97 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -3094,17 +3094,17 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
       goto out;
     }
 
-  pi = gcry_calloc_secure (2, sizeof (*pi) + 100 + 1);
+  pi = gcry_calloc_secure (2, sizeof (*pi) + MAX_PASSPHRASE_LEN + 1);
   if (!pi)
     {
       err = gpg_error_from_syserror ();
       goto out;
     }
-  pi2 = pi + (sizeof *pi + 100 + 1);
-  pi->max_length = 100;
+  pi2 = pi + (sizeof *pi + MAX_PASSPHRASE_LEN + 1);
+  pi->max_length = MAX_PASSPHRASE_LEN + 1;
   pi->max_tries = 1;
   pi->with_repeat = 1;
-  pi2->max_length = 100;
+  pi2->max_length = MAX_PASSPHRASE_LEN + 1;
   pi2->max_tries = 1;
   pi2->check_cb = reenter_compare_cb;
   pi2->check_cb_arg = pi->pin;
diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c
index 8bf5873..6d22210 100644
--- a/agent/cvt-openpgp.c
+++ b/agent/cvt-openpgp.c
@@ -918,10 +918,10 @@ convert_from_openpgp_main (ctrl_t ctrl, gcry_sexp_t s_pgp,
       struct pin_entry_info_s *pi;
       struct try_do_unprotect_arg_s pi_arg;
 
-      pi = xtrycalloc_secure (1, sizeof (*pi) + 100);
+      pi = xtrycalloc_secure (1, sizeof (*pi) + MAX_PASSPHRASE_LEN + 1);
       if (!pi)
         return gpg_error_from_syserror ();
-      pi->max_length = 100;
+      pi->max_length = MAX_PASSPHRASE_LEN + 1;
       pi->min_digits = 0;  /* We want a real passphrase.  */
       pi->max_digits = 16;
       pi->max_tries = 3;
diff --git a/agent/findkey.c b/agent/findkey.c
index e7cd79e..c49c37a 100644
--- a/agent/findkey.c
+++ b/agent/findkey.c
@@ -450,10 +450,10 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text,
         }
     }
 
-  pi = gcry_calloc_secure (1, sizeof (*pi) + 100);
+  pi = gcry_calloc_secure (1, sizeof (*pi) + MAX_PASSPHRASE_LEN + 1);
   if (!pi)
     return gpg_error_from_syserror ();
-  pi->max_length = 100;
+  pi->max_length = MAX_PASSPHRASE_LEN + 1;
   pi->min_digits = 0;  /* we want a real passphrase */
   pi->max_digits = 16;
   pi->max_tries = 3;
diff --git a/agent/genkey.c b/agent/genkey.c
index af53c60..13858ca 100644
--- a/agent/genkey.c
+++ b/agent/genkey.c
@@ -374,13 +374,13 @@ agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt,
 	return err;
     }
 
-  pi = gcry_calloc_secure (2, sizeof (*pi) + 100);
-  pi2 = pi + (sizeof *pi + 100);
-  pi->max_length = 100;
+  pi = gcry_calloc_secure (2, sizeof (*pi) + MAX_PASSPHRASE_LEN + 1);
+  pi2 = pi + (sizeof *pi + MAX_PASSPHRASE_LEN + 1);
+  pi->max_length = MAX_PASSPHRASE_LEN + 1;
   pi->max_tries = 3;
   pi->with_qualitybar = 1;
   pi->with_repeat = 1;
-  pi2->max_length = 100;
+  pi2->max_length = MAX_PASSPHRASE_LEN + 1;
   pi2->max_tries = 3;
   pi2->check_cb = reenter_compare_cb;
   pi2->check_cb_arg = pi->pin;

-----------------------------------------------------------------------

Summary of changes:
 agent/agent.h       | 5 +++++
 agent/command-ssh.c | 8 ++++----
 agent/cvt-openpgp.c | 4 ++--
 agent/findkey.c     | 4 ++--
 agent/genkey.c      | 8 ++++----
 5 files changed, 17 insertions(+), 12 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list