[git] GnuPG - branch, master, updated. gnupg-2.2.7-186-ge88f56f
by Werner Koch
cvs at cvs.gnupg.org
Fri Jul 27 17:58:46 CEST 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via e88f56f1937ac92f6a3b94e50b6db2649ec0be41 (commit)
via ebe727ef596eefebb5eff7d03a98649ffc7ae3ee (commit)
via ddee9f9409fb5a089883eab0fadef7b9b7e61e72 (commit)
from 967d3649d24aba623133808e8d01675dff389fbb (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e88f56f1937ac92f6a3b94e50b6db2649ec0be41
Author: Werner Koch <wk at gnupg.org>
Date: Fri Jul 27 17:35:00 2018 +0200
gpg: Set a limit for a WKD import of 256 KiB.
* g10/call-dirmngr.c (MAX_WKD_RESULT_LENGTH): New.
(gpg_dirmngr_wkd_get): Use it.
--
WKD should return only a single key with just one UID. For key
rollover 2 keys may be send. A total of 256 KiB seems to be a
generous limit here.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c
index d77b90d..11663b9 100644
--- a/g10/call-dirmngr.c
+++ b/g10/call-dirmngr.c
@@ -41,6 +41,12 @@
#include "call-dirmngr.h"
+/* Keys retrieved from the web key directory should be small. There
+ * is only one UID and we can expect that the number of subkeys is
+ * reasonable. So we set a generous limit of 256 KiB. */
+#define MAX_WKD_RESULT_LENGTH (256 * 1024)
+
+
/* Parameter structure used to gather status info. Note that it is
* also used for WKD requests. */
struct ks_status_parm_s
@@ -1367,7 +1373,7 @@ gpg_dirmngr_wkd_get (ctrl_t ctrl, const char *name, int quick,
goto leave;
}
- parm.memfp = es_fopenmem (0, "rwb");
+ parm.memfp = es_fopenmem (MAX_WKD_RESULT_LENGTH, "rwb");
if (!parm.memfp)
{
err = gpg_error_from_syserror ();
@@ -1375,6 +1381,8 @@ gpg_dirmngr_wkd_get (ctrl_t ctrl, const char *name, int quick,
}
err = assuan_transact (ctx, line, dns_cert_data_cb, &parm,
NULL, NULL, ks_status_cb, &stparm);
+ if (gpg_err_code (err) == GPG_ERR_ENOSPC)
+ err = gpg_error (GPG_ERR_TOO_LARGE);
if (err)
goto leave;
commit ebe727ef596eefebb5eff7d03a98649ffc7ae3ee
Author: Werner Koch <wk at gnupg.org>
Date: Fri Jul 27 12:23:38 2018 +0200
dirmngr: Validate SRV records in WKD queries.
* dirmngr/server.c (proc_wkd_get): Check the returned SRV record names
to mitigate rogue DNS servers.
--
I am not sure wether this really is very useful because the security
relies on a trustworthy DNS system anyway. However, that check is
easy enough to do.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/dirmngr/server.c b/dirmngr/server.c
index 33ce4cf..2519fd6 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -887,6 +887,18 @@ proc_wkd_get (ctrl_t ctrl, assuan_context_t ctx, char *line)
if (err)
goto leave;
+ /* Check for rogue DNS names. */
+ for (i = 0; i < srvscount; i++)
+ {
+ if (!is_valid_domain_name (srvs[i].target))
+ {
+ err = gpg_error (GPG_ERR_DNS_ADDRESS);
+ log_error ("rogue openpgpkey SRV record for '%s'\n", domain);
+ xfree (srvs);
+ goto leave;
+ }
+ }
+
/* Find the first target which also ends in DOMAIN or is equal
* to DOMAIN. */
domainlen = strlen (domain);
commit ddee9f9409fb5a089883eab0fadef7b9b7e61e72
Author: Werner Koch <wk at gnupg.org>
Date: Fri Jul 27 11:56:06 2018 +0200
common: New function to validate domain names.
* common/mbox-util.c (is_valid_domain_name): New.
* common/t-mbox-util.c (run_dns_test): New test.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/common/mbox-util.c b/common/mbox-util.c
index c1f05b8..76255ba 100644
--- a/common/mbox-util.c
+++ b/common/mbox-util.c
@@ -241,3 +241,42 @@ is_valid_user_id (const char *uid)
return 1;
}
+
+
+/* Returns true if STRING is a valid domain name according to the LDH
+ * rule. */
+int
+is_valid_domain_name (const char *string)
+{
+ static char const ldh_chars[] =
+ "01234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-";
+ const char *s;
+
+ /* Note that we do not check the length limit of a label or the
+ * entire name */
+
+ for (s=string; *s; s++)
+ if (*s == '.')
+ {
+ if (string == s)
+ return 0; /* Dot at the start of the string. */
+ /* (may also be at the end like in ".") */
+ if (s[1] == '.')
+ return 0; /* No - double dot. */
+ }
+ else if (!strchr (ldh_chars, *s))
+ return 0;
+ else if (*s == '-')
+ {
+ if (string == s)
+ return 0; /* Leading hyphen. */
+ if (s[-1] == '.')
+ return 0; /* Hyphen at begin of a label. */
+ if (s[1] == '.')
+ return 0; /* Hyphen at start of a label. */
+ if (!s[1])
+ return 0; /* Trailing hyphen. */
+ }
+
+ return !!*string;
+}
diff --git a/common/mbox-util.h b/common/mbox-util.h
index bce003f..7355cee 100644
--- a/common/mbox-util.h
+++ b/common/mbox-util.h
@@ -24,6 +24,7 @@ int is_valid_mailbox (const char *name);
int is_valid_mailbox_mem (const void *buffer, size_t length);
char *mailbox_from_userid (const char *userid);
int is_valid_user_id (const char *uid);
+int is_valid_domain_name (const char *string);
#endif /*GNUPG_COMMON_MBOX_UTIL_H*/
diff --git a/common/t-mbox-util.c b/common/t-mbox-util.c
index 979d4b3..fb1ac12 100644
--- a/common/t-mbox-util.c
+++ b/common/t-mbox-util.c
@@ -33,7 +33,7 @@
static void
-run_test (void)
+run_mbox_test (void)
{
static struct
{
@@ -93,13 +93,64 @@ run_test (void)
}
+static void
+run_dns_test (void)
+{
+ static struct
+ {
+ const char *name;
+ int valid;
+ } testtbl[] =
+ {
+ { "", 0 },
+ { ".", 0 },
+ { "-", 0 },
+ { "a", 1 },
+ { "ab", 1 },
+ { "a.b", 1 },
+ { "a.b.", 1 },
+ { ".a.b.", 0 },
+ { ".a.b", 0 },
+ { "-a.b", 0 },
+ { "a-.b", 0 },
+ { "a.-b", 0 },
+ { "a.b-", 0 },
+ { "a.b-.", 0 },
+ { "a..b", 0 },
+ { "ab.c", 1 },
+ { "a-b.c", 1 },
+ { "a-b-.c", 0 },
+ { "-a-b.c", 0 },
+ { "example.org", 1 },
+ { "x.example.org", 1 },
+ { "xy.example.org", 1 },
+ { "Xy.example.org", 1 },
+ { "-Xy.example.org", 0 },
+ { "Xy.example-.org", 0 },
+ { "foo.example.org..", 0 },
+ { "foo.example.org.", 1 },
+ { ".foo.example.org.", 0 },
+ { "..foo.example.org.", 0 },
+ { NULL, 0 }
+ };
+ int idx;
+
+ for (idx=0; testtbl[idx].name; idx++)
+ {
+ if (is_valid_domain_name (testtbl[idx].name) != testtbl[idx].valid)
+ fail (idx);
+ }
+}
+
+
int
main (int argc, char **argv)
{
(void)argc;
(void)argv;
- run_test ();
+ run_mbox_test ();
+ run_dns_test ();
return 0;
}
-----------------------------------------------------------------------
Summary of changes:
common/mbox-util.c | 39 +++++++++++++++++++++++++++++++++++++
common/mbox-util.h | 1 +
common/t-mbox-util.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++--
dirmngr/server.c | 12 ++++++++++++
g10/call-dirmngr.c | 10 +++++++++-
5 files changed, 114 insertions(+), 3 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list