[git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.9-5-gf1c0d9b
by Werner Koch
cvs at cvs.gnupg.org
Sun Jul 29 18:50:30 CEST 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-2 has been updated
via f1c0d9bb6506eee6a3ad93ef432fe6aa5b72aabd (commit)
via 8a98aa25bb4bdbfe53afd4534f6624454ca01ab0 (commit)
via 4f59187a17f16d559e37a375501a0add1ca7eee8 (commit)
via d43248af9242d30e95f58285e4f2a2e927aae937 (commit)
from a6ce89b6eff90135854c626e51ba38204ec40da5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit f1c0d9bb6506eee6a3ad93ef432fe6aa5b72aabd
Author: Werner Koch <wk at gnupg.org>
Date: Fri Jul 27 17:35:00 2018 +0200
gpg: Set a limit for a WKD import of 256 KiB.
* g10/call-dirmngr.c (MAX_WKD_RESULT_LENGTH): New.
(gpg_dirmngr_wkd_get): Use it.
--
WKD should return only a single key with just one UID. For key
rollover 2 keys may be send. A total of 256 KiB seems to be a
generous limit here.
Signed-off-by: Werner Koch <wk at gnupg.org>
(cherry picked from commit e88f56f1937ac92f6a3b94e50b6db2649ec0be41)
diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c
index 9bc90fb..d086cef 100644
--- a/g10/call-dirmngr.c
+++ b/g10/call-dirmngr.c
@@ -41,6 +41,12 @@
#include "call-dirmngr.h"
+/* Keys retrieved from the web key directory should be small. There
+ * is only one UID and we can expect that the number of subkeys is
+ * reasonable. So we set a generous limit of 256 KiB. */
+#define MAX_WKD_RESULT_LENGTH (256 * 1024)
+
+
/* Parameter structure used to gather status info. Note that it is
* also used for WKD requests. */
struct ks_status_parm_s
@@ -1365,7 +1371,7 @@ gpg_dirmngr_wkd_get (ctrl_t ctrl, const char *name, int quick,
goto leave;
}
- parm.memfp = es_fopenmem (0, "rwb");
+ parm.memfp = es_fopenmem (MAX_WKD_RESULT_LENGTH, "rwb");
if (!parm.memfp)
{
err = gpg_error_from_syserror ();
@@ -1373,6 +1379,8 @@ gpg_dirmngr_wkd_get (ctrl_t ctrl, const char *name, int quick,
}
err = assuan_transact (ctx, line, dns_cert_data_cb, &parm,
NULL, NULL, ks_status_cb, &stparm);
+ if (gpg_err_code (err) == GPG_ERR_ENOSPC)
+ err = gpg_error (GPG_ERR_TOO_LARGE);
if (err)
goto leave;
commit 8a98aa25bb4bdbfe53afd4534f6624454ca01ab0
Author: Werner Koch <wk at gnupg.org>
Date: Fri Jul 27 12:23:38 2018 +0200
dirmngr: Validate SRV records in WKD queries.
* dirmngr/server.c (proc_wkd_get): Check the returned SRV record names
to mitigate rogue DNS servers.
--
I am not sure wether this really is very useful because the security
relies on a trustworthy DNS system anyway. However, that check is
easy enough to do.
Signed-off-by: Werner Koch <wk at gnupg.org>
(cherry picked from commit ebe727ef596eefebb5eff7d03a98649ffc7ae3ee)
diff --git a/dirmngr/server.c b/dirmngr/server.c
index b7cdb24..fcf0c1a 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -887,6 +887,18 @@ proc_wkd_get (ctrl_t ctrl, assuan_context_t ctx, char *line)
if (err)
goto leave;
+ /* Check for rogue DNS names. */
+ for (i = 0; i < srvscount; i++)
+ {
+ if (!is_valid_domain_name (srvs[i].target))
+ {
+ err = gpg_error (GPG_ERR_DNS_ADDRESS);
+ log_error ("rogue openpgpkey SRV record for '%s'\n", domain);
+ xfree (srvs);
+ goto leave;
+ }
+ }
+
/* Find the first target which also ends in DOMAIN or is equal
* to DOMAIN. */
domainlen = strlen (domain);
commit 4f59187a17f16d559e37a375501a0add1ca7eee8
Author: Werner Koch <wk at gnupg.org>
Date: Fri Jul 27 11:56:06 2018 +0200
common: New function to validate domain names.
* common/mbox-util.c (is_valid_domain_name): New.
* common/t-mbox-util.c (run_dns_test): New test.
Signed-off-by: Werner Koch <wk at gnupg.org>
(cherry picked from commit ddee9f9409fb5a089883eab0fadef7b9b7e61e72)
diff --git a/common/mbox-util.c b/common/mbox-util.c
index c1f05b8..76255ba 100644
--- a/common/mbox-util.c
+++ b/common/mbox-util.c
@@ -241,3 +241,42 @@ is_valid_user_id (const char *uid)
return 1;
}
+
+
+/* Returns true if STRING is a valid domain name according to the LDH
+ * rule. */
+int
+is_valid_domain_name (const char *string)
+{
+ static char const ldh_chars[] =
+ "01234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-";
+ const char *s;
+
+ /* Note that we do not check the length limit of a label or the
+ * entire name */
+
+ for (s=string; *s; s++)
+ if (*s == '.')
+ {
+ if (string == s)
+ return 0; /* Dot at the start of the string. */
+ /* (may also be at the end like in ".") */
+ if (s[1] == '.')
+ return 0; /* No - double dot. */
+ }
+ else if (!strchr (ldh_chars, *s))
+ return 0;
+ else if (*s == '-')
+ {
+ if (string == s)
+ return 0; /* Leading hyphen. */
+ if (s[-1] == '.')
+ return 0; /* Hyphen at begin of a label. */
+ if (s[1] == '.')
+ return 0; /* Hyphen at start of a label. */
+ if (!s[1])
+ return 0; /* Trailing hyphen. */
+ }
+
+ return !!*string;
+}
diff --git a/common/mbox-util.h b/common/mbox-util.h
index bce003f..7355cee 100644
--- a/common/mbox-util.h
+++ b/common/mbox-util.h
@@ -24,6 +24,7 @@ int is_valid_mailbox (const char *name);
int is_valid_mailbox_mem (const void *buffer, size_t length);
char *mailbox_from_userid (const char *userid);
int is_valid_user_id (const char *uid);
+int is_valid_domain_name (const char *string);
#endif /*GNUPG_COMMON_MBOX_UTIL_H*/
diff --git a/common/t-mbox-util.c b/common/t-mbox-util.c
index 979d4b3..fb1ac12 100644
--- a/common/t-mbox-util.c
+++ b/common/t-mbox-util.c
@@ -33,7 +33,7 @@
static void
-run_test (void)
+run_mbox_test (void)
{
static struct
{
@@ -93,13 +93,64 @@ run_test (void)
}
+static void
+run_dns_test (void)
+{
+ static struct
+ {
+ const char *name;
+ int valid;
+ } testtbl[] =
+ {
+ { "", 0 },
+ { ".", 0 },
+ { "-", 0 },
+ { "a", 1 },
+ { "ab", 1 },
+ { "a.b", 1 },
+ { "a.b.", 1 },
+ { ".a.b.", 0 },
+ { ".a.b", 0 },
+ { "-a.b", 0 },
+ { "a-.b", 0 },
+ { "a.-b", 0 },
+ { "a.b-", 0 },
+ { "a.b-.", 0 },
+ { "a..b", 0 },
+ { "ab.c", 1 },
+ { "a-b.c", 1 },
+ { "a-b-.c", 0 },
+ { "-a-b.c", 0 },
+ { "example.org", 1 },
+ { "x.example.org", 1 },
+ { "xy.example.org", 1 },
+ { "Xy.example.org", 1 },
+ { "-Xy.example.org", 0 },
+ { "Xy.example-.org", 0 },
+ { "foo.example.org..", 0 },
+ { "foo.example.org.", 1 },
+ { ".foo.example.org.", 0 },
+ { "..foo.example.org.", 0 },
+ { NULL, 0 }
+ };
+ int idx;
+
+ for (idx=0; testtbl[idx].name; idx++)
+ {
+ if (is_valid_domain_name (testtbl[idx].name) != testtbl[idx].valid)
+ fail (idx);
+ }
+}
+
+
int
main (int argc, char **argv)
{
(void)argc;
(void)argv;
- run_test ();
+ run_mbox_test ();
+ run_dns_test ();
return 0;
}
commit d43248af9242d30e95f58285e4f2a2e927aae937
Author: Jiří Keresteš <jiri.kerestes at trustica.cz>
Date: Tue Jul 17 17:11:42 2018 +0200
scd: Add support for Trustica Cryptoucan.
(cherry picked from commit 967d3649d24aba623133808e8d01675dff389fbb)
diff --git a/scd/apdu.c b/scd/apdu.c
index cd98cc9..9e3594b 100644
--- a/scd/apdu.c
+++ b/scd/apdu.c
@@ -964,7 +964,8 @@ pcsc_vendor_specific_init (int slot)
else if (strstr (reader_table[slot].rdrname, "cyberJack")
|| strstr (reader_table[slot].rdrname, "DIGIPASS")
|| strstr (reader_table[slot].rdrname, "Gnuk")
- || strstr (reader_table[slot].rdrname, "KAAN"))
+ || strstr (reader_table[slot].rdrname, "KAAN")
+ || strstr (reader_table[slot].rdrname, "Trustica"))
reader_table[slot].pinpad_varlen_supported = 1;
}
@@ -1038,7 +1039,8 @@ pcsc_vendor_specific_init (int slot)
else if (vendor == 0x0c4b /* Tested with Reiner cyberJack GO */
|| vendor == 0x1a44 /* Tested with Vasco DIGIPASS 920 */
|| vendor == 0x234b /* Tested with FSIJ Gnuk Token */
- || vendor == 0x0d46 /* Tested with KAAN Advanced??? */)
+ || vendor == 0x0d46 /* Tested with KAAN Advanced??? */
+ || (vendor == 0x1fc9 && product == 0x81e6) /* Tested with Trustica Cryptoucan */)
reader_table[slot].pinpad_varlen_supported = 1;
return 0;
diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c
index f33a36c..ae40f01 100644
--- a/scd/ccid-driver.c
+++ b/scd/ccid-driver.c
@@ -3387,6 +3387,12 @@ ccid_transceive_secure (ccid_driver_t handle,
if (handle->id_product != CHERRY_ST2000)
cherry_mode = 1;
break;
+ case VENDOR_NXP:
+ if (handle->id_product == CRYPTOUCAN){
+ pininfo->maxlen = 25;
+ enable_varlen = 1;
+ }
+ break;
default:
if ((handle->id_vendor == VENDOR_GEMPC &&
handle->id_product == GEMPC_PINPAD)
diff --git a/scd/ccid-driver.h b/scd/ccid-driver.h
index b6da30c..c31c25f 100644
--- a/scd/ccid-driver.h
+++ b/scd/ccid-driver.h
@@ -68,7 +68,8 @@ enum {
VENDOR_REINER = 0x0c4b,
VENDOR_KAAN = 0x0d46,
VENDOR_FSIJ = 0x234b,
- VENDOR_VASCO = 0x1a44
+ VENDOR_VASCO = 0x1a44,
+ VENDOR_NXP = 0x1fc9,
};
@@ -84,6 +85,7 @@ enum {
#define GEMPC_CT30 0x3437
#define VEGA_ALPHA 0x0008
#define CYBERJACK_GO 0x0504
+#define CRYPTOUCAN 0x81e6
#endif /*CCID_DRIVER_INCLUDE_USB_IDS*/
-----------------------------------------------------------------------
Summary of changes:
common/mbox-util.c | 39 +++++++++++++++++++++++++++++++++++++
common/mbox-util.h | 1 +
common/t-mbox-util.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++--
dirmngr/server.c | 12 ++++++++++++
g10/call-dirmngr.c | 10 +++++++++-
scd/apdu.c | 6 ++++--
scd/ccid-driver.c | 6 ++++++
scd/ccid-driver.h | 4 +++-
8 files changed, 127 insertions(+), 6 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list