ssh: Fix allocation of pinentry buffer
NIIBE Yutaka
gniibe at fsij.org
Fri Oct 2 03:00:56 CEST 2015
On 10/01/2015 08:26 PM, Werner Koch wrote:
> What about this basic fix? If there are other problem they can be
> applied on top of this.
No objection. I'll apply other fixes on top of this, in the next
week. Also, I'll backport this to 2.0.
Neal, I understand your point of: commits that encapsulate a single
change. For adding new feature, I completely agree.
My concern was that we have other cases, too: for some fixes, we need
to backport the fixes to 2.0, and those should be applied to the
version of each distribution. Well, security team in a distribution
is so picky (that is good thing), and smaller distinct fixes are
better to be evaluated by them independently.
* * *
>> fixed size allocation and fixed size communication
>
> The pin_entry_info_s is allocated in secure memory thus when piossible
> it should be limited in size.
Noted. I keep the code which limits the size.
The reason why I consider fixed size communication would be better is
that we have fixed size communication between gpg-agent to scdaemon.
Currently, the communication between gpg-agent to scdaemon for pin
input is done in fixed size (null-padded). No, it is not me :-) who
decided it. The code is in:
agent/divert-scd.c:getpin_cb
agent/call-scd.c:inq_needpin
If the intention of this fixed size communication is to mitigate some
side channel attacks, I think that we should keep this code.
--
More information about the Gnupg-devel
mailing list