ssh: Fix allocation of pinentry buffer

NIIBE Yutaka gniibe at fsij.org
Fri Oct 2 03:00:56 CEST 2015


On 10/01/2015 08:26 PM, Werner Koch wrote:
> What about this basic fix?  If there are other problem they can be
> applied on top of this.

No objection.  I'll apply other fixes on top of this, in the next
week.  Also, I'll backport this to 2.0.

Neal, I understand your point of: commits that encapsulate a single
change.  For adding new feature, I completely agree.

My concern was that we have other cases, too: for some fixes, we need
to backport the fixes to 2.0, and those should be applied to the
version of each distribution.  Well, security team in a distribution
is so picky (that is good thing), and smaller distinct fixes are
better to be evaluated by them independently.

			*	*	*

>>     fixed size allocation and fixed size communication
> 
> The pin_entry_info_s is allocated in secure memory thus when piossible
> it should be limited in size.

Noted.  I keep the code which limits the size.

The reason why I consider fixed size communication would be better is
that we have fixed size communication between gpg-agent to scdaemon.

Currently, the communication between gpg-agent to scdaemon for pin
input is done in fixed size (null-padded).  No, it is not me :-) who
decided it.  The code is in:

    agent/divert-scd.c:getpin_cb
    agent/call-scd.c:inq_needpin

If the intention of this fixed size communication is to mitigate some
side channel attacks, I think that we should keep this code.
-- 



More information about the Gnupg-devel mailing list