ssh: Fix allocation of pinentry buffer

Werner Koch wk at gnupg.org
Fri Oct 2 12:34:01 CEST 2015


On Fri,  2 Oct 2015 03:00, gniibe at fsij.org said:

> No objection.  I'll apply other fixes on top of this, in the next
> week.  Also, I'll backport this to 2.0.

Okay, I pushed my fix.

> My concern was that we have other cases, too: for some fixes, we need
> to backport the fixes to 2.0, and those should be applied to the
> version of each distribution.  Well, security team in a distribution
> is so picky (that is good thing), and smaller distinct fixes are

Good point.


>     agent/divert-scd.c:getpin_cb
>     agent/call-scd.c:inq_needpin

Yes, the max length is set to 90 which is pretty large for any PIN.  If
that is a problem we could add an option to the NEEDPIN inquiry to tell
the maximum expected size of the PIN.

> If the intention of this fixed size communication is to mitigate some
> side channel attacks, I think that we should keep this code.

No, I dont think that is an issue.  The IPC between gpg-agent and
scdaemon is considered to be safe.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-devel mailing list