ssh: Fix allocation of pinentry buffer
Werner Koch
wk at gnupg.org
Fri Oct 2 12:34:01 CEST 2015
On Fri, 2 Oct 2015 03:00, gniibe at fsij.org said:
> No objection. I'll apply other fixes on top of this, in the next
> week. Also, I'll backport this to 2.0.
Okay, I pushed my fix.
> My concern was that we have other cases, too: for some fixes, we need
> to backport the fixes to 2.0, and those should be applied to the
> version of each distribution. Well, security team in a distribution
> is so picky (that is good thing), and smaller distinct fixes are
Good point.
> agent/divert-scd.c:getpin_cb
> agent/call-scd.c:inq_needpin
Yes, the max length is set to 90 which is pretty large for any PIN. If
that is a problem we could add an option to the NEEDPIN inquiry to tell
the maximum expected size of the PIN.
> If the intention of this fixed size communication is to mitigate some
> side channel attacks, I think that we should keep this code.
No, I dont think that is an issue. The IPC between gpg-agent and
scdaemon is considered to be safe.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list