[PATCH GnuPG 1/2] gpg: fix fpr comparison in keyserver screener

[Daniel Kahn Gillmor]

On Sun 2019-05-12 12:36:55 +0200, Vincent Breitmoser wrote:
> * g10/keyserver.c (keyserver_retrieval_screener): Only compare actual
> fpr_len
> ---
>  g10/keyserver.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/g10/keyserver.c b/g10/keyserver.c
> index 04802d1a5..5b5cf1c13 100644
> --- a/g10/keyserver.c
> +++ b/g10/keyserver.c
> @@ -1055,7 +1055,7 @@ keyserver_retrieval_screener (kbnode_t keyblock, void *opaque)
>          {
>            if (desc[n].mode == KEYDB_SEARCH_MODE_FPR)
>              {
> -              if (fpr_len == desc[n].fprlen && !memcmp (fpr, desc[n].u.fpr, 32))
> +              if (fpr_len == desc[n].fprlen && !memcmp (fpr, desc[n].u.fpr, fpr_len))
>                  return 0;
>              }
>            else if (desc[n].mode == KEYDB_SEARCH_MODE_LONG_KID)

fwiw, this looks like it is only relevant on the master branch
(presumably used for testing v5 keys?) -- the STABLE-BRANCH-2-2 branch
doesn't have this stanza.

aiui, Vincent is saying here that uninitialized memory might be compared
here in the case of a v4 fingerprint.  I haven't tested this myself.

I'd recommend considering this as a distinct change from the other patch
in this series, rather than treating them as interdependent.

     --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20190513/41e01f0c/attachment.sig>