From gniibe at fsij.org Thu Jun 16 02:59:44 2022 From: gniibe at fsij.org (NIIBE Yutaka) Date: Thu, 16 Jun 2022 09:59:44 +0900 Subject: [Experimental] Scute supporting multiple devices Message-ID: <87h74le83j.fsf@akagi.fsij.org> Hello, In GnuPG 2.3, scdaemon supports multiple devices. Naturally, people would expect use of multiple devices with Scute. But it is not (yet) supported. This is a ticket for this experiment: https://dev.gnupg.org/T6002 Now, we have t6002 branch in the repo of Scute. Still, there are many things of FIXME, it starts working (at least, for me). I tested with Firefox and Chromium. For now, you need to install current master of GnuPG 2.3 to use t6002 branch of Scute. In this experiment, my approach is: - It's scdaemon which takes care of device removal. - Scute does nothing for device removal/insertion. All devices are marked as "present" even if it's not plugged-in to the host computer. - When a user asks signing, Scute simply relays the request to gpg-agent, and if it's not available, gpg-agent prompts a user for device insertion. Please test, and give us your comments (by mailing list or dev.gnupg.org). -- From patrick at enigmail.net Sun Jun 26 18:12:19 2022 From: patrick at enigmail.net (Patrick Brunschwig) Date: Sun, 26 Jun 2022 18:12:19 +0200 Subject: Looking for new Maintainer for gpgOSX Message-ID: <69d13c70-ef12-1092-2368-c46d17fcacf8@enigmail.net> gpgOSX is a free pre-packaged install-able distribution of standard GnuPG 2.x for macOS. I am maintaining it since the release of GnuPG 2.1.0 back in 2014. As many of you know, I'm also maintaining Enigmail. Since OpenPGP support is part of Thunderbird, my involvement with Enigmail has reduced a lot, and so has my involvement with GnuPG. Furthermore, I don't have a Mac anymore, and it has become more and more difficult and cumbersome to continue maintaining and building gpgOSX. I am therefore looking for someone who would want to step in and take over the project. If you're interested, then please get in touch with me. Thanks, Patrick -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 834 bytes Desc: OpenPGP digital signature URL: From demiobenour at gmail.com Tue Jun 28 23:07:14 2022 From: demiobenour at gmail.com (Demi Marie Obenour) Date: Tue, 28 Jun 2022 17:07:14 -0400 Subject: Preferred place to send patches? Message-ID: What is the preferred place to send patches? Should I send them to this mailing list, or should I submit them to https://dev.gnupg.org via Arcanist? -- Sincerely, Demi Marie Obenour (she/her/hers) -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_0xB288B55FFF9C22C1.asc Type: application/pgp-keys Size: 4886 bytes Desc: OpenPGP public key URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Wed Jun 29 14:55:59 2022 From: wk at gnupg.org (Werner Koch) Date: Wed, 29 Jun 2022 14:55:59 +0200 Subject: Preferred place to send patches? In-Reply-To: (Demi Marie Obenour via Gnupg-devel's message of "Tue, 28 Jun 2022 17:07:14 -0400") References: Message-ID: <87ilojzl0g.fsf@wheatstone.g10code.de> On Tue, 28 Jun 2022 17:07, Demi Marie Obenour said: > What is the preferred place to send patches? Should I send them to > this mailing list, or should I submit them to https://dev.gnupg.org To the mailing list please. Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From Mailer-Daemon at lists.gnupg.org Wed Jun 29 14:56:12 2022 From: Mailer-Daemon at lists.gnupg.org (Mail Delivery System) Date: Wed, 29 Jun 2022 14:56:12 +0200 Subject: Mail delivery failed: returning message to sender Message-ID: This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: gnupg-devel at lists.gnupg.org Unrouteable address ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from kerckhoffs.g10code.com ([217.69.77.222]) by lists.gnupg.org with esmtps (Exim 4.84_2 #2 (Debian)) id 1o6XEq-00005f-0O for ; Wed, 29 Jun 2022 14:56:12 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnupg.org; s=20181017; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date: References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=XlpKQ6lcQ3O6WV2BkyGkyBMl46WvbkR61fuoDw45Y1k=; b=MG5OvaYbZOB9aHtTh5deAt/LEA vRq+OQgwjOdOwrR098WXq1NQy6SYezzjhhH4FtOlrRZiHesFB8F7C7grg0m63UrGJ69RDC2lfL9JZ c66a9Cf5zGBO8pXcsxC8/yAjQINffnRfWiIIIzuLlHj/CiYjcbgngD6OXasjFI4St1v0=; Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1o6XEp-0002uD-2Q for ; Wed, 29 Jun 2022 14:56:11 +0200 Received: from wk by wheatstone.g10code.de with local (Exim 4.92 #5 (Debian)) id 1o6XEd-0006gB-Je; Wed, 29 Jun 2022 14:55:59 +0200 From: Werner Koch To: Demi Marie Obenour via Gnupg-devel Cc: GnuPG development , Demi Marie Obenour Subject: Re: Preferred place to send patches? References: X-message-flag: Mails containing HTML will not be read! Please send only plain text. Jabber-ID: wk at jabber.gnupg.org Mail-Followup-To: Demi Marie Obenour via Gnupg-devel , GnuPG development , Demi Marie Obenour Date: Wed, 29 Jun 2022 14:55:59 +0200 In-Reply-To: (Demi Marie Obenour via Gnupg-devel's message of "Tue, 28 Jun 2022 17:07:14 -0400") Message-ID: <87ilojzl0g.fsf at wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=9705_Samford_Road_Matamoros_humint_counter_intelligence_DREC_FDA_TIE"; micalg=pgp-sha256; protocol="application/pgp-signature" --=9705_Samford_Road_Matamoros_humint_counter_intelligence_DREC_FDA_TIE Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 28 Jun 2022 17:07, Demi Marie Obenour said: > What is the preferred place to send patches? Should I send them to > this mailing list, or should I submit them to https://dev.gnupg.org To the mailing list please. Shalom-Salam, Werner =2D-=20 The pioneers of a warless world are the youth that refuse military service. - A. Einstein --=9705_Samford_Road_Matamoros_humint_counter_intelligence_DREC_FDA_TIE Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQSHd0YfKgdOvEgNNZQZzByeCFsQegUCYrxL3wAKCRAZzByeCFsQ em6DAQCOUsk6+PG3tV5uVsvBvnBZJxCOzeeBsudg18NJ/PW5YgEA8U3n7EG20z0T MEjhRMwlpUoIenT6da/RmsXoNNZ5Bgg= =aa9j -----END PGP SIGNATURE----- --=9705_Samford_Road_Matamoros_humint_counter_intelligence_DREC_FDA_TIE-- From demiobenour at gmail.com Wed Jun 29 16:53:03 2022 From: demiobenour at gmail.com (Demi Marie Obenour) Date: Wed, 29 Jun 2022 10:53:03 -0400 Subject: Preferred place to send patches? In-Reply-To: <87ilojzl0g.fsf@wheatstone.g10code.de> References: <87ilojzl0g.fsf@wheatstone.g10code.de> Message-ID: <39782702-2bc6-04a5-8436-f5c96846304f@gmail.com> On 6/29/22 08:55, Werner Koch wrote: > On Tue, 28 Jun 2022 17:07, Demi Marie Obenour said: >> What is the preferred place to send patches? Should I send them to >> this mailing list, or should I submit them to https://dev.gnupg.org > > To the mailing list please. That?s fine. I did find https://gnupg.org/faq/HACKING.html, but I could not find any links from the main FAQ or elsewhere, so I was not sure if it was up to date. Sorry for wasting your time with patches sent via Phabricator. -- Sincerely, Demi Marie Obenour (she/her/hers) -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_0xB288B55FFF9C22C1.asc Type: application/pgp-keys Size: 4885 bytes Desc: OpenPGP public key URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From demi at invisiblethingslab.com Wed Jun 29 17:43:08 2022 From: demi at invisiblethingslab.com (Demi Marie Obenour) Date: Wed, 29 Jun 2022 11:43:08 -0400 Subject: DCO Message-ID: GnuPG Developer's Certificate of Origin. Version 1.0 ===================================================== By making a contribution to the GnuPG project, I certify that: (a) The contribution was created in whole or in part by me and I have the right to submit it under the free software license indicated in the file; or (b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate free software license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same free software license (unless I am permitted to submit under a different license), as indicated in the file; or (c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it. (d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the free software license(s) involved. Signed-off-by: Demi Marie Obenour -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From demi at invisiblethingslab.com Wed Jun 29 17:44:14 2022 From: demi at invisiblethingslab.com (Demi Marie Obenour) Date: Wed, 29 Jun 2022 11:44:14 -0400 Subject: [PATCH GnuPG] gpg: Disallow compressed signatures and certificates Message-ID: Compressed packets have significant attack surface, both due to the potential for denial of service (zip bombs and the like) and for code execution via memory corruption vulnerabilities in the decompressor. Furthermore, I am not aware of any implementation that uses them in keys or detached signatures. Therefore, disallow their use in such contexts entirely. When parsing detached signatures, forbid any packet that is not a signature or marker packet. When parsing keys, return an error when encountering a compressed packet, instead of decompressing the packet. Furthermore, certificates, keys, and signatures are not allowed to contain partial-length or indeterminate-length packets. Reject those in parse_packet, rather than activating the partial-length filter code. GnuPG-bug-id: T5993 Signed-off-by: Demi Marie Obenour --- g10/import.c | 18 ++---------------- g10/mainproc.c | 17 +++++++++++++++-- g10/packet.h | 2 ++ g10/parse-packet.c | 44 +++++++++++++++++++++++++++++++++++++++++++- 4 files changed, 62 insertions(+), 19 deletions(-) diff --git a/g10/import.c b/g10/import.c index bb0bf67934a8316130cde182cd43d56353e0171d..a8136351f6f7dae8c65634ed8e1c242d323e2009 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1042,22 +1042,8 @@ read_block( IOBUF a, unsigned int options, switch (pkt->pkttype) { case PKT_COMPRESSED: - if (check_compress_algo (pkt->pkt.compressed->algorithm)) - { - rc = GPG_ERR_COMPR_ALGO; - goto ready; - } - else - { - compress_filter_context_t *cfx = xmalloc_clear( sizeof *cfx ); - pkt->pkt.compressed->buf = NULL; - if (push_compress_filter2 (a, cfx, - pkt->pkt.compressed->algorithm, 1)) - xfree (cfx); /* e.g. in case of compression_algo NONE. */ - } - free_packet (pkt, &parsectx); - init_packet(pkt); - break; + rc = GPG_ERR_UNEXPECTED; + goto ready; case PKT_RING_TRUST: /* Skip those packets unless we are in restore mode. */ diff --git a/g10/mainproc.c b/g10/mainproc.c index af11877aa257e46662c42b6ff573ee01c3ad1547..d85124abd7bb0067423835186f61a7f94b734aeb 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -152,6 +152,7 @@ add_onepass_sig (CTX c, PACKET *pkt) { kbnode_t node; + log_assert(!(c->sigs_only && c->signed_data.used)); if (c->list) /* Add another packet. */ add_kbnode (c->list, new_kbnode (pkt)); else /* Insert the first one. */ @@ -1077,7 +1078,10 @@ proc_compressed (CTX c, PACKET *pkt) /*printf("zip: compressed data packet\n");*/ if (c->sigs_only) - rc = handle_compressed (c->ctrl, c, zd, proc_compressed_cb, c); + { + log_assert(!c->signed_data.used); + rc = handle_compressed (c->ctrl, c, zd, proc_compressed_cb, c); + } else if( c->encrypt_only ) rc = handle_compressed (c->ctrl, c, zd, proc_encrypt_cb, c); else @@ -1596,6 +1600,7 @@ do_proc_packets (CTX c, iobuf_t a) c->iobuf = a; init_packet(pkt); init_parse_packet (&parsectx, a); + parsectx.sigs_only = c->sigs_only && c->signed_data.used; while ((rc=parse_packet (&parsectx, pkt)) != -1) { any_data = 1; @@ -1607,6 +1612,12 @@ do_proc_packets (CTX c, iobuf_t a) if (gpg_err_code (rc) == GPG_ERR_INV_PACKET && opt.list_packets == 0) break; + + if (gpg_err_code (rc) == GPG_ERR_UNEXPECTED) + { + write_status_text( STATUS_UNEXPECTED, "0" ); + goto leave; + } continue; } newpkt = -1; @@ -1644,7 +1655,9 @@ do_proc_packets (CTX c, iobuf_t a) case PKT_COMPRESSED: rc = proc_compressed (c, pkt); break; case PKT_ONEPASS_SIG: newpkt = add_onepass_sig (c, pkt); break; case PKT_GPG_CONTROL: newpkt = add_gpg_control (c, pkt); break; - default: newpkt = 0; break; + default: + log_assert(!c->signed_data.used); + newpkt = 0; break; } } else if (c->encrypt_only) diff --git a/g10/packet.h b/g10/packet.h index 5a14015a16c872fe7b0b15468598daf7a05ffc02..82dfe786b46051491e7015e64441678140defa9e 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -657,6 +657,7 @@ struct parse_packet_ctx_s int free_last_pkt; /* Indicates that LAST_PKT must be freed. */ int skip_meta; /* Skip ring trust packets. */ unsigned int n_parsed_packets; /* Number of parsed packets. */ + int sigs_only; /* Only accept detached signature packets */ }; typedef struct parse_packet_ctx_s *parse_packet_ctx_t; @@ -667,6 +668,7 @@ typedef struct parse_packet_ctx_s *parse_packet_ctx_t; (a)->free_last_pkt = 0; \ (a)->skip_meta = 0; \ (a)->n_parsed_packets = 0; \ + (a)->sigs_only = 0; \ } while (0) #define deinit_parse_packet(a) do { \ diff --git a/g10/parse-packet.c b/g10/parse-packet.c index cea1f7ebc5daec3863ae963c1ab25500f86796fe..dca66ff427ea6778e536782ec6bda83584877342 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -738,6 +738,20 @@ parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos, case PKT_ENCRYPTED_MDC: case PKT_ENCRYPTED_AEAD: case PKT_COMPRESSED: + if (ctx->sigs_only) + { + log_error (_("partial length packet of type %d in detached" + " signature\n"), pkttype); + rc = gpg_error (GPG_ERR_UNEXPECTED); + goto leave; + } + if (onlykeypkts) + { + log_error (_("partial length packet of type %d in keyring\n"), + pkttype); + rc = gpg_error (GPG_ERR_UNEXPECTED); + goto leave; + } iobuf_set_partial_body_length_mode (inp, c & 0xff); pktlen = 0; /* To indicate partial length. */ partial = 1; @@ -775,6 +789,20 @@ parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos, rc = gpg_error (GPG_ERR_INV_PACKET); goto leave; } + else if (ctx->sigs_only) + { + log_error (_("indeterminate length packet of type %d in detached" + " signature\n"), pkttype); + rc = gpg_error (GPG_ERR_UNEXPECTED); + goto leave; + } + else if (onlykeypkts) + { + log_error (_("indeterminate length packet of type %d in" + " keyring\n"), pkttype); + rc = gpg_error (GPG_ERR_UNEXPECTED); + goto leave; + } } else { @@ -828,7 +856,21 @@ parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos, goto leave; } - if (with_uid && pkttype == PKT_USER_ID) + if (ctx->sigs_only) + switch (pkttype) + { + case PKT_SIGNATURE: + case PKT_MARKER: + break; + default: + log_error(_("Packet type %d not allowed in detached signature\n"), + pkttype); + iobuf_skip_rest (inp, pktlen, partial); + *skip = 1; + rc = GPG_ERR_UNEXPECTED; + goto leave; + } + else if (with_uid && pkttype == PKT_USER_ID) /* If ONLYKEYPKTS is set to 2, then we never skip user id packets, even if DO_SKIP is set. */ ; -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From demi at invisiblethingslab.com Wed Jun 29 17:07:28 2022 From: demi at invisiblethingslab.com (Demi Marie Obenour) Date: Wed, 29 Jun 2022 11:07:28 -0400 Subject: [PATCH GnuPG] gpg: Disallow compressed signatures and certificates Message-ID: Compressed packets have significant attack surface, both due to the potential for denial of service (zip bombs and the like) and for code execution via memory corruption vulnerabilities in the decompressor. Furthermore, I am not aware of any implementation that uses them in keys or detached signatures. Therefore, disallow their use in such contexts entirely. When parsing detached signatures, forbid any packet that is not a signature or marker packet. When parsing keys, return an error when encountering a compressed packet, instead of decompressing the packet. Furthermore, certificates, keys, and signatures are not allowed to contain partial-length or indeterminate-length packets. Reject those in parse_packet, rather than activating the partial-length filter code. GnuPG-bug-id: T5993 Signed-off-by: Demi Marie Obenour --- g10/import.c | 18 ++---------------- g10/mainproc.c | 17 +++++++++++++++-- g10/packet.h | 2 ++ g10/parse-packet.c | 44 +++++++++++++++++++++++++++++++++++++++++++- 4 files changed, 62 insertions(+), 19 deletions(-) diff --git a/g10/import.c b/g10/import.c index bb0bf67934a8316130cde182cd43d56353e0171d..a8136351f6f7dae8c65634ed8e1c242d323e2009 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1042,22 +1042,8 @@ read_block( IOBUF a, unsigned int options, switch (pkt->pkttype) { case PKT_COMPRESSED: - if (check_compress_algo (pkt->pkt.compressed->algorithm)) - { - rc = GPG_ERR_COMPR_ALGO; - goto ready; - } - else - { - compress_filter_context_t *cfx = xmalloc_clear( sizeof *cfx ); - pkt->pkt.compressed->buf = NULL; - if (push_compress_filter2 (a, cfx, - pkt->pkt.compressed->algorithm, 1)) - xfree (cfx); /* e.g. in case of compression_algo NONE. */ - } - free_packet (pkt, &parsectx); - init_packet(pkt); - break; + rc = GPG_ERR_UNEXPECTED; + goto ready; case PKT_RING_TRUST: /* Skip those packets unless we are in restore mode. */ diff --git a/g10/mainproc.c b/g10/mainproc.c index af11877aa257e46662c42b6ff573ee01c3ad1547..d85124abd7bb0067423835186f61a7f94b734aeb 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -152,6 +152,7 @@ add_onepass_sig (CTX c, PACKET *pkt) { kbnode_t node; + log_assert(!(c->sigs_only && c->signed_data.used)); if (c->list) /* Add another packet. */ add_kbnode (c->list, new_kbnode (pkt)); else /* Insert the first one. */ @@ -1077,7 +1078,10 @@ proc_compressed (CTX c, PACKET *pkt) /*printf("zip: compressed data packet\n");*/ if (c->sigs_only) - rc = handle_compressed (c->ctrl, c, zd, proc_compressed_cb, c); + { + log_assert(!c->signed_data.used); + rc = handle_compressed (c->ctrl, c, zd, proc_compressed_cb, c); + } else if( c->encrypt_only ) rc = handle_compressed (c->ctrl, c, zd, proc_encrypt_cb, c); else @@ -1596,6 +1600,7 @@ do_proc_packets (CTX c, iobuf_t a) c->iobuf = a; init_packet(pkt); init_parse_packet (&parsectx, a); + parsectx.sigs_only = c->sigs_only && c->signed_data.used; while ((rc=parse_packet (&parsectx, pkt)) != -1) { any_data = 1; @@ -1607,6 +1612,12 @@ do_proc_packets (CTX c, iobuf_t a) if (gpg_err_code (rc) == GPG_ERR_INV_PACKET && opt.list_packets == 0) break; + + if (gpg_err_code (rc) == GPG_ERR_UNEXPECTED) + { + write_status_text( STATUS_UNEXPECTED, "0" ); + goto leave; + } continue; } newpkt = -1; @@ -1644,7 +1655,9 @@ do_proc_packets (CTX c, iobuf_t a) case PKT_COMPRESSED: rc = proc_compressed (c, pkt); break; case PKT_ONEPASS_SIG: newpkt = add_onepass_sig (c, pkt); break; case PKT_GPG_CONTROL: newpkt = add_gpg_control (c, pkt); break; - default: newpkt = 0; break; + default: + log_assert(!c->signed_data.used); + newpkt = 0; break; } } else if (c->encrypt_only) diff --git a/g10/packet.h b/g10/packet.h index 5a14015a16c872fe7b0b15468598daf7a05ffc02..82dfe786b46051491e7015e64441678140defa9e 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -657,6 +657,7 @@ struct parse_packet_ctx_s int free_last_pkt; /* Indicates that LAST_PKT must be freed. */ int skip_meta; /* Skip ring trust packets. */ unsigned int n_parsed_packets; /* Number of parsed packets. */ + int sigs_only; /* Only accept detached signature packets */ }; typedef struct parse_packet_ctx_s *parse_packet_ctx_t; @@ -667,6 +668,7 @@ typedef struct parse_packet_ctx_s *parse_packet_ctx_t; (a)->free_last_pkt = 0; \ (a)->skip_meta = 0; \ (a)->n_parsed_packets = 0; \ + (a)->sigs_only = 0; \ } while (0) #define deinit_parse_packet(a) do { \ diff --git a/g10/parse-packet.c b/g10/parse-packet.c index cea1f7ebc5daec3863ae963c1ab25500f86796fe..dca66ff427ea6778e536782ec6bda83584877342 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -738,6 +738,20 @@ parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos, case PKT_ENCRYPTED_MDC: case PKT_ENCRYPTED_AEAD: case PKT_COMPRESSED: + if (ctx->sigs_only) + { + log_error (_("partial length packet of type %d in detached" + " signature\n"), pkttype); + rc = gpg_error (GPG_ERR_UNEXPECTED); + goto leave; + } + if (onlykeypkts) + { + log_error (_("partial length packet of type %d in keyring\n"), + pkttype); + rc = gpg_error (GPG_ERR_UNEXPECTED); + goto leave; + } iobuf_set_partial_body_length_mode (inp, c & 0xff); pktlen = 0; /* To indicate partial length. */ partial = 1; @@ -775,6 +789,20 @@ parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos, rc = gpg_error (GPG_ERR_INV_PACKET); goto leave; } + else if (ctx->sigs_only) + { + log_error (_("indeterminate length packet of type %d in detached" + " signature\n"), pkttype); + rc = gpg_error (GPG_ERR_UNEXPECTED); + goto leave; + } + else if (onlykeypkts) + { + log_error (_("indeterminate length packet of type %d in" + " keyring\n"), pkttype); + rc = gpg_error (GPG_ERR_UNEXPECTED); + goto leave; + } } else { @@ -828,7 +856,21 @@ parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos, goto leave; } - if (with_uid && pkttype == PKT_USER_ID) + if (ctx->sigs_only) + switch (pkttype) + { + case PKT_SIGNATURE: + case PKT_MARKER: + break; + default: + log_error(_("Packet type %d not allowed in detached signature\n"), + pkttype); + iobuf_skip_rest (inp, pktlen, partial); + *skip = 1; + rc = GPG_ERR_UNEXPECTED; + goto leave; + } + else if (with_uid && pkttype == PKT_USER_ID) /* If ONLYKEYPKTS is set to 2, then we never skip user id packets, even if DO_SKIP is set. */ ; -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From demi at invisiblethingslab.com Wed Jun 29 16:59:07 2022 From: demi at invisiblethingslab.com (Demi Marie Obenour) Date: Wed, 29 Jun 2022 10:59:07 -0400 Subject: DCO Message-ID: GnuPG Developer's Certificate of Origin. Version 1.0 ===================================================== By making a contribution to the GnuPG project, I certify that: (a) The contribution was created in whole or in part by me and I have the right to submit it under the free software license indicated in the file; or (b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate free software license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same free software license (unless I am permitted to submit under a different license), as indicated in the file; or (c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it. (d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the free software license(s) involved. Signed-off-by: Demi Marie Obenour -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: