[Pkg-gnupg-commit] [gnupg2] 43/102: gpg: Do not abort on certain invalid packets.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Jun 17 00:14:53 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch experimental
in repository gnupg2.
commit d837f6b0eadb14ea08c1c6030b4d6adaaee8778e
Author: Werner Koch <wk at gnupg.org>
Date: Thu Jun 2 15:14:49 2016 +0200
gpg: Do not abort on certain invalid packets.
* g10/build-packet.c (write_fake_data): Check for non-opaque data.
* g10/seskey.c (do_encode_md): Return NULL instead of abort.
--
The first may happen if the usage flags of an algorithm do not match
the allowed usage. When writing a backsig this would lead to a
log_bug in libgcrypt due to the use of a regular MPI as opaque data.
The second may happen with all kind of invalid data. It is easy to
avoid an abort, though.
Signed-off-by: Werner Koch <wk at gnupg.org>
---
g10/build-packet.c | 2 ++
g10/seskey.c | 9 ++++++---
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/g10/build-packet.c b/g10/build-packet.c
index 1353a86..2745734 100644
--- a/g10/build-packet.c
+++ b/g10/build-packet.c
@@ -301,6 +301,8 @@ write_fake_data (IOBUF out, gcry_mpi_t a)
if (!a)
return 0;
+ if (!gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE))
+ return 0; /* e.g. due to generating a key with wrong usage. */
p = gcry_mpi_get_opaque ( a, &n);
if (!p)
return 0; /* For example due to a read error in
diff --git a/g10/seskey.c b/g10/seskey.c
index c41a145..e5385af 100644
--- a/g10/seskey.c
+++ b/g10/seskey.c
@@ -211,9 +211,12 @@ do_encode_md( gcry_md_hd_t md, int algo, size_t len, unsigned nbits,
int i,n;
gcry_mpi_t a;
- if( len + asnlen + 4 > nframe )
- log_bug ("can't encode a %d bit MD into a %d bits frame, algo=%d\n",
- (int)(len*8), (int)nbits, algo);
+ if (len + asnlen + 4 > nframe)
+ {
+ log_error ("can't encode a %d bit MD into a %d bits frame, algo=%d\n",
+ (int)(len*8), (int)nbits, algo);
+ return NULL;
+ }
/* We encode the MD in this way:
*
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list