Page MenuHome GnuPG

Kleopatra: Crashes or hangs on circular certificate chains
Testing, HighPublic

Description

There are several problems caused by circular certificate chains:

  1. Kleopatra crashes on startup if there are X.509 certificates with a circular certificate chain in the key store.
  2. Kleopatra hangs when trying to view the trust chain details of a certificate that's part of a circular chain.

See rGc9343bec83e2: sm: Detect circular chains in --list-chain. for test certificates with circular certificate chain.

Event Timeline

ikloecker triaged this task as High priority.
ikloecker created this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

Rating as High because this can be used for a DoS attack on individual users.

ikloecker renamed this task from Kleopatra: Crash on circular certificate chains to Kleopatra: Crashes or hangs on circular certificate chains.Thu, Nov 18, 3:59 PM
ikloecker updated the task description. (Show Details)

First issue is fixed.

Second issue is also fixed.

I didn't spot any other usages of Key::chainID() in libkleo (or kleopatra) that could cause problems. The usage in KeyListView looks safe.

ikloecker changed the task status from Open to Testing.Mon, Nov 22, 10:51 AM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.