Page MenuHome GnuPG

gpg should reject compressed packets outside of messages
Closed, ResolvedPublic

Description

According to the OpenPGP standard, compressed and literal data packets are only allowed in messages. They are forbidden in signatures, secret keys, and certificates. GnuPG should reject compressed and literal data packets that appear outside of signatures.

Event Timeline

DemiMarie created this object in space S1 Public.
DemiMarie created this object with edit policy "Custom Policy".

This specificiation is a draft which has not even been discussed in the WG. In any case gpg won't implement this because it would break processing of existing data.

This specificiation is a draft which has not even been discussed in the WG. In any case gpg won't implement this because it would break processing of existing data.

Are you aware of any such data existing in the wild? I have never come across a compressed signature outside of a test case for PGPainless, which has since dropped support for processing compressed detached signatres.

I would be okay with GnuPG ignoring such packets, but I do not want verifying a signature or importing a key to activate the decompression code and its associated attack surface.

werner edited projects, added gnupg, Feature Request; removed g10.

This is referenced from https://nvd.nist.gov/vuln/detail/CVE-2022-3219 for CVE-2022-3219. Can this please be fixed?

No, we can't do much about this. It has always been easy to create compression bombs and the more relevant thing here is compressed signed or encrypted data. Or just compressed mails. The patch by @DemiMarie is way to complicated for what it wants to achieve and actually breaks existing use cases. For example Poppler uses GnuPG comment packets to lower its own attack surface by leaving all OpenPGP handling to gpg. The patch (or at least the version we noticed in Fedora and Debian) entirely breaks this use.

It might be useful to have samples of compressed keys:


We once had the options --compress-key and --compress-sigs but even longer ago we disabled their fucntions and finally removed them with rG71b55e91f02cdb65a8884892f71c4c7bf8a75247. However, creating such keys is easy by using an obvious one line patch in export.c.

werner claimed this task.

For example Poppler uses GnuPG comment packets to lower its own attack surface by leaving all OpenPGP handling to gpg. The patch (or at least the version we noticed in Fedora and Debian) entirely breaks this use.

Could you point to any poppler bug report or sample breakage? I'd like to understand more. Thanks!