gpg: Fix DoS while parsing mangled secret key packets.
0aac920f23fdUnpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

gpg: Fix DoS while parsing mangled secret key packets.

* g10/parse-packet.c (parse_key): Check PKTLEN before calling mpi_read
et al.

Due to the missing length checks PKTLEN may turn negative. Because
PKTLEN is an unsigned int the malloc in read_rest would try to malloc
a too large number and terminate the process with "error reading rest
of packet: Cannot allocate memory".

(backported from 2.1 commit d901efcebaefaf6eae4a9b9aa8f0c2c055d3518a)

Reported-by: Hanno Böck.
Signed-off-by: Werner Koch <wk@gnupg.org>

Details

Provenance

• werner

Authored on Apr 5 2015, 7:33 PM

Parents

rG2a2da1b165f0: doc: Document the changed default algos for gpgsm.

Branches

Unknown

Tags

Unknown

Event Timeline

Werner Koch <wk@gnupg.org> committed rG0aac920f23fd: gpg: Fix DoS while parsing mangled secret key packets. (authored by Werner Koch <wk@gnupg.org>).Apr 5 2015, 7:33 PM

Changes (1)

Path

Size

g10/

parse-packet.c

rG0aac920f23fd

View Options

gpg: Fix DoS while parsing mangled secret key packets.0aac920f23fdUnpublishedActions