Home GnuPG
Diffusion GnuPG 11fdfcf82bd8

gpg: Avoid infinite loop in uncompressing garbled packets.
11fdfcf82bd8Unpublished

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

gpg: Avoid infinite loop in uncompressing garbled packets.

* g10/compress.c (do_uncompress): Limit the number of extra FF bytes.

A packet like (a3 01 5b ff) leads to an infinite loop. Using
--max-output won't help if it is a partial packet. This patch
actually fixes a regression introduced on 1999-05-31 (c34c6769).
Actually it would be sufficient to stuff just one extra 0xff byte.
Given that this problem popped up only after 15 years, I feel safer to
allow for a very few FF bytes.

Thanks to Olivier Levillain and Florian Maury for their detailed
report.

Details

Provenance
wernerAuthored on Jun 20 2014, 10:39 AM
Parents
rG23191d7851ea: gpg: Need to init the trustdb for import.
Branches
Unknown
Tags
Unknown

Event Timeline