Diffusion GnuPG 156788a43c20

gpg: Do not allow creation of user ids larger than our parser allows.

Authored by werner on May 21 2019, 4:25 PM.

Description

gpg: Do not allow creation of user ids larger than our parser allows.

* g10/parse-packet.c: Move max packet lengths constants to ...
* g10/packet.h: ... here.
* g10/build-packet.c (do_user_id): Return an error if too data is too
large.
* g10/keygen.c (write_uid): Return an error for too large data.

This can lead to keyring corruption becuase we expect that our parser
is abale to parse packts created by us. Test case is

gpg --batch --passphrase 'abc' -v  \
    --quick-gen-key $(yes 'a'| head -4000|tr -d '\n')
  • GnuPG-bug-id: T4532
  • Signed-off-by: Werner Koch <wk@gnupg.org>