Home GnuPG
Diffusion GnuPG 27d7addccf78

gpg: Limit the size of key packets to a sensible value.
27d7addccf78Unpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

gpg: Limit the size of key packets to a sensible value.

* g10/parse-packet.c (MAX_KEY_PACKET_LENGTH): New.
(MAX_UID_PACKET_LENGTH): New.
(MAX_COMMENT_PACKET_LENGTH): New.
(MAX_ATTR_PACKET_LENGTH): New.
(parse_key): Limit the size of a key packet to 256k.
(parse_user_id): Use macro for the packet size limit.
(parse_attribute): Ditto.
(parse_comment): Ditto.

Without that it is possible to force gpg to allocate large amounts of
memory by using a bad encoded MPI. This would be an too easy DoS.
Another way to mitigate would be to change the MPI read function to
allocate memory dynamically while reading the MPI. However, that
complicates and possibly slows down the code. A too large key packet
is in any case a sign for broken data and thus gpg should not use it.

(back ported from commit 382ba4b137b42d5f25a7e256bb7c053ee5ac7b64)

[dkg: rebased to STABLE-BRANCH-1-4]

  • Reported-by: Hanno Böck
  • GnuPG-bug-id: T1823
  • Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Details

Provenance
wernerAuthored on Feb 22 2015, 5:10 AM
Parents
rG20e14e331de4: gpg: Allow predefined names as answer to the keygen.algo prompt.
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
g10/

rG27d7addccf78

View Options

g10/parse-packet.c

Loading...