Home GnuPG
Diffusion GnuPG 382ba4b137b4

gpg: Limit the size of key packets to a sensible value.
382ba4b137b4Unpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

gpg: Limit the size of key packets to a sensible value.

* g10/parse-packet.c (MAX_KEY_PACKET_LENGTH): New.
(MAX_UID_PACKET_LENGTH): New.
(MAX_COMMENT_PACKET_LENGTH): New.
(MAX_ATTR_PACKET_LENGTH): New.
(parse_key): Limit the size of a key packet to 256k.
(parse_user_id): Use macro for the packet size limit.
(parse_attribute): Ditto.
(parse_comment): Ditto.

Without that it is possible to force gpg to allocate large amounts of
memory by using a bad encoded MPI. This would be an too easy DoS.
Another way to mitigate would be to change the MPI read function to
allocate memory dynamically while reading the MPI. However, that
complicates and possibly slows down the code. A too large key packet
is in any case a sign for broken data and thus gpg should not use it.

  • Reported-by: Hanno Böck
  • GnuPG-bug-id: T1823
  • Signed-off-by: Werner Koch <wk@gnupg.org>

Details

Provenance
wernerAuthored on Jan 28 2015, 8:32 PM
Parents
rGd8eea25b8b7b: gpg: Fix buffering problem in --list-config.
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
g10/

rG382ba4b137b4

View Options

g10/parse-packet.c

Loading...