Home GnuPG
Diffusion GnuPG 81d3e541326e

gpg: Prevent an invalid memory read using a garbled keyring.
81d3e541326eUnpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

gpg: Prevent an invalid memory read using a garbled keyring.

* g10/keyring.c (keyring_get_keyblock): Whitelist allowed packet
types.

The keyring DB code did not reject packets which don't belong into a
keyring. If for example the keyblock contains a literal data packet
it is expected that the processing code stops at the data packet and
reads from the input stream which is referenced from the data packets.
Obviously the keyring processing code does not and cannot do that.
However, when exporting this messes up the IOBUF and leads to an
invalid read of sizeof (int).

We now skip all packets which are not allowed in a keyring.

(back ported from commit f0f71a721ccd7ab9e40b8b6b028b59632c0cc648)

[dkg: rebased to STABLE-BRANCH-1-4]

  • Reported-by: Hanno Böck <hanno@hboeck.de>
  • Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Details

Provenance
wernerAuthored on Feb 22 2015, 5:10 AM
Parents
rG68f260f77a9e: gpg: Fix a NULL-deref in export due to invalid packet lengths.
Branches
Unknown
Tags
Unknown

Event Timeline

Werner Koch <wk@gnupg.org> committed rG81d3e541326e: gpg: Prevent an invalid memory read using a garbled keyring. (authored by Werner Koch <wk@gnupg.org>).Feb 23 2015, 10:46 AM

Changes (1)

PathSize
g10/

rG81d3e541326e

View Options

g10/keyring.c

Loading...