Diffusion GnuPG 9a1e195348da

gpg: Cap size of attribute packets at 16MB.
9a1e195348daUnpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

gpg: Cap size of attribute packets at 16MB.

* g10/parse-packet.c (parse_attribute): Avoid xmalloc failure and cap
size of packet.

Tavis Ormandy reported a fatal error for attribute packets with a zero
length payload. This is due to a check in Libgcrypt's xmalloc which
rejects a malloc(0) instead of silently allocating 1 byte. The fix is
obvious.

In addition we cap the size of attribute packets similar to what we do
with user id packets. OpenPGP keys are not the proper way to store
movies.

Resolved conflicts:
g10/parse-packet.c - indentation. Use plain fprintf.

Details

Provenance

• werner

Authored on Jul 21 2014, 1:50 PM

Parents

rG40215d8ecdb1: Post release updates.

Branches

Unknown

Tags

Unknown

Event Timeline

Werner Koch <wk@gnupg.org> committed rG9a1e195348da: gpg: Cap size of attribute packets at 16MB. (authored by Werner Koch <wk@gnupg.org>).Jul 21 2014, 2:46 PM

Changes (1)

Path

Size

g10/

parse-packet.c

rG9a1e195348da

View Options

gpg: Cap size of attribute packets at 16MB.9a1e195348daUnpublishedActions