Diffusion GnuPG b84feb0c82eb

agent: Do not place a trailing NUL byte on S-expression

Authored by dkg on Jul 23 2019, 4:07 PM.

Description

agent: Do not place a trailing NUL byte on S-expression

* agent/pkdecrypt.c (agent_pkdecrypt): Avoid appending a trailing NUL
byte at the end of the generated S-expression.
* g10/call-agent.c (agent_pkdecrypt): accept but do not require
NUL-terminated data from the agent.
* sm/call-agent.c (gpgsm_agent_pkdecrypt): accept but do not require
NUL-terminated data from the agent.

In many cases, a canonical S-expression may have an embedded NUL
anyway (especially if it contains raw cryptographic key material or
other high-entropy bytestrings), so trying to treat a canonical
S-expression as a C string is likely to be dangerous -- better to not
leave any such expectations.

I note that gpgsm_agent_pkdecrypt() appears to try to work with older
versions of gpg-agent which might not return a full S-expression.
This makes it harder to reason about, since a maliciously-formed
return value could contain a string that could cause invalid memory
access when invoking strtoul (e.g. all numbers up to the end of the
buffer). So we manually NUL-terminate it before continuing.

gpg's agent_pkdecrypt() has no such qualms -- if the returned object
is not a full S-expression, then it rejects the response. This makes
it much easier to reason about without modification, and allows us to
strip any trailing NUL bytes knowing that they will be properly
termiated with a close parenthesis.

  • GnuPG-bug-id: T4652
  • Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Details

Committed
dkgJul 24 2019, 6:15 AM
Parents
rG7bfbb9fa7e76: gpg: A little clean up.
Branches
Unknown
Tags
Unknown
This commit has been deleted in the repository: it is no longer reachable from any branch, tag, or ref.