agent: Do not place a trailing NUL byte on S-expression
b84feb0c82ebUnpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

This commit no longer exists in the repository. It may have been part of a branch which was deleted.This commit has been deleted in the repository: it is no longer reachable from any branch, tag, or ref.

Description

agent: Do not place a trailing NUL byte on S-expression

* agent/pkdecrypt.c (agent_pkdecrypt): Avoid appending a trailing NUL
byte at the end of the generated S-expression.
* g10/call-agent.c (agent_pkdecrypt): accept but do not require
NUL-terminated data from the agent.
* sm/call-agent.c (gpgsm_agent_pkdecrypt): accept but do not require
NUL-terminated data from the agent.

In many cases, a canonical S-expression may have an embedded NUL
anyway (especially if it contains raw cryptographic key material or
other high-entropy bytestrings), so trying to treat a canonical
S-expression as a C string is likely to be dangerous -- better to not
leave any such expectations.

I note that gpgsm_agent_pkdecrypt() appears to try to work with older
versions of gpg-agent which might not return a full S-expression.
This makes it harder to reason about, since a maliciously-formed
return value could contain a string that could cause invalid memory
access when invoking strtoul (e.g. all numbers up to the end of the
buffer). So we manually NUL-terminate it before continuing.

gpg's agent_pkdecrypt() has no such qualms -- if the returned object
is not a full S-expression, then it rejects the response. This makes
it much easier to reason about without modification, and allows us to
strip any trailing NUL bytes knowing that they will be properly
termiated with a close parenthesis.

GnuPG-bug-id: T4652
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>