agent: Do not place a trailing NUL byte on S-expression
* agent/pkdecrypt.c (agent_pkdecrypt): Avoid appending a trailing NUL byte at the end of the generated S-expression. * g10/call-agent.c (agent_pkdecrypt): accept but do not require NUL-terminated data from the agent. * sm/call-agent.c (gpgsm_agent_pkdecrypt): accept but do not require NUL-terminated data from the agent.
In many cases, a canonical S-expression may have an embedded NUL
anyway (especially if it contains raw cryptographic key material or
other high-entropy bytestrings), so trying to treat a canonical
S-expression as a C string is likely to be dangerous -- better to not
leave any such expectations.
I note that gpgsm_agent_pkdecrypt() appears to try to work with older
versions of gpg-agent which might not return a full S-expression.
This makes it harder to reason about, since a maliciously-formed
return value could contain a string that could cause invalid memory
access when invoking strtoul (e.g. all numbers up to the end of the
buffer). So we manually NUL-terminate it before continuing.
gpg's agent_pkdecrypt() has no such qualms -- if the returned object
is not a full S-expression, then it rejects the response. This makes
it much easier to reason about without modification, and allows us to
strip any trailing NUL bytes knowing that they will be properly
termiated with a close parenthesis.
- GnuPG-bug-id: T4652
- Signed-off-by: Daniel Kahn Gillmor <firstname.lastname@example.org>