common: Don't incorrectly reject 4 GB - 1 sized packets.

* g10/parse-packet.c (parse): Don't reject 4 GB - 1 sized packets. Add the constraint that the type must be 63. * kbx/keybox-openpgp.c (next_packet): Likewise. * tests/openpgp/4gb-packet.asc: New file. * tests/openpgp/4gb-packet.test: New file. * tests/openpgp/Makefile.am (TESTS): Add 4gb-packet.test. (TEST_FILES): Add 4gb-packet.asc. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2024-12-22 10:19:57 +01:00 · 2015-08-21 11:55:15 +02:00 · 2015-08-21 11:55:15 +02:00 · 09f2a7bca6
commit 09f2a7bca6
parent 4f37820334
5 changed files with 34 additions and 4 deletions
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@ -643,7 +643,14 @@ parse (IOBUF inp, PACKET * pkt, int onlykeypkts, off_t * retpos,
 	}
    }

-  if (pktlen == (unsigned long) (-1))
+  /* Sometimes the decompressing layer enters an error state in which
+     it simply outputs 0xff for every byte read.  If we have a stream
+     of 0xff bytes, then it will be detected as a new format packet
+     with type 63 and a 4-byte encoded length that is 4G-1.  Since
+     packets with type 63 are private and we use them as a control
+     packet, which won't be 4 GB, we reject such packets as
+     invalid.  */
+  if (pkttype == 63 && pktlen == 0xFFFFFFFF)
    {
      /* With some probability this is caused by a problem in the
       * the uncompressing layer - in some error cases it just loops
--- a/kbx/keybox-openpgp.c
+++ b/kbx/keybox-openpgp.c
@ -139,7 +139,14 @@ next_packet (unsigned char const **bufptr, size_t *buflen,
      return gpg_error (GPG_ERR_UNEXPECTED);
    }

-  if (pktlen == (unsigned long)(-1))
+  if (pkttype == 63 && pktlen == 0xFFFFFFFF)
+    /* Sometimes the decompressing layer enters an error state in
+       which it simply outputs 0xff for every byte read.  If we have a
+       stream of 0xff bytes, then it will be detected as a new format
+       packet with type 63 and a 4-byte encoded length that is 4G-1.
+       Since packets with type 63 are private and we use them as a
+       control packet, which won't be 4 GB, we reject such packets as
+       invalid.  */
    return gpg_error (GPG_ERR_INV_PACKET);

  if (pktlen > len)
--- a/tests/openpgp/4gb-packet.asc
+++ b/tests/openpgp/4gb-packet.asc
--- a/tests/openpgp/4gb-packet.test
+++ b/tests/openpgp/4gb-packet.test
@ -0,0 +1,16 @@
+#!/bin/sh
+
+. $srcdir/defs.inc || exit 3
+
+# GnuPG through 2.1.7 would incorrect mark packets whose size is
+# 2^32-1 as invalid and exit with status code 2.
+i=$srcdir/4gb-packet.asc
+
+if ! $GPG --list-packets $i
+then
+  echo Failed to parse 4GB packet.
+  exit 1
+else
+  echo Can parse 4GB packets.
+  exit 0
+fi
--- a/tests/openpgp/Makefile.am
+++ b/tests/openpgp/Makefile.am
@ -38,7 +38,7 @@ TESTS = version.test mds.test \
 	armdetachm.test detachm.test genkey1024.test \
 	conventional.test conventional-mdc.test \
 	multisig.test verify.test armor.test \
-	import.test ecc.test finish.test
+	import.test ecc.test 4gb-packet.test finish.test


 TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \
@ -46,7 +46,7 @@ TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \
 	     pubring.pkr.asc secring.skr.asc secdemo.asc pubdemo.asc \
             gpg.conf.tmpl gpg-agent.conf.tmpl \
 	     bug537-test.data.asc bug894-test.asc \
-	     bug1223-good.asc bug1223-bogus.asc
+	     bug1223-good.asc bug1223-bogus.asc 4gb-packet.asc

 data_files = data-500 data-9000 data-32000 data-80000 plain-large