mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
common: Don't incorrectly reject 4 GB - 1 sized packets.
* g10/parse-packet.c (parse): Don't reject 4 GB - 1 sized packets. Add the constraint that the type must be 63. * kbx/keybox-openpgp.c (next_packet): Likewise. * tests/openpgp/4gb-packet.asc: New file. * tests/openpgp/4gb-packet.test: New file. * tests/openpgp/Makefile.am (TESTS): Add 4gb-packet.test. (TEST_FILES): Add 4gb-packet.asc. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
This commit is contained in:
parent
4f37820334
commit
09f2a7bca6
@ -643,7 +643,14 @@ parse (IOBUF inp, PACKET * pkt, int onlykeypkts, off_t * retpos,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (pktlen == (unsigned long) (-1))
|
/* Sometimes the decompressing layer enters an error state in which
|
||||||
|
it simply outputs 0xff for every byte read. If we have a stream
|
||||||
|
of 0xff bytes, then it will be detected as a new format packet
|
||||||
|
with type 63 and a 4-byte encoded length that is 4G-1. Since
|
||||||
|
packets with type 63 are private and we use them as a control
|
||||||
|
packet, which won't be 4 GB, we reject such packets as
|
||||||
|
invalid. */
|
||||||
|
if (pkttype == 63 && pktlen == 0xFFFFFFFF)
|
||||||
{
|
{
|
||||||
/* With some probability this is caused by a problem in the
|
/* With some probability this is caused by a problem in the
|
||||||
* the uncompressing layer - in some error cases it just loops
|
* the uncompressing layer - in some error cases it just loops
|
||||||
|
@ -139,7 +139,14 @@ next_packet (unsigned char const **bufptr, size_t *buflen,
|
|||||||
return gpg_error (GPG_ERR_UNEXPECTED);
|
return gpg_error (GPG_ERR_UNEXPECTED);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (pktlen == (unsigned long)(-1))
|
if (pkttype == 63 && pktlen == 0xFFFFFFFF)
|
||||||
|
/* Sometimes the decompressing layer enters an error state in
|
||||||
|
which it simply outputs 0xff for every byte read. If we have a
|
||||||
|
stream of 0xff bytes, then it will be detected as a new format
|
||||||
|
packet with type 63 and a 4-byte encoded length that is 4G-1.
|
||||||
|
Since packets with type 63 are private and we use them as a
|
||||||
|
control packet, which won't be 4 GB, we reject such packets as
|
||||||
|
invalid. */
|
||||||
return gpg_error (GPG_ERR_INV_PACKET);
|
return gpg_error (GPG_ERR_INV_PACKET);
|
||||||
|
|
||||||
if (pktlen > len)
|
if (pktlen > len)
|
||||||
|
BIN
tests/openpgp/4gb-packet.asc
Normal file
BIN
tests/openpgp/4gb-packet.asc
Normal file
Binary file not shown.
16
tests/openpgp/4gb-packet.test
Executable file
16
tests/openpgp/4gb-packet.test
Executable file
@ -0,0 +1,16 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
. $srcdir/defs.inc || exit 3
|
||||||
|
|
||||||
|
# GnuPG through 2.1.7 would incorrect mark packets whose size is
|
||||||
|
# 2^32-1 as invalid and exit with status code 2.
|
||||||
|
i=$srcdir/4gb-packet.asc
|
||||||
|
|
||||||
|
if ! $GPG --list-packets $i
|
||||||
|
then
|
||||||
|
echo Failed to parse 4GB packet.
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
echo Can parse 4GB packets.
|
||||||
|
exit 0
|
||||||
|
fi
|
@ -38,7 +38,7 @@ TESTS = version.test mds.test \
|
|||||||
armdetachm.test detachm.test genkey1024.test \
|
armdetachm.test detachm.test genkey1024.test \
|
||||||
conventional.test conventional-mdc.test \
|
conventional.test conventional-mdc.test \
|
||||||
multisig.test verify.test armor.test \
|
multisig.test verify.test armor.test \
|
||||||
import.test ecc.test finish.test
|
import.test ecc.test 4gb-packet.test finish.test
|
||||||
|
|
||||||
|
|
||||||
TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \
|
TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \
|
||||||
@ -46,7 +46,7 @@ TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \
|
|||||||
pubring.pkr.asc secring.skr.asc secdemo.asc pubdemo.asc \
|
pubring.pkr.asc secring.skr.asc secdemo.asc pubdemo.asc \
|
||||||
gpg.conf.tmpl gpg-agent.conf.tmpl \
|
gpg.conf.tmpl gpg-agent.conf.tmpl \
|
||||||
bug537-test.data.asc bug894-test.asc \
|
bug537-test.data.asc bug894-test.asc \
|
||||||
bug1223-good.asc bug1223-bogus.asc
|
bug1223-good.asc bug1223-bogus.asc 4gb-packet.asc
|
||||||
|
|
||||||
data_files = data-500 data-9000 data-32000 data-80000 plain-large
|
data_files = data-500 data-9000 data-32000 data-80000 plain-large
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user