security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

Use inline functions to convert buffer data to scalars.

Browse source 
* common/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--

Commit 91b826a388 was not enough to
avoid all sign extension on shift problems.  Hanno Böck found a case
with an invalid read due to this problem.  To fix that once and for
all almost all uses of "<< 24" and "<< 8" are changed by this patch to
use an inline function from host2net.h.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2015-02-11 10:27:57 +01:00
parent f0f71a721c
commit 2183683bd6
31 changed files with 220 additions and 210 deletions
Download patch file Download diff file Expand all files Collapse all files

8
g10/build-packet.c
View file

@ -32,6 +32,7 @@
#include "iobuf.h"
#include "i18n.h"
#include "options.h"
#include "host2net.h"
static int do_user_id( IOBUF out, int ctb, PKT_user_id *uid );
static int do_key (iobuf_t out, int ctb, PKT_public_key *pk);
@ -621,10 +622,7 @@ delete_sig_subpkt (subpktarea_t *area, sigsubpkttype_t reqtype )
if( n == 255 ) {
if( buflen < 4 )
break;
n = (((size_t)buffer[0] << 24)
| (buffer[1] << 16)
| (buffer[2] << 8)
| buffer[3]);
n = buf32_to_size_t (buffer);
buffer += 4;
buflen -= 4;
}
@ -747,7 +745,7 @@ build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type,
/* This should never happen since we don't currently allow
creating such a subpacket, but just in case... */
case SIGSUBPKT_SIG_EXPIRE:
if(buffer_to_u32(buffer)+sig->timestamp<=make_timestamp())
if(buf32_to_u32(buffer)+sig->timestamp<=make_timestamp())
sig->flags.expired=1;
else
sig->flags.expired=0;

3
g10/call-agent.c
View file

@ -41,6 +41,7 @@
#include "call-agent.h"
#include "status.h"
#include "../common/shareddefs.h"
#include "host2net.h"
#ifndef DBG_ASSUAN
# define DBG_ASSUAN 1
@ -761,7 +762,7 @@ agent_scd_apdu (const char *hexapdu, unsigned int *r_sw)
err = gpg_error (GPG_ERR_CARD);
else
{
*r_sw = (data[datalen-2] << 8) | data[datalen-1];
*r_sw = buf16_to_uint (data+datalen-2);
}
xfree (data);
}

14
g10/getkey.c
View file

@ -36,6 +36,8 @@
#include "i18n.h"
#include "keyserver-internal.h"
#include "call-agent.h"
#include "host2net.h"
#define MAX_PK_CACHE_ENTRIES PK_UID_CACHE_SIZE
#define MAX_UID_CACHE_ENTRIES PK_UID_CACHE_SIZE
@ -1418,8 +1420,8 @@ fixup_uidnode (KBNODE uidnode, KBNODE signode, u32 keycreated)
/* Ditto for the key expiration. */
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
if (p && buffer_to_u32 (p))
uid->help_key_expire = keycreated + buffer_to_u32 (p);
if (p && buf32_to_u32 (p))
uid->help_key_expire = keycreated + buf32_to_u32 (p);
else
uid->help_key_expire = 0;
@ -1651,9 +1653,9 @@ merge_selfsigs_main (KBNODE keyblock, int *r_revoked,
key_usage = parse_key_usage (sig);
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
if (p && buffer_to_u32 (p))
if (p && buf32_to_u32 (p))
{
key_expire = keytimestamp + buffer_to_u32 (p);
key_expire = keytimestamp + buf32_to_u32 (p);
key_expire_seen = 1;
}
@ -2102,8 +2104,8 @@ merge_selfsigs_subkey (KBNODE keyblock, KBNODE subnode)
subpk->pubkey_usage = key_usage;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
if (p && buffer_to_u32 (p))
key_expire = keytimestamp + buffer_to_u32 (p);
if (p && buf32_to_u32 (p))
key_expire = keytimestamp + buf32_to_u32 (p);
else
key_expire = 0;
subpk->has_expired = key_expire >= curtime ? 0 : key_expire;

9
g10/keygen.c
View file

@ -43,6 +43,8 @@
#include "call-agent.h"
#include "pkglue.h"
#include "../common/shareddefs.h"
#include "host2net.h"
/* The default algorithms. If you change them remember to change them
also in gpg.c:gpgconf_list. You should also check that the value
@ -845,10 +847,7 @@ make_backsig (PKT_signature *sig, PKT_public_key *pk,
}
else if (buf[1] == 255)
{
pktlen = buf[2] << 24;
pktlen |= buf[3] << 16;
pktlen |= buf[4] << 8;
pktlen |= buf[5];
pktlen = buf32_to_size_t (buf+2);
buf += 6;
}
else
@ -865,7 +864,7 @@ make_backsig (PKT_signature *sig, PKT_public_key *pk,
break;
case 2:
pktlen = buf[mark++] << 24;
pktlen = (size_t)buf[mark++] << 24;
pktlen |= buf[mark++] << 16;
case 1:

29
g10/keyid.c
View file

@ -35,6 +35,8 @@
#include "keydb.h"
#include "i18n.h"
#include "rmd160.h"
#include "host2net.h"
#define KEYID_STR_SIZE 19
@ -256,9 +258,9 @@ v3_keyid (gcry_mpi_t a, u32 *ki)
else
{
p = buffer + nbytes - 8;
ki[0] = (p[0] << 24) | (p[1] <<16) | (p[2] << 8) | p[3];
ki[0] = buf32_to_u32 (p);
p += 4;
ki[1] = (p[0] << 24) | (p[1] <<16) | (p[2] << 8) | p[3];
ki[1] = buf32_to_u32 (p);
}
xfree (buffer);
return ki[1];
@ -378,15 +380,8 @@ keystr_from_desc(KEYDB_SEARCH_DESC *desc)
{
u32 keyid[2];
keyid[0] = ((unsigned char)desc->u.fpr[12] << 24
| (unsigned char)desc->u.fpr[13] << 16
| (unsigned char)desc->u.fpr[14] << 8
| (unsigned char)desc->u.fpr[15]);
keyid[1] = ((unsigned char)desc->u.fpr[16] << 24
| (unsigned char)desc->u.fpr[17] << 16
| (unsigned char)desc->u.fpr[18] << 8
| (unsigned char)desc->u.fpr[19]);
keyid[0] = buf32_to_u32 (desc->u.fpr+12);
keyid[1] = buf32_to_u32 (desc->u.fpr+16);
return keystr(keyid);
}
@ -427,8 +422,8 @@ keyid_from_pk (PKT_public_key *pk, u32 *keyid)
if(md)
{
dp = gcry_md_read ( md, 0 );
keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ;
keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
keyid[0] = buf32_to_u32 (dp+12);
keyid[1] = buf32_to_u32 (dp+16);
lowbits = keyid[1];
gcry_md_close (md);
pk->keyid[0] = keyid[0];
@ -474,8 +469,8 @@ keyid_from_fingerprint( const byte *fprint, size_t fprint_len, u32 *keyid )
else
{
const byte *dp = fprint;
keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ;
keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
keyid[0] = buf32_to_u32 (dp+12);
keyid[1] = buf32_to_u32 (dp+16);
}
return keyid[1];
@ -691,8 +686,8 @@ fingerprint_from_pk (PKT_public_key *pk, byte *array, size_t *ret_len)
if (!array)
array = xmalloc ( len );
memcpy (array, dp, len );
pk->keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ;
pk->keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
pk->keyid[0] = buf32_to_u32 (dp+12);
pk->keyid[1] = buf32_to_u32 (dp+16);
gcry_md_close( md);
if (ret_len)

10
g10/misc.c
View file

@ -278,16 +278,6 @@ checksum_mpi (gcry_mpi_t a)
return csum;
}
u32
buffer_to_u32( const byte *buffer )
{
unsigned long a;
a = *buffer << 24;
a |= buffer[1] << 16;
a |= buffer[2] << 8;
a |= buffer[3];
return a;
}
void
print_pubkey_algo_note (pubkey_algo_t algo)

37
g10/parse-packet.c
View file

@ -34,6 +34,7 @@
#include "options.h"
#include "main.h"
#include "i18n.h"
#include "host2net.h"
/* Maximum length of packets to avoid excessive memory allocation. */
@ -90,7 +91,7 @@ static unsigned short
read_16 (IOBUF inp)
{
unsigned short a;
a = iobuf_get_noeof (inp) << 8;
a = (unsigned short)iobuf_get_noeof (inp) << 8;
a |= iobuf_get_noeof (inp);
return a;
}
@ -100,7 +101,7 @@ static unsigned long
read_32 (IOBUF inp)
{
unsigned long a;
a = iobuf_get_noeof (inp) << 24;
a = (unsigned long)iobuf_get_noeof (inp) << 24;
a |= iobuf_get_noeof (inp) << 16;
a |= iobuf_get_noeof (inp) << 8;
a |= iobuf_get_noeof (inp);
@ -486,7 +487,7 @@ parse (IOBUF inp, PACKET * pkt, int onlykeypkts, off_t * retpos,
}
else if (c == 255)
{
pktlen = (hdr[hdrlen++] = iobuf_get_noeof (inp)) << 24;
pktlen = (unsigned long)(hdr[hdrlen++] = iobuf_get_noeof (inp)) << 24;
pktlen |= (hdr[hdrlen++] = iobuf_get_noeof (inp)) << 16;
pktlen |= (hdr[hdrlen++] = iobuf_get_noeof (inp)) << 8;
if ((c = iobuf_get (inp)) == -1)
@ -1132,14 +1133,14 @@ dump_sig_subpkt (int hashed, int type, int critical,
case SIGSUBPKT_SIG_CREATED:
if (length >= 4)
es_fprintf (listfp, "sig created %s",
strtimestamp (buffer_to_u32 (buffer)));
strtimestamp (buf32_to_u32 (buffer)));
break;
case SIGSUBPKT_SIG_EXPIRE:
if (length >= 4)
{
if (buffer_to_u32 (buffer))
if (buf32_to_u32 (buffer))
es_fprintf (listfp, "sig expires after %s",
strtimevalue (buffer_to_u32 (buffer)));
strtimevalue (buf32_to_u32 (buffer)));
else
es_fprintf (listfp, "sig does not expire");
}
@ -1172,9 +1173,9 @@ dump_sig_subpkt (int hashed, int type, int critical,
case SIGSUBPKT_KEY_EXPIRE:
if (length >= 4)
{
if (buffer_to_u32 (buffer))
if (buf32_to_u32 (buffer))
es_fprintf (listfp, "key expires after %s",
strtimevalue (buffer_to_u32 (buffer)));
strtimevalue (buf32_to_u32 (buffer)));
else
es_fprintf (listfp, "key does not expire");
}
@ -1198,8 +1199,8 @@ dump_sig_subpkt (int hashed, int type, int critical,
case SIGSUBPKT_ISSUER:
if (length >= 8)
es_fprintf (listfp, "issuer key ID %08lX%08lX",
(ulong) buffer_to_u32 (buffer),
(ulong) buffer_to_u32 (buffer + 4));
(ulong) buf32_to_u32 (buffer),
(ulong) buf32_to_u32 (buffer + 4));
break;
case SIGSUBPKT_NOTATION:
{
@ -1461,8 +1462,7 @@ enum_sig_subpkt (const subpktarea_t * pktbuf, sigsubpkttype_t reqtype,
{
if (buflen < 4)
goto too_short;
n = (buffer[0] << 24) | (buffer[1] << 16)
| (buffer[2] << 8) | buffer[3];
n = buf32_to_size_t (buffer);
buffer += 4;
buflen -= 4;
}
@ -1735,7 +1735,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_CREATED, NULL);
if (p)
sig->timestamp = buffer_to_u32 (p);
sig->timestamp = buf32_to_u32 (p);
else if (!(sig->pubkey_algo >= 100 && sig->pubkey_algo <= 110)
&& opt.verbose)
log_info ("signature packet without timestamp\n");
@ -1743,16 +1743,16 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
p = parse_sig_subpkt2 (sig, SIGSUBPKT_ISSUER, NULL);
if (p)
{
sig->keyid[0] = buffer_to_u32 (p);
sig->keyid[1] = buffer_to_u32 (p + 4);
sig->keyid[0] = buf32_to_u32 (p);
sig->keyid[1] = buf32_to_u32 (p + 4);
}
else if (!(sig->pubkey_algo >= 100 && sig->pubkey_algo <= 110)
&& opt.verbose)
log_info ("signature packet without keyid\n");
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL);
if (p && buffer_to_u32 (p))
sig->expiredate = sig->timestamp + buffer_to_u32 (p);
if (p && buf32_to_u32 (p))
sig->expiredate = sig->timestamp + buf32_to_u32 (p);
if (sig->expiredate && sig->expiredate <= make_timestamp ())
sig->flags.expired = 1;
@ -2365,8 +2365,7 @@ parse_attribute_subpkts (PKT_user_id * uid)
{
if (buflen < 4)
goto too_short;
n = (buffer[0] << 24) | (buffer[1] << 16)
| (buffer[2] << 8) | buffer[3];
n = buf32_to_size_t (buffer);
buffer += 4;
buflen -= 4;
}

4
g10/pubkey-enc.c
View file

@ -35,6 +35,7 @@
#include "i18n.h"
#include "pkglue.h"
#include "call-agent.h"
#include "host2net.h"
static gpg_error_t get_it (PKT_pubkey_enc *k,
@ -321,8 +322,7 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
}
/* Copy the key to DEK and compare the checksum. */
csum = frame[nframe - 2] << 8;
csum |= frame[nframe - 1];
csum = buf16_to_u16 (frame+nframe-2);
memcpy (dek->key, frame + n, dek->keylen);
for (csum2 = 0, n = 0; n < dek->keylen; n++)
csum2 += dek->key[n];

2
g10/seckey-cert.c
View file

@ -115,7 +115,7 @@ xxxx_do_check( PKT_secret_key *sk, const char *tryagain_text, int mode,
ndata = (ndatabits+7)/8;
if ( ndata > 1 )
csumc = p[ndata-2] << 8 | p[ndata-1];
csumc = buf16_to_u16 (p+ndata-2);
data = xmalloc_secure ( ndata );
gcry_cipher_decrypt ( cipher_hd, data, ndata, p, ndata );
gcry_mpi_release (sk->skey[i]); sk->skey[i] = NULL ;

20
g10/tdbio.c
View file

@ -1257,13 +1257,13 @@ tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected )
rec->r.ver.trust_model = *p++;
rec->r.ver.min_cert_level = *p++;
p += 2;
rec->r.ver.created = buftoulong(p); p += 4;
rec->r.ver.nextcheck = buftoulong(p); p += 4;
rec->r.ver.created = buf32_to_ulong(p); p += 4;
rec->r.ver.nextcheck = buf32_to_ulong(p); p += 4;
p += 4;
p += 4;
rec->r.ver.firstfree =buftoulong(p); p += 4;
rec->r.ver.firstfree =buf32_to_ulong(p); p += 4;
p += 4;
rec->r.ver.trusthashtbl =buftoulong(p); p += 4;
rec->r.ver.trusthashtbl =buf32_to_ulong(p); p += 4;
if( recnum ) {
log_error( _("%s: version record with recnum %lu\n"), db_name,
(ulong)recnum );
@ -1276,17 +1276,17 @@ tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected )
}
break;
case RECTYPE_FREE:
rec->r.free.next = buftoulong(p); p += 4;
rec->r.free.next = buf32_to_ulong(p); p += 4;
break;
case RECTYPE_HTBL:
for(i=0; i < ITEMS_PER_HTBL_RECORD; i++ ) {
rec->r.htbl.item[i] = buftoulong(p); p += 4;
rec->r.htbl.item[i] = buf32_to_ulong(p); p += 4;
}
break;
case RECTYPE_HLST:
rec->r.hlst.next = buftoulong(p); p += 4;
rec->r.hlst.next = buf32_to_ulong(p); p += 4;
for(i=0; i < ITEMS_PER_HLST_RECORD; i++ ) {
rec->r.hlst.rnum[i] = buftoulong(p); p += 4;
rec->r.hlst.rnum[i] = buf32_to_ulong(p); p += 4;
}
break;
case RECTYPE_TRUST:
@ -1295,12 +1295,12 @@ tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected )
rec->r.trust.depth = *p++;
rec->r.trust.min_ownertrust = *p++;
p++;
rec->r.trust.validlist = buftoulong(p); p += 4;
rec->r.trust.validlist = buf32_to_ulong(p); p += 4;
break;
case RECTYPE_VALID:
memcpy( rec->r.valid.namehash, p, 20); p+=20;
rec->r.valid.validity = *p++;
rec->r.valid.next = buftoulong(p); p += 4;
rec->r.valid.next = buf32_to_ulong(p); p += 4;
rec->r.valid.full_count = *p++;
rec->r.valid.marginal_count = *p++;
break;

3
g10/trust.c
View file

@ -33,6 +33,7 @@
#include "main.h"
#include "i18n.h"
#include "trustdb.h"
#include "host2net.h"
/* Return true if key is disabled. Note that this is usually used via
@ -536,7 +537,7 @@ mark_usable_uid_certs (kbnode_t keyblock, kbnode_t uidnode,
u32 expire;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL );
expire = p? sig->timestamp + buffer_to_u32(p) : 0;
expire = p? sig->timestamp + buf32_to_u32(p) : 0;
if (expire==0 || expire > curtime )
{