security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

agent: Raise the maximum password length. Don't hard code it. 

* agent/agent.h (MAX_PASSPHRASE_LEN): Define.
* agent/command-ssh.c (ssh_identity_register): Use it instead of a
hard-coded literal.
* agent/cvt-openpgp.c (convert_from_openpgp_main): Likewise.
* agent/findkey.c (unprotect): Likewise.
* agent/genkey.c (agent_ask_new_passphrase): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
GnuPG-bug-id: 2038
This commit is contained in:
Neal H. Walfield 2015-08-24 16:14:09 +02:00
parent 3cf02192a8
commit 348a6ebb63
5 changed files with 17 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
agent/agent.h
View File

@ -47,6 +47,11 @@
/* Maximum length of a digest. */
#define MAX_DIGEST_LEN 64
/* The maximum length of a passphrase (in bytes). Note: this is
further contrained by the Assuan line length (and any other text on
the same line). However, the Assuan line length is 1k bytes so
this shouldn't be a problem in practice. */
#define MAX_PASSPHRASE_LEN 255
/* A large struct name "opt" to keep global flags */

8
agent/command-ssh.c
View File

@ -3094,17 +3094,17 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
goto out;
}
pi = gcry_calloc_secure (2, sizeof (*pi) + 100 + 1);
pi = gcry_calloc_secure (2, sizeof (*pi) + MAX_PASSPHRASE_LEN + 1);
if (!pi)
{
err = gpg_error_from_syserror ();
goto out;
}
pi2 = pi + (sizeof *pi + 100 + 1);
pi->max_length = 100;
pi2 = pi + (sizeof *pi + MAX_PASSPHRASE_LEN + 1);
pi->max_length = MAX_PASSPHRASE_LEN + 1;
pi->max_tries = 1;
pi->with_repeat = 1;
pi2->max_length = 100;
pi2->max_length = MAX_PASSPHRASE_LEN + 1;
pi2->max_tries = 1;
pi2->check_cb = reenter_compare_cb;
pi2->check_cb_arg = pi->pin;

4
agent/cvt-openpgp.c
View File

@ -918,10 +918,10 @@ convert_from_openpgp_main (ctrl_t ctrl, gcry_sexp_t s_pgp,
struct pin_entry_info_s *pi;
struct try_do_unprotect_arg_s pi_arg;
pi = xtrycalloc_secure (1, sizeof (*pi) + 100);
pi = xtrycalloc_secure (1, sizeof (*pi) + MAX_PASSPHRASE_LEN + 1);
if (!pi)
return gpg_error_from_syserror ();
pi->max_length = 100;
pi->max_length = MAX_PASSPHRASE_LEN + 1;
pi->min_digits = 0; /* We want a real passphrase. */
pi->max_digits = 16;
pi->max_tries = 3;

4
agent/findkey.c
View File

@ -450,10 +450,10 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text,
}
}
pi = gcry_calloc_secure (1, sizeof (*pi) + 100);
pi = gcry_calloc_secure (1, sizeof (*pi) + MAX_PASSPHRASE_LEN + 1);
if (!pi)
return gpg_error_from_syserror ();
pi->max_length = 100;
pi->max_length = MAX_PASSPHRASE_LEN + 1;
pi->min_digits = 0; /* we want a real passphrase */
pi->max_digits = 16;
pi->max_tries = 3;

8
agent/genkey.c
View File

@ -374,13 +374,13 @@ agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt,
return err;
}
pi = gcry_calloc_secure (2, sizeof (*pi) + 100);
pi2 = pi + (sizeof *pi + 100);
pi->max_length = 100;
pi = gcry_calloc_secure (2, sizeof (*pi) + MAX_PASSPHRASE_LEN + 1);
pi2 = pi + (sizeof *pi + MAX_PASSPHRASE_LEN + 1);
pi->max_length = MAX_PASSPHRASE_LEN + 1;
pi->max_tries = 3;
pi->with_qualitybar = 1;
pi->with_repeat = 1;
pi2->max_length = 100;
pi2->max_length = MAX_PASSPHRASE_LEN + 1;
pi2->max_tries = 3;
pi2->check_cb = reenter_compare_cb;
pi2->check_cb_arg = pi->pin;