security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

wkd: Fix path traversal attack on gpg-wks-server.

Browse source 
* tools/gpg-wks-server.c (check_and_publish): Check for invalid
characters in sender controlled data.
* tools/wks-util.c (wks_fname_from_userid): Ditto.
(wks_compute_hu_fname): Ditto.
(ensure_policy_file): Ditto.
This commit is contained in:
Werner Koch 2022-07-25 09:46:41 +02:00
parent 8c9f879d4a
commit c1489ca0e1
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
2 changed files with 25 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
tools/gpg-wks-server.c
View file

@ -1378,6 +1378,15 @@ check_and_publish (server_ctx_t ctx, const char *address, const char *nonce)
domain = strchr (address, '@');
log_assert (domain && domain[1]);
domain++;
if (strchr (domain, '/') || strchr (domain, '\\')
|| strchr (nonce, '/') || strchr (nonce, '\\'))
{
log_info ("invalid domain or nonce received ('%s', '%s')\n",
domain, nonce);
err = gpg_error (GPG_ERR_NOT_FOUND);
goto leave;
}
fname = make_filename_try (opt.directory, domain, "pending", nonce, NULL);
if (!fname)
{