gpg: Prepare revocation keys for use with v5 keys.

* g10/packet.h (struct revocation_key): Add field 'fprlen'. * g10/parse-packet.c (parse_revkeys): Set fprlen and allow for v5 keys. Also fix reading of unitialized data at place where MAX_FINGERPRINT_LEN is used. * g10/revoke.c (gen_desig_revoke): Allow for v5 keys and use fprlen. Do an explicit compare to avoid reading unitialized data. * g10/sig-check.c (check_revocation_keys): Use the fprlen. * g10/getkey.c (merge_selfsigs_main): Do an explicit copy to avoid reading unitialized data. * g10/import.c (revocation_present): Use fprlen. * g10/keyedit.c (show_key_with_all_names): Use fprlen. (menu_addrevoker): Use fprlen. Allow for v5 keys. * g10/keygen.c (keygen_add_revkey): Use fprlen. (parse_revocation_key): Allow for v5 keys. * g10/keyid.c (keyid_from_fingerprint): Allow for v5 keys. Print a better error message in case of bogus fingerprints. * g10/keylist.c (print_revokers): Use fprlen. -- The reading of uninitialized data is harmless but we better fix it to make valgrind happy. More serious was that we always passed MAX_FINGERPRINT_LEN but we will need to support 20 and 32 octet fingerprints and MAX_FINGERPRINT_LEN would be too large for a v4. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2018-12-04 15:43:19 +01:00 · 2018-12-04 15:43:19 +01:00 · c6e2ee0207
commit c6e2ee0207
parent ba46a359b9
10 changed files with 66 additions and 40 deletions
--- a/g10/keygen.c
+++ b/g10/keygen.c
@ -943,11 +943,13 @@ keygen_add_revkey (PKT_signature *sig, void *opaque)
  struct revocation_key *revkey = opaque;
  byte buf[2+MAX_FINGERPRINT_LEN];

+  log_assert (revkey->fprlen <= MAX_FINGERPRINT_LEN);
  buf[0] = revkey->class;
  buf[1] = revkey->algid;
-  memcpy (&buf[2], revkey->fpr, MAX_FINGERPRINT_LEN);
+  memcpy (buf + 2, revkey->fpr, revkey->fprlen);
+  memset (buf + 2 + revkey->fprlen, 0, sizeof (revkey->fpr) - revkey->fprlen);

-  build_sig_subpkt (sig, SIGSUBPKT_REV_KEY, buf, 2+MAX_FINGERPRINT_LEN);
+  build_sig_subpkt (sig, SIGSUBPKT_REV_KEY, buf, 2+revkey->fprlen);

  /* All sigs with revocation keys set are nonrevocable.  */
  sig->flags.revocable = 0;
@ -3526,6 +3528,8 @@ parse_revocation_key (const char *fname,

      revkey.fpr[i]=c;
    }
+  if (i != 20 && i != 32)
+    goto fail;

  /* skip to the tag */
  while(*pn && *pn!='s' && *pn!='S')
@ -3538,7 +3542,7 @@ parse_revocation_key (const char *fname,

  return 0;

-  fail:
+ fail:
  log_error("%s:%d: invalid revocation key\n", fname, r->lnr );
  return -1; /* error */
 }