security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-13 22:21:09 +02:00
Code Activity

gpg: Ignore too large user ids during import.

Browse Source 
* g10/import.c (read_block): Add special treatment for bad user ids
and comment packets.
--

See
GnuPG-bug-id: 4022
for an example of a bogus user id.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 01cd66f9faf1623833e6afac84164de5a136ecff)
This commit is contained in:
Werner Koch 2018-07-04 09:53:10 +02:00
parent 5b47b46132
commit cb6b925f94
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
g10/import.c
View File

@ -780,7 +780,7 @@ read_block( IOBUF a, int with_meta,
struct parse_packet_ctx_s parsectx; struct parse_packet_ctx_s parsectx;
PACKET *pkt; PACKET *pkt;
kbnode_t root = NULL; kbnode_t root = NULL;
int in_cert, in_v3key; int in_cert, in_v3key, skip_sigs;
*r_v3keys = 0; *r_v3keys = 0;
@ -799,6 +799,7 @@ read_block( IOBUF a, int with_meta,
if (!with_meta) if (!with_meta)
parsectx.skip_meta = 1; parsectx.skip_meta = 1;
in_v3key = 0; in_v3key = 0;
skip_sigs = 0;
while ((rc=parse_packet (&parsectx, pkt)) != -1) while ((rc=parse_packet (&parsectx, pkt)) != -1)
{ {
if (rc && (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY if (rc && (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY
@ -813,8 +814,25 @@ read_block( IOBUF a, int with_meta,
} }
else if (rc ) /* (ignore errors) */ else if (rc ) /* (ignore errors) */
{ {
skip_sigs = 0;
if (gpg_err_code (rc) == GPG_ERR_UNKNOWN_PACKET) if (gpg_err_code (rc) == GPG_ERR_UNKNOWN_PACKET)
; /* Do not show a diagnostic. */ ; /* Do not show a diagnostic. */
else if (gpg_err_code (rc) == GPG_ERR_INV_PACKET
&& (pkt->pkttype == PKT_USER_ID
|| pkt->pkttype == PKT_ATTRIBUTE))
{
/* This indicates a too large user id or attribute
* packet. We skip this packet and all following
* signatures. Sure, this won't allow to repair a
* garbled keyring in case one of the signatures belong
* to another user id. However, this better mitigates
* DoS using inserted user ids. */
skip_sigs = 1;
}
else if (gpg_err_code (rc) == GPG_ERR_INV_PACKET
&& (pkt->pkttype == PKT_OLD_COMMENT
|| pkt->pkttype == PKT_COMMENT))
; /* Ignore too large comment packets. */
else else
{ {
log_error("read_block: read error: %s\n", gpg_strerror (rc) ); log_error("read_block: read error: %s\n", gpg_strerror (rc) );
@ -826,6 +844,17 @@ read_block( IOBUF a, int with_meta,
continue; continue;
} }
if (skip_sigs)
{
if (pkt->pkttype == PKT_SIGNATURE)
{
free_packet (pkt, &parsectx);
init_packet (pkt);
continue;
}
skip_sigs = 0;
}
if (in_v3key && !(pkt->pkttype == PKT_PUBLIC_KEY if (in_v3key && !(pkt->pkttype == PKT_PUBLIC_KEY
|| pkt->pkttype == PKT_SECRET_KEY)) || pkt->pkttype == PKT_SECRET_KEY))
{ {