mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
gpg: Limit the nesting level of I/O filters.
* until/iobuf.c (MAX_NESTING_FILTER): New. (iobuf_push_filter2): Limit the nesting level. -- This is a more general fix for the nested compression packet bug. In particular this helps g10/import.c:read_block to stop pushing compression filters onto an iobuf stream. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
d90a1d2340
commit
f10b184e48
11
util/iobuf.c
11
util/iobuf.c
@ -55,6 +55,11 @@
|
|||||||
|
|
||||||
#undef FILE_FILTER_USES_STDIO
|
#undef FILE_FILTER_USES_STDIO
|
||||||
|
|
||||||
|
/* To avoid a potential DoS with compression packets we better limit
|
||||||
|
the number of filters in a chain. */
|
||||||
|
#define MAX_NESTING_FILTER 64
|
||||||
|
|
||||||
|
|
||||||
#ifdef HAVE_DOSISH_SYSTEM
|
#ifdef HAVE_DOSISH_SYSTEM
|
||||||
#define USE_SETMODE 1
|
#define USE_SETMODE 1
|
||||||
#endif
|
#endif
|
||||||
@ -1403,6 +1408,12 @@ iobuf_push_filter2( IOBUF a,
|
|||||||
|
|
||||||
if( a->use == 2 && (rc=iobuf_flush(a)) )
|
if( a->use == 2 && (rc=iobuf_flush(a)) )
|
||||||
return rc;
|
return rc;
|
||||||
|
|
||||||
|
if (a->subno >= MAX_NESTING_FILTER) {
|
||||||
|
log_error ("i/o filter too deeply nested - corrupted data?\n");
|
||||||
|
return G10ERR_UNEXPECTED;
|
||||||
|
}
|
||||||
|
|
||||||
/* make a copy of the current stream, so that
|
/* make a copy of the current stream, so that
|
||||||
* A is the new stream and B the original one.
|
* A is the new stream and B the original one.
|
||||||
* The contents of the buffers are transferred to the
|
* The contents of the buffers are transferred to the
|
||||||
|
Loading…
x
Reference in New Issue
Block a user