1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

gpg: Set a limit for a WKD import of 256 KiB.

* g10/call-dirmngr.c (MAX_WKD_RESULT_LENGTH): New.
(gpg_dirmngr_wkd_get): Use it.
--

WKD should return only a single key with just one UID.  For key
rollover 2 keys may be send.  A total of 256 KiB seems to be a
generous limit here.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit e88f56f1937ac92f6a3b94e50b6db2649ec0be41)
This commit is contained in:
Werner Koch 2018-07-27 17:35:00 +02:00
parent 8a98aa25bb
commit f1c0d9bb65
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B

View File

@ -41,6 +41,12 @@
#include "call-dirmngr.h"
/* Keys retrieved from the web key directory should be small. There
* is only one UID and we can expect that the number of subkeys is
* reasonable. So we set a generous limit of 256 KiB. */
#define MAX_WKD_RESULT_LENGTH (256 * 1024)
/* Parameter structure used to gather status info. Note that it is
* also used for WKD requests. */
struct ks_status_parm_s
@ -1365,7 +1371,7 @@ gpg_dirmngr_wkd_get (ctrl_t ctrl, const char *name, int quick,
goto leave;
}
parm.memfp = es_fopenmem (0, "rwb");
parm.memfp = es_fopenmem (MAX_WKD_RESULT_LENGTH, "rwb");
if (!parm.memfp)
{
err = gpg_error_from_syserror ();
@ -1373,6 +1379,8 @@ gpg_dirmngr_wkd_get (ctrl_t ctrl, const char *name, int quick,
}
err = assuan_transact (ctx, line, dns_cert_data_cb, &parm,
NULL, NULL, ks_status_cb, &stparm);
if (gpg_err_code (err) == GPG_ERR_ENOSPC)
err = gpg_error (GPG_ERR_TOO_LARGE);
if (err)
goto leave;