security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

scd: More fix for Curve25519 prefix handling.

Browse Source 
* scd/app-openpgp.c (do_decipher): Handle trancated cipher text.
Also fix xfree bug introduced.

--

In old format with no prefix, cipher text can be trancated when it
is parsed as MPI.  Recover the value adding back zeros.

Fixes-commit: 11b2691eddc42e91651e4f95dd2731255a3e9211
This commit is contained in:
NIIBE Yutaka 2015-12-04 14:02:48 +09:00
parent e28f2e7a2f
commit f747adfa21
1 changed files with 31 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
scd/app-openpgp.c
View File

@ -4175,14 +4175,25 @@ do_decipher (app_t app, const char *keyidstr,
} }
else if (app->app_local->keyattr[1].key_type == KEY_TYPE_ECC) else if (app->app_local->keyattr[1].key_type == KEY_TYPE_ECC)
{ {
if (app->app_local->keyattr[1].ecc.flags int old_format_len = 0;
&& (indatalen%2))
{ /* if (app->app_local->keyattr[1].ecc.flags)
* Skip the prefix. It may be 0x40 (in new format), or MPI {
* head of 0x00 (in old format). if (indatalen > 32 + 1)
*/ { /*
indata = (const char *)indata + 1; * Skip the prefix. It may be 0x40 (in new format), or MPI
indatalen--; * head of 0x00 (in old format).
*/
indata = (const char *)indata + 1;
indatalen--;
}
else if (indatalen < 32)
{ /*
* Old format trancated by MPI handling.
*/
old_format_len = indatalen;
indatalen = 32;
}
} }
fixuplen = 7; fixuplen = 7;
@ -4198,7 +4209,16 @@ do_decipher (app_t app, const char *keyidstr,
fixbuf[4] = (char)(indatalen+2); fixbuf[4] = (char)(indatalen+2);
fixbuf[5] = '\x86'; fixbuf[5] = '\x86';
fixbuf[6] = (char)indatalen; fixbuf[6] = (char)indatalen;
memcpy (fixbuf+fixuplen, indata, indatalen); if (old_format_len)
{
memset (fixbuf+fixuplen, 0, 32 - old_format_len);
memcpy (fixbuf+fixuplen + 32 - old_format_len,
indata, old_format_len);
}
else
{
memcpy (fixbuf+fixuplen, indata, indatalen);
}
indata = fixbuf; indata = fixbuf;
indatalen = fixuplen + indatalen; indatalen = fixuplen + indatalen;
@ -4230,12 +4250,12 @@ do_decipher (app_t app, const char *keyidstr,
fixbuf = xtrymalloc (*outdatalen + 1); fixbuf = xtrymalloc (*outdatalen + 1);
if (!fixbuf) if (!fixbuf)
{ {
xfree (outdata); xfree (*outdata);
return gpg_error_from_syserror (); return gpg_error_from_syserror ();
} }
fixbuf[0] = 0x40; fixbuf[0] = 0x40;
memcpy (fixbuf+1, *outdata, *outdatalen); memcpy (fixbuf+1, *outdata, *outdatalen);
xfree (outdata); xfree (*outdata);
*outdata = fixbuf; *outdata = fixbuf;
*outdatalen = *outdatalen + 1; *outdatalen = *outdatalen + 1;
} }