1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-09 21:28:51 +01:00
Commit Graph

4926 Commits

Author SHA1 Message Date
NIIBE Yutaka
22b15fccff dirmngr: fix LDAP query PATTERNS limit check.
* dirmngr/ldap.c (start_cert_fetch_ldap): fix ARGC limitation.

--

Reported-by: Joshua Rogers <honey@internot.info>

Debian-Bug-Id: 773507
2015-01-07 16:56:43 +09:00
NIIBE Yutaka
602f17b5a7 scd: fix merge failure.
* scd/apdu.c (pcsc_pinpad_verify): Remove wrong lines inserted by
merge.

--

Thanks to Joshua Rogers for reviewing and reporting.
2015-01-07 08:15:12 +09:00
Werner Koch
9bf40849a9 sm,g13: Init local vars to avoid compiler warnings.
* sm/misc.c (transform_sigval): Init RSA_S_LEN.
* g13/mount.c (read_keyblob): Init HEADERLEN.
--

Not a bug but the compiler (gcc 4.9.1) can't detect that it is not
used uninitialized.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-05 15:15:37 +01:00
Werner Koch
616e511f27 gpg: Remove unused args from a function.
* g10/keyserver.c (parse_keyserver_uri): Remove args configname and
configlineno.  Change all callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-05 15:15:36 +01:00
Werner Koch
56e6888233 gpg: Clear a possible rest of the KDF secret buffer.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Fix order of args.
--

That bug has been here since the beginning.  The entire function needs
a review or be be moved to Libgcrypt.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-05 15:15:28 +01:00
Werner Koch
445bb17d5f build: Require automake 1.14.
* configure.ac (AM_INIT_AUTOMAKE): Add serial-tests.
2015-01-05 14:55:36 +01:00
Werner Koch
ac2cb47fc5 agent: Make --allow-loopback-pinentry gpgconf changeable. 2015-01-04 17:19:06 +01:00
Joshua Rogers
cf88337f8a tools: Free variable before return
* tools/gpgconf-comp.c: Free 'dest_filename' before it is returned
upon error.
--

Signed-off-by: Joshua Rogers <git@internot.info>
2014-12-22 16:20:55 +01:00
Werner Koch
d2d8481e38 Register DCO for Joshua Rogers.
--
2014-12-22 14:27:33 +01:00
Daniel Kahn Gillmor
ed8383c618 sm: Avoid double-free on iconv failure
* sm/minip12.c: (p12_build) if jnlib_iconv_open fails, avoid
double-free of pwbuf.

--

Observed by Joshua Rogers <honey@internot.info>, who proposed a
slightly different fix.

Debian-Bug-Id: 773472

Added fix at a second place - wk.
2014-12-22 14:00:38 +01:00
Daniel Kahn Gillmor
b0b3803e8c scd: Avoid double-free on error condition in scd
* scd/command.c (cmd_readkey): avoid double-free of cert

--

When ksba_cert_new() fails, cert will be double-freed.

Debian-Bug-Id: 773471

Original patch changed by wk to do the free only at leave.
2014-12-22 13:17:50 +01:00
Daniel Kahn Gillmor
367b073ab5 avoid future chance of using uninitialized memory
* common/iobuf.c: (iobuf_open): initialize len

--

In iobuf_open, IOBUFCTRL_DESC and IOBUFCTRL_INIT commands are invoked
(via file_filter()) on fcx, passing in a pointer to an uninitialized
len.

With these two commands, file_filter doesn't actually do anything with
the value of len, so there's no actual risk of use of uninitialized
memory in the code as it stands.

However, some static analysis tools might flag this situation with a
warning, and initializing the value doesn't hurt anything, so i think
this trivial cleanup is warranted.

Debian-Bug-Id: 773469
2014-12-22 13:14:17 +01:00
Daniel Kahn Gillmor
628b111fa6 avoid double-close in unusual dotlock situations
* common/dotlock.c: (dotlock_create_unix) avoid double-close()
 in unusual situations.

--

close(2) says:

 close() should not be retried after an EINTR since this  may
       cause a reused descriptor from another thread to be closed.

Before this patch was applied, if close(fd) failed with EINTR, it
would be closed again in the write_failed: block.

It could also have been closed a second time in the case that
(use_hardlinks_p (h->tname)) evaluated to something other than 0 or 1.

This patch avoids both of those scenarios.

Note that close() could still be called twice on the same file
descriptor if the first close(fd) fails but errno is not EINTR.  I'm
not sure the right thing to do in that scenario.  An alternate
resolution could be to unequivocally set fd to -1 after the first
failed close(fd), avoiding the errno == EINTR test.

Debian-Bug-Id: 773423
2014-12-22 12:56:13 +01:00
Daniel Kahn Gillmor
351bca9047 gpgkey2ssh: clean up varargs
* tools/gpgkey2ssh.c (key_to_blob) : ensure that va_end is called.

--

stdarg(3) says:
       Each invocation of va_start() must be matched by a
       corresponding invocation of va_end() in the same function.

Observed by Joshua Rogers <honey@internot.info>

Debian-Bug-Id: 773415
2014-12-22 12:49:03 +01:00
Werner Koch
6056d24673 doc: Fix memory leak in yat2m.
* doc/yat2m.c (write_th): Free NAME.
--

Reported-by: Joshua Rogers <git@internot.info>
2014-12-22 12:44:13 +01:00
Werner Koch
5a556e4e88 dirmngr: Fix memory leak.
* dirmngr/server.c (cmd_ks_search, cmd_ks_get): Fix memory leak.

* dirmngr/ks-engine-hkp.c (ks_hkp_mark_host): Remove double check.
--

Reported-by: Joshua Rogers <git@internot.info>
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-22 12:39:14 +01:00
Werner Koch
0d5cb55402 dirmngr: Remove un-needed check.
* dirmngr/crlfetch.c (crl_fetch): Check that URL is not NULL.
--

Reported-by: Joshua Rogers <git@internot.info>

  "Remove un-needed check. If 'url' were not to be true,
   http_parse_uri(parse_uri(do_parse_uri))) would fail, leaving 'err'
   false."

In addition I added an explicit check for the URL arg not beeing NULL.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-22 12:39:14 +01:00
Werner Koch
abd5f6752d dirmngr,gpgsm: Return NULL on fail
* dirmngr/ldapserver.c (ldapserver_parse_one): Set SERVER to NULL.
* sm/gpgsm.c (parse_keyserver_line): Ditto.
--

Reported-by: Joshua Rogers <git@internot.info>

  "If something inside the ldapserver_parse_one function failed,
   'server' would be freed, then returned, leading to a
   use-after-free.  This code is likely copied from sm/gpgsm.c, which
   was also susceptible to this bug."

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-22 12:39:14 +01:00
NIIBE Yutaka
bdc8efbdd1 scd: ECDH Support.
* agent/divert-scd.c (divert_pkdecrypt): Support ECDH.
* scd/app-openpgp.c (get_algo_byte, store_fpr): Support ECDH.
(send_key_attr): Support ECDH.  Fix EdDSA algorithm value.
(retrieve_key_material): Initialize fields.
(get_public_key, ecc_writekey, do_writekey): Support ECDH.
(ecdh_writekey): Remove.
(do_decipher): Support ECDH.
(parse_algorithm_attribute): Support ECDH.  Fix EdDSA.

--

Following the gpg-agent protocol, SCDaemon's counter part is now
implemented.
2014-12-22 09:27:00 +09:00
Werner Koch
7614014169 agent: Make sure --max-cache-ttl is >= --default-cache-ttl.
* agent/gpg-agent.c (finalize_rereadable_options): New.
(main, reread_configuration): Call it.
--

This change should help to avoid surprising behaviour.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-19 13:28:14 +01:00
Werner Koch
14601eacb5 agent: Keep the session environment for restricted connections.
* agent/command-ssh.c (setup_ssh_env): Move code to ...
* agent/gpg-agent.c (agent_copy_startup_env): .. new function.  Change
calllers.
* agent/command.c (start_command_handler): Call that fucntion for
restricted connections.
--

A remote connection is and should not be able to setup the local
session environment.  However, unless --keep-display is used we would
be left without an environment and thus pinentry can't be used.  The
fix is the same as used for ssh-agent connection: We use the default
environment as used at the startup of the agent.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-19 13:07:09 +01:00
Werner Koch
aad8963f7b agent: Fix string prepended to remotely initiated prompts.
* agent/command.c (cmd_setkeydesc): Use %0A and not \n. Make
translatable.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-19 12:03:38 +01:00
Werner Koch
abec64f3cb build: Remove option to build without agent.
* configure.ac (build-agent): Set to yes.
2014-12-18 09:38:41 +01:00
Werner Koch
5cb6df8996 gpgconf: Exit with failure if --launch fails.
* tools/gpgconf-comp.c (gc_component_launch): Return an error code.
* tools/gpgconf.c (main): Exit if launch failed.
--
GnuPG-bug-id: 1791
2014-12-17 10:39:31 +01:00
NIIBE Yutaka
b1b1923b06 po: Update Japanese Translation.
--

Investigated who is P.KATOH, and fixed the header, accordingly.
2014-12-17 09:54:19 +09:00
Werner Koch
22168c8359 Post release updates
--
2014-12-16 17:00:45 +01:00
Werner Koch
08c00cd4fe Release 2.1.1 2014-12-16 15:53:28 +01:00
Werner Koch
2c8360c20e po: auto update
--
2014-12-16 15:52:44 +01:00
Werner Koch
4ba740bd47 po: Update the German translation 2014-12-16 15:51:48 +01:00
Petr Pisar
30560491fe po: Update Czech translation 2014-12-16 15:34:03 +01:00
Werner Koch
ce92129240 gpg: Show private DO information in the card status.
* g10/call-agent.c (agent_release_card_info): Free private_do.
(learn_status_cb): Parse PRIVATE-DO-n stati.
--

Reported-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>

Provided patch extended to release the memory.
2014-12-16 13:10:09 +01:00
Ineiev
5ab5b3fa69 po: Update Russian translation 2014-12-16 11:40:11 +01:00
Jedi
668dc6b32c po: Update zh_TW translation 2014-12-16 11:34:39 +01:00
Werner Koch
dd65e21cb4 gpg: Add sub-command "factory-reset" to --card-edit.
* common/util.h (GPG_ERR_OBJ_TERM_STATE): New.
* scd/iso7816.c (map_sw): Add this error code.
* scd/app-openpgp.c (do_getattr): Return the life cycle indicator.
* scd/app.c (select_application): Allow a return value of
GPG_ERR_OBJ_TERM_STATE.
* scd/scdaemon.c (set_debug): Print the DBG_READER value.
* g10/call-agent.c (start_agent): Print a status line for the
termination state.
(agent_scd_learn): Make arg "info" optional.
(agent_scd_apdu): New.
* g10/card-util.c (send_apdu): New.
(factory_reset): New.
(card_edit): Add command factory-reset.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-15 17:38:40 +01:00
Werner Koch
fc9a35d2de gpg: Fix regression in notation data regression.
* g10/misc.c (pct_expando): Reorder conditions for clarity.
* g10/sign.c (write_signature_packets): Fix notation data creation.
--

Also re-added the check for signature version > 3.

Reported-by: MFPA
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-15 09:50:19 +01:00
Werner Koch
b4e402cb5c gpg: Avoid extra LF in notaion data listing.
* g10/keylist.c (show_notation): Use log_printf.
2014-12-15 09:47:21 +01:00
Werner Koch
38b583ab3c doc: Typo fixes.
--
2014-12-14 12:15:21 +01:00
Werner Koch
68b4e7c9e4 scd: Fix possibly inhibited checkpin of the admin pin.
* scd/app-openpgp.c (do_check_pin): Do not check a byte of a released
buffer.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-12 20:11:36 +01:00
Werner Koch
f3f9f9b284 gpg: Let --card--status create a shadow key (card key stub).
* agent/command.c (cmd_learn): Add option --sendinfo.
* agent/learncard.c (agent_handle_learn): Add arg "send" andsend
certifciate only if that is set.
* g10/call-agent.c (agent_scd_learn): Use --sendinfo.  Make INFO
optional.
(agent_learn): Remove.
* g10/keygen.c (gen_card_key): Replace agent_learn by agent_scd_learn.
--

The requirement of using --card-status on the first use of card on a
new box is a bit annoying but the alternative of always checking
whether a card is available before a decryption starts does not sound
promising either.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-12 12:47:28 +01:00
Werner Koch
193815030d gpg: Fix possible read of unallocated memory
* g10/parse-packet.c (can_handle_critical): Check content length
before calling can_handle_critical_notation.
--

The problem was found by Jan Bee and gniibe proposed the used fix.
Thanks.

This bug can't be exploited: Only if the announced length of the
notation is 21 or 32 a memcmp against fixed strings using that length
would be done.  The compared data is followed by the actual signature
and thus it is highly likely that not even read of unallocated memory
will happen.  Nevertheless such a bug needs to be fixed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-12 10:41:25 +01:00
Werner Koch
1d8ebe4d54 build: Replace deprecated autconf macro.
* m4/intl.m4: s/AM_PROG_MKDIR_P/AC_PROG_MKDIR_P/
* m4/po.m4: Ditto.
--

In preparation of moving to automake 1.14.

GnuPG-bug-id: 1776
2014-12-11 15:15:43 +01:00
Werner Koch
e8c0ed7795 dirmngr: Improve dead host detection.
* dirmngr/ks-engine-hkp.c (handle_send_request_error): Mark host dead
also for 2 other error messages.
2014-12-08 17:13:11 +01:00
Werner Koch
6d5f128341 http: Improve diagnostic messages.
* common/http.c (send_request): Print TLS alert info
(connect_server): Detect bogus DNS entry.
--

1. Prints the TLS alert description.

2. Detect case where the DNS returns an IP address but the server is
   not reachable at this address.  This may happen for a server which
   is reachable only at IPv6 but but the local machine has no full
   IPv6 configuration.
2014-12-08 17:12:23 +01:00
Werner Koch
5bf93f4ea7 gpg: Obsolete some keyserver helper options.
* g10/options.h (opt): Remove keyserver_options.other.
* g10/gpg.c (main): Obsolete option --honor-http-proxt.
* g10/keyserver.c (add_canonical_option): Replace by ...
(warn_kshelper_option): New.
(parse_keyserver_uri): Obsolete "x-broken-http".
--

Some of these options are deprecated for 10 years and they do not make
any sense without the keyserver helpers.  For one we print a hint on
how to replace it:

  gpg: keyserver option 'ca-cert-file' is obsolete; \
  please use 'hkp-cacert' in dirmngr.conf

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-08 15:14:35 +01:00
Werner Koch
cdc404fe52 gpg: Add OpenPGP card vendor 0x1337.
--
2014-12-08 11:46:48 +01:00
Werner Koch
b72ece6d74 dirmngr: Return a proper error for all dead hosts.
* dirmngr/ks-engine-hkp.c (map_host): Change to return an gpg_error_t.
Return an error code for all dead hosts.
(make_host_part): Change to return an gpg_error_t.  Change all
callers.
--

The functions used to return an error code via ERRNO.  However, this
does not allow to return extra error codes in a portable way.  Thus we
change the function to directly return a gpg_error_t.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-08 11:15:26 +01:00
Werner Koch
66ab8f807c gpg: Write a status line for a failed --send-keys.
* g10/keyserver.c (keyserver_put): Write an status error.
2014-12-08 11:15:25 +01:00
NIIBE Yutaka
c50c11d575 scd: Fix for EdDSA.
* scd/app-openpgp.c (get_algo_byte): It catches 22.
(store_fpr): It's MPI usually, but it's opaque bytes for EdDSA.
2014-12-08 10:21:55 +09:00
Andre Heinecke
f4ed04fca8 Document no-allow-mark-trusted option
doc: Document no-allow-mark-trusted for gpg-agent

    * doc/gpg-agent.texi: Change allow-mark-trusted doc to
    no-allow-mark-trusted.

    --
    Since rev. 78a56b14 allow-mark-trusted is the default option
    and was replaced by no-allow-mark-trusted to disable the
    interactive prompt.

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2014-12-05 15:26:37 +01:00
NIIBE Yutaka
8720125f5a scd: Fix for NIST P-256.
* g10/card-util.c (card_store_subkey): Error check.
* scd/app-opengpg.c (ecc_writekey): Support NIST P-256.
(do_writekey): Error check.
2014-12-05 14:20:50 +09:00