1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-04 20:38:50 +01:00
Commit Graph

4815 Commits

Author SHA1 Message Date
Werner Koch
f0f71a721c gpg: Prevent an invalid memory read using a garbled keyring.
* g10/keyring.c (keyring_get_keyblock): Whitelist allowed packet
types.
* g10/keydb.c (parse_keyblock_image): Ditto.
--

The keyring DB code did not reject packets which don't belong into a
keyring.  If for example the keyblock contains a literal data packet
it is expected that the processing code stops at the data packet and
reads from the input stream which is referenced from the data packets.
Obviously the keyring processing code does not and cannot do that.
However, when exporting this messes up the IOBUF and leads to an
invalid read of sizeof (int).

We now skip all packets which are not allowed in a keyring.

Reported-by: Hanno Böck <hanno@hboeck.de>

Test data:

  gpg2 --no-default-keyring --keyring FILE --export >/dev/null

With this unpacked data for FILE:

-----BEGIN PGP ARMORED FILE-----

mI0EVNP2zQEEALvETPVDCJDBXkegF4esiV1fqlne40yJnCmJeDEJYocwFPXfFA86
sSGjInzgDbpbC9gQPwq91Qe9x3Vy81CkyVonPOejhINlzfpzqAAa3A6viJccZTwt
DJ8E/I9jg53sbYW8q+VgfLn1hlggH/XQRT0HkXMP5y9ClURYnTsNwJhXABEBAAGs
CXRlc3QgdGVzdIi5BBMBCgAjBQJU0/bNAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwEC
HgECF4AACgkQlsmuCapsqYLvtQP/byY0tM0Lc3moftbHQZ2eHj9ykLjsCjeMDfPx
kZUUtUS3HQaqgZLZOeqPjM7XgGh5hJsd9pfhmRWJ0x+iGB47XQNpRTtdLBV/WMCS
l5z3uW7e9Md7QVUVuSlJnBgQHTS6EgP8JQadPkAiF+jgpJZXP+gFs2j3gobS0qUF
eyTtxs+wAgAD
=uIt9
-----END PGP ARMORED FILE-----

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-09 15:46:00 +01:00
Werner Koch
0835d2f44e gpg: Fix a NULL-deref in export due to invalid packet lengths.
* g10/build-packet.c (write_fake_data): Take care of a NULL stored as
opaque MPI.
--

Reported-by: Hanno Böck <hanno@hboeck.de>

Test data:

     gpg2 --no-default-keyring --keyring FILE --export

With this unpacked data for FILE:

-----BEGIN PGP ARMORED FILE-----
Version: GnuPG v2
Comment: Use "gpg --dearmor" for unpacking

mI0EGRkZGRkZGRkZGRkZGRkBGRkZGRkZGRkZGRkZGQAZGRkZGRkZGRkZGRkZGRkZ
GRkZInzgDbpa/9gQ4wq9////f3Vy81CkyVq3HQaqgZLZOeqPjM7XgGh5hJvAkpec
9wAAAgDHe0FVFbkppJZXP+gFs6z3gobS0qUFeyTtxs+wAgAD
=JDFT
-----END PGP ARMORED FILE-----

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-09 10:54:06 +01:00
Werner Koch
3997848786 gpg: Fix a NULL-deref due to empty ring trust packets.
* g10/parse-packet.c (parse_trust): Always allocate a packet.
--

Reported-by: Hanno Böck <hanno@hboeck.de>
Signed-off-by: Werner Koch <wk@gnupg.org>

Test data:

 gpg2 --no-default-keyring --keyring FILE --export

With this unpacked data for FILE:

-----BEGIN PGP ARMORED FILE-----
Version: GnuPG v2
Comment: Use "gpg --dearmor" for unpacking

mI0EVNP2zQEEALvETPVDCJDBXkegF4esiV1fqlne40yJnCmJeDEJYocwFPXfFA86
sSGjInzgDbpbC9gQPwq91Qe9x3Vy81CkyVonPOejhINlzfpzqAAa3A6viJccZTwt
DJ8E/I9jg53sbYW8q+VgfLn1hlggH/XQRT0HkXMP5y9ClURYnTsNwJhXABEBAAG0
CXRlc3QgdGVzdIi5BBMBCgAjBQJU0/bNAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwEC
HgECF4AACgkQlsmuCapsqYLvtQP/byY0tM0Lc3moftbHQZ2eHj9ykLjsCjeMDfPx
kZUUtUS3HQaqgZLZOeqPjM7XgGh5hJsd9pfhmRWJ0x+iGB47XQNpRTtdLBV/WMCS
l5z3uW7e9Md7QVUVuSlJnBgQHTS6EgP8JQadPkAiF+jgpJZXP+gFs2j3gobS0qUF
eyTtxs+wAAAD
=puSt
-----END PGP ARMORED FILE-----
2015-02-09 10:31:31 +01:00
Werner Koch
0de5c6a9a7 gpg-agent: Use "pinentry-basic" as fallback.
* common/homedir.c (get_default_pinentry_name): New.
(gnupg_module_name): Use that for the default pinentry.
(gnupg_module_name_flush_some): New.
* agent/gpg-agent.c (agent_sighup_action): Flush some module names.
* agent/call-pinentry.c (start_pinentry): Do not modify
opt.pinentry_program.
--

The idea with this change is that under Windows we can install a
simple native Windows pinentry as "pinentry-basic" and a full GUI
version may then later install pinentry-gtk etc which would then
automatically be used.

Unfortunately installing another pinentry from a different package
would clobber the GnuPG core directory which is not nice.  To fix that
we would need to agree on standard installation directories for GUIs
to also look there.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-04 10:28:38 +01:00
Werner Koch
05428d1256 w32: Add manifest to gpg.
* g10/gpg.w32-manifest.in: New.
* g10/gpg-w32info.rc: Add manifest.
* g10/Makefile.am (EXTRA_DIST): Add manifest.
(gpg-w32info.o): Depend on manifest.
* configure.ac (BUILD_VERSION): New.
(AC_CONFIG_FILES): Add manifest.
--

There are no dependencies yet defined - we need to do this for the
libs first.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-04 09:15:34 +01:00
Werner Koch
3f67426a89 Update copyright years.
* common/w32info-rc.h.in (W32INFO_COMPANYNAME): Change to "The GnuPG
Project".
2015-02-03 09:12:45 +01:00
Werner Koch
8872657b2a w32: Change default Windows install dir and add bin to PATH.
* build-aux/speedo.mk (WITH_GUI): New macro.  The Windows installer is
now build by default without any GUI stuff.
* build-aux/speedo/w32/inst.nsi: Change standard installation
directory.
(AddToPath, un.RemoveFromPath): New.
(gnupginst): Add bin directory to the PATH.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-02 10:34:18 +01:00
Werner Koch
616633b771 w32: Allow for Unicocde installation directory.
* common/homedir.c (w32_rootdir): Use Unicode fucntion not only for
WinCE.
--

This uses the same code We used for WindowsCE.  It has not been tested
with a Unicode requiring installation directory.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-01 15:27:32 +01:00
Joshua Rogers
7db6c82cec kbx: Fix resource leak.
* kbx/keybox-update.c (blob_filecopy): Fix resource leak.  On error
return, 'fp' and 'newfp' was never closed.

--

Signed-off-by: Joshua Rogers <git@internot.info>

[Log entry reformatted, and added more fixes - gniibe]
2015-01-30 11:48:47 +09:00
Werner Koch
6ab0fac575 agent: Fix use of imported but unprotected openpgp keys.
* agent/agent.h (PRIVATE_KEY_OPENPGP_NONE): New.
* agent/command.c (do_one_keyinfo): Implement it.
* agent/findkey.c (agent_key_from_file): Ditto.
(agent_key_info_from_file): Ditto.
(agent_delete_key): Ditto.
* agent/protect.c (agent_private_key_type): Add detection for openpgp
"none" method.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-29 16:26:07 +01:00
NIIBE Yutaka
6c368533f5 po: Update Japanese Translation. 2015-01-29 15:17:05 +09:00
Werner Koch
382ba4b137 gpg: Limit the size of key packets to a sensible value.
* g10/parse-packet.c (MAX_KEY_PACKET_LENGTH): New.
(MAX_UID_PACKET_LENGTH): New.
(MAX_COMMENT_PACKET_LENGTH): New.
(MAX_ATTR_PACKET_LENGTH): New.
(parse_key): Limit the size of a key packet to 256k.
(parse_user_id): Use macro for the packet size limit.
(parse_attribute): Ditto.
(parse_comment): Ditto.
--

Without that it is possible to force gpg to allocate large amounts of
memory by using a bad encoded MPI.  This would be an too easy DoS.
Another way to mitigate would be to change the MPI read function to
allocate memory dynamically while reading the MPI.  However, that
complicates and possibly slows down the code.  A too large key packet
is in any case a sign for broken data and thus gpg should not use it.

Reported-by: Hanno Böck
GnuPG-bug-id: 1823
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-28 20:32:28 +01:00
Werner Koch
d8eea25b8b gpg: Fix buffering problem in --list-config.
* g10/gpg.c (list_config): Replace print_sanitized_string2 by
es_write_sanitized.

* common/stringhelp.c (print_sanitized_buffer2): Remove.
(print_sanitized_buffer, print_sanitized_utf8_buffer): Remove.
(print_sanitized_utf8_buffer, print_sanitized_utf8_string): Remove.
(print_sanitized_string): Remove.

* sm/certdump.c (print_dn_part, print_dn_parts): Remove arg FP.
(pretty_print_sexp, gpgsm_print_name2, gpgsm_print_name): Remove.
--

Mixing stdio and estream is never a good idea.  This fix also allows
us to remove a lot of garbage.

Reported-by: Jason A. Donenfeld <Jason@zx2c4.com>
GnuPG-bug-id: 1822
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-28 20:12:21 +01:00
Werner Koch
0c2bfd9d5a Add a hook to be called right after main.
* common/init.c (early_system_init): New stub function.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-28 19:57:22 +01:00
Werner Koch
b1d5ed6ac8 gpg: Allow predefined names as answer to the keygen.algo prompt.
* g10/keygen.c (ask_algo): Add list of strings.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-28 09:12:36 +01:00
Werner Koch
7959654377 agent: Add some extra robustness to extract_private_key
* agent/cvt-openpgp.c (extract_private_key): Add arg "arraysize".
Make sure that R_FLAGS and R_CURVE are set to NULL.
--

Given that extract_private_key is not file local it is good to have some
extra asserts to protect against future wrong use.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-28 09:12:36 +01:00
NIIBE Yutaka
f6d3c6e526 scd: Fix varargs call for 64-bit arch on ECC keys.
* scd/app-openpgp.c (store_fpr): Remove CARD_VERSION from the
arguments.
(rsa_writekey): Follow the change.
(do_genkey): Likewise.
(ecc_writekey): Likewise.  Cast to size_t.

--

KEYTOCARD caused SEGV of scdaemon on 64-bit arch.  That's because
int is 32-bit, but size_t is 64-bit.
2015-01-28 11:24:29 +09:00
Werner Koch
6eebc56687 gpg: Fix segv introduced to commit 4d7c9b0.
* g10/keygen.c (get_parameter_passphrase): Take care of R == NULL.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-27 09:11:58 +01:00
NIIBE Yutaka
9453d645d4 agent: Fix agent_public_key_from_file for ECC.
* agent/cvt-openpgp.c (extract_private_key): New.
(convert_to_openpgp): Use extract_private_key.
* agent/findkey.c (agent_public_key_from_file): Use
extract_private_key.

--

This patch add support of ECC key with a curve name and flags.  Since
same functionality is also needed for convert_to_openpgp, it was
factored out into the extract_private_key function.
2015-01-27 09:30:11 +09:00
Werner Koch
6c87d1ce66 sm: Simplify fix ed8383c6
* sm/minip12.c (p12_build): Release PWBUF only at the end.
--

Suggested-by: Eygene Ryabinkin <rea@codelabs.ru>
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-26 17:56:52 +01:00
Joshua Rogers
274d7b17a9 ccid: Remove incorrect expression leading to errors.
* scd/ccid-driver.c (send_escape_cmd): Fix setting of 'rc'.
--

Variable 'rc' in send_escape_cmd was overwritten before it was
returned, leading to incorrect computation.

Signed-off-by: Joshua Rogers <git@internot.info>

[Log entry reformatted - wk]

(cherry picked from commit 3d9f8bf1dc)
2015-01-25 10:43:52 +01:00
Werner Koch
3f6abb57a7 gpgconf: Fix validity check for UINT32 values.
* tools/gpgconf-comp.c (option_check_validity): Enable check for
UINT32.
--

Reported-by: Günther Noack <gnoack@google.com>

This is actually a bug which inhibited the checking of values of type
UINT32.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-23 15:37:51 +01:00
Werner Koch
297b1a0d15 gpg,sm: Remove unnecessary duplicated checks
--

Reported-by: Günther Noack <gnoack@google.com>
2015-01-23 15:30:03 +01:00
Werner Koch
da4db172f6 doc: Fix some typos and add missing options.
--

GnuPG-bug-id: 1602

I added options shown with --help but missing in the man page.
However, --help won't show everything listed in the man age and
frankly there are even more options not listed anywhere (to see them
use --dump-options).
2015-01-22 17:49:55 +01:00
Werner Koch
09e8f35d38 gpg: Improve skipping of PGP-2 keys.
* g10/keydb.c (keydb_search_first, keydb_search_next): Skip legacy
keys.
* g10/keyring.c (keyring_get_keyblock): Handle GPG_ERR_LEGACY_KEY.
(prepare_search): Ditto.
(keyring_rebuild_cache): Skip legacy keys.
* g10/keyserver.c (keyidlist): Ditto.
* g10/trustdb.c (validate_key_list): Ditto.
--

This is not the most elegant way to handle it but it reduces the
chance for unwanted side effects.

GnuPG-bug-id: 1816
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-22 16:36:28 +01:00
Werner Koch
6f3d11d883 gpg: Add dedicated error code for PGP-2 keys.
* g10/parse-packet.c (parse_key): Return GPG_ERR_LEGACY_KEY for PGP2
keys.
* g10/import.c (read_block): Simplify by checking GPG_ERR_LEGACY_KEY.
* g10/getkey.c (lookup): Silence error message for PGP-2 keys.

* common/util.h (GPG_ERR_LEGACY_KEY): Add replacement for older
libgpg-error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-22 14:39:31 +01:00
Werner Koch
11142e0ad7 gpg: Replace remaining old error code macros by GPG_ERR_.
* g10/gpg.h (g10_errstr): Remove macro and change all occurrences by
gpg_strerror.
(G10ERR_): Remove all macros and change all occurrences by their
GPG_ERR_ counterparts.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-22 12:06:11 +01:00
Werner Koch
a23c30fb59 gpg: Remove an unused variable.
* g10/getkey.c (getkey_ctx_s): Remove last_rc.
2015-01-22 09:45:57 +01:00
Werner Koch
091c35ec72 dirmngr: Fix TLS build problems.
* dirmngr/Makefile.am (AM_CFLAGS): Add flags for TLS libs.
--

This should fix
GnuPG-bug-id: 1813.
2015-01-21 15:54:06 +01:00
Werner Koch
4d7c9b0e9a gpg: Support --passphrase with --quick-gen-key.
* g10/keygen.c: Include shareddefs.h.
(quick_generate_keypair): Support static passphrase.
(get_parameter_passphrase): New.
(do_generate_keypair): Use it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-21 12:45:22 +01:00
Werner Koch
aa99ebde77 gpg: Re-enable the "Passphrase" parameter for batch key generation.
* agent/command.c (cmd_genkey): Add option --inq-passwd.
* agent/genkey.c (agent_genkey): Add new arg override_passphrase.
* g10/call-agent.c (inq_genkey_parms): Handle NEWPASSWD keyword.
(agent_genkey): Add arg optional arg "passphrase".
* g10/keygen.c (common_gen, gen_elg, gen_dsa, gen_ecc)
(gen_rsa, do_create): Add arg "passphrase" and pass it through.
(do_generate_keypair): Make use of pPASSPHRASE.
(release_parameter_list): Wipe out a passphrase parameter.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-21 11:31:20 +01:00
Werner Koch
2a8fe0448d artwork: Crop and rename the commonly used logo.
--
2015-01-20 17:06:50 +01:00
Werner Koch
7be1b7d801 kbx: Minor cleanup for the previous fix.
* kbx/keybox-search.c (blob_get_keyid): Rename to
blob_get_first_keyid. Check number of keys and remove blob type check.
--

There is no need to check the blob type.  We already know that it is a
key blob type and keyids are used for X.509 and OpenPGP.  Also added
check for number of keys because the other parser functions do it as
well.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-19 14:58:06 +01:00
Damien Goutte-Gattat
c5956592c1 kbx: Call skipfnc callback to filter out keys
* kbx/keybox-search.c (blob_get_keyid): New.
(keybox-search): Call skipfnc callback function.
--

This patch (tentatively) fixes
GnuPG-bug-id: 1794

The keybox_search function in kbx/keybox-search.c currently ignores
the skipfnc callback, but the validate_key_list function in
g10/trustdb.c uses such a callback to exclude ultimately trusted keys.
2015-01-19 14:39:27 +01:00
Werner Koch
3da53e70b1 Register DCO for Damien Goutte-Gattat.
--
2015-01-19 11:06:59 +01:00
Andreas Schwier
16a1330fa1 scd: Allow for certificates > 1024 with PC/SC.
* scd/pcsc-wrapper.c (handle_transmit): Enlarge buffer to 4096 too
allow for larger certificates.

--

Cherry-pick from 5798673156.
Forward ported from 2.0.
2015-01-13 12:23:23 +09:00
Werner Koch
3197f69fab po: Update the German translation.
--

This also fixes
GnuPG-bug-id: 1808
2015-01-09 12:52:35 +01:00
NIIBE Yutaka
657a26f3af dirmngr: Fix error code path of map_host.
* dirmngr/ks-engine-hkp.c (map_host): Fix error return.

--

In ks-engine-hkp.c on line 509 'reftbl' is freed, but it is then
used on line 511. I'm guessing this is a missing return;.

Reported-by: Joshua Rogers <honey@internot.info>

Debian-Bug-Id: 773520

Other fixes on error added too.
2015-01-08 12:14:13 +09:00
Joshua Rogers
100b322f5d scd: fix get_public_key for OpenPGPcard v1.0.
* scd/app-openpgp.c (get_public_key): correctly close 'fp' upon use.

--

Inside the get_public_key function, 'fp' was opened using popen, but
incorrectly closed using fclose.

Debian-Bug-Id: 773474
2015-01-08 11:12:42 +09:00
NIIBE Yutaka
22b15fccff dirmngr: fix LDAP query PATTERNS limit check.
* dirmngr/ldap.c (start_cert_fetch_ldap): fix ARGC limitation.

--

Reported-by: Joshua Rogers <honey@internot.info>

Debian-Bug-Id: 773507
2015-01-07 16:56:43 +09:00
NIIBE Yutaka
602f17b5a7 scd: fix merge failure.
* scd/apdu.c (pcsc_pinpad_verify): Remove wrong lines inserted by
merge.

--

Thanks to Joshua Rogers for reviewing and reporting.
2015-01-07 08:15:12 +09:00
Werner Koch
9bf40849a9 sm,g13: Init local vars to avoid compiler warnings.
* sm/misc.c (transform_sigval): Init RSA_S_LEN.
* g13/mount.c (read_keyblob): Init HEADERLEN.
--

Not a bug but the compiler (gcc 4.9.1) can't detect that it is not
used uninitialized.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-05 15:15:37 +01:00
Werner Koch
616e511f27 gpg: Remove unused args from a function.
* g10/keyserver.c (parse_keyserver_uri): Remove args configname and
configlineno.  Change all callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-05 15:15:36 +01:00
Werner Koch
56e6888233 gpg: Clear a possible rest of the KDF secret buffer.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Fix order of args.
--

That bug has been here since the beginning.  The entire function needs
a review or be be moved to Libgcrypt.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-05 15:15:28 +01:00
Werner Koch
445bb17d5f build: Require automake 1.14.
* configure.ac (AM_INIT_AUTOMAKE): Add serial-tests.
2015-01-05 14:55:36 +01:00
Werner Koch
ac2cb47fc5 agent: Make --allow-loopback-pinentry gpgconf changeable. 2015-01-04 17:19:06 +01:00
Joshua Rogers
cf88337f8a tools: Free variable before return
* tools/gpgconf-comp.c: Free 'dest_filename' before it is returned
upon error.
--

Signed-off-by: Joshua Rogers <git@internot.info>
2014-12-22 16:20:55 +01:00
Werner Koch
d2d8481e38 Register DCO for Joshua Rogers.
--
2014-12-22 14:27:33 +01:00
Daniel Kahn Gillmor
ed8383c618 sm: Avoid double-free on iconv failure
* sm/minip12.c: (p12_build) if jnlib_iconv_open fails, avoid
double-free of pwbuf.

--

Observed by Joshua Rogers <honey@internot.info>, who proposed a
slightly different fix.

Debian-Bug-Id: 773472

Added fix at a second place - wk.
2014-12-22 14:00:38 +01:00
Daniel Kahn Gillmor
b0b3803e8c scd: Avoid double-free on error condition in scd
* scd/command.c (cmd_readkey): avoid double-free of cert

--

When ksba_cert_new() fails, cert will be double-freed.

Debian-Bug-Id: 773471

Original patch changed by wk to do the free only at leave.
2014-12-22 13:17:50 +01:00