security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity
gnupg/g10
History
Daniel Kahn Gillmor fdd1567743 gpg,gpgsm: Handle pkdecrypt responses with or without NUL terminators 
* g10/call-agent.c (agent_pkdecrypt): accept but do not require
NUL-terminated data from the agent.
* sm/call-agent.c (gpgsm_agent_pkdecrypt): accept but do not require
NUL-terminated data from the agent.

--

The current code for both gpg and gpgsm assumes that gpg-agent will
return string terminated with a single NUL, even though the string
that it receives is also already length-delimited.  Since these tools
might be talking to an older version of gpg-agent, we want to continue
to make sense of such a response, but we really shouldn't depend on
it.  Rather, we can just strip off all trailing NULs and then treat
the remaining string as a proper S-expression.

We can't assume tha the S-expression itself is a NUL-terminated
string, because any of the canonically-represented objects could
contain a NUL byte internally.  But if it's a proper S-expression,
then it must actually terminate in a non-NUL ')' octet.

I note that gpgsm_agent_pkdecrypt() appears to try to work with older
versions of gpg-agent which might not return a full S-expression.
This makes it harder to reason about, since a maliciously-formed
return value could contain a string that could cause invalid memory
access when invoking strtoul (e.g. all numbers up to the end of the
buffer).  So we still have to manually NUL-terminate it before
continuing in that codepath.  This cleanup would be easier if we could
just assume that the agent will always return an S-expression.
Perhaps that could be a subsequent cleanup for gpgsm?  Do we expect
all versions of gpgsm to interoperate with all past versions of
gpg-agent?

gpg's agent_pkdecrypt() has no such qualms -- if the returned object
is not a full S-expression, then it rejects the response.  This makes
it much easier to reason about the pkdecrypt response without
modification, and allows us to strip any trailing NUL bytes knowing
that the response string will be properly terminated with a close
parenthesis.

GnuPG-bug-id: 4652
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
 		2019-07-24 19:30:25 -04:00
..
ChangeLog-2011 Spelling: correct spelling of "passphrase". 2016-11-02 12:53:58 +01:00
Makefile.am gpg: New caching functions. 2019-04-13 11:48:58 +02:00
all-tests.scm tests: Make it possible to run all tests using our infrastructure. 2017-05-11 18:12:37 +02:00
armor.c g10: Fix possible null dereference. 2019-05-14 11:20:07 +09:00
build-packet.c gpg: Do not allow creation of user ids larger than our parser allows. 2019-05-21 16:25:56 +02:00
call-agent.c gpg,gpgsm: Handle pkdecrypt responses with or without NUL terminators 2019-07-24 19:30:25 -04:00
call-agent.h card: Fix showing KDF object attribute. 2019-07-19 13:26:49 +09:00
call-dirmngr.c all: fix spelling and typos 2018-10-24 15:56:18 -04:00
call-dirmngr.h gpg: Store key origin info for new DANE and WKD retrieved keys. 2017-07-24 20:09:52 +02:00
card-util.c card: Fix showing KDF object attribute. 2019-07-19 13:26:49 +09:00
cipher-aead.c g10: Fix log_debug formatting. 2018-11-08 12:14:23 +09:00
cipher-cfb.c gpg: Remove MDC options 2018-05-29 12:42:52 +02:00
compress-bz2.c g10,tools: Fix bzlib.h include order. 2017-04-11 13:52:19 +09:00
compress.c gpg: Fix minor memory leak in the compress filter. 2018-05-02 20:15:10 +02:00
cpr.c spelling: Fix "synchronize" 2019-06-23 20:21:02 -04:00
dearmor.c Revert "g10: Always save standard revocation certificate in file." 2017-08-01 19:08:16 +02:00
decrypt-data.c gpg: Very minor code cleanup. 2019-06-21 11:42:59 +02:00
decrypt.c gpg: Fix using --decrypt along with --use-embedded-filename. 2019-05-17 13:40:24 +02:00
dek.h gpg: More check for symmetric key encryption. 2019-07-18 11:02:34 +09:00
delkey.c gpg: Allow deletion of subkeys with --delete-[secret-]key. 2019-05-27 10:40:38 +02:00
distsigkey.gpg build: Update distsigkey.gpg 2017-11-22 20:54:47 +01:00
ecdh.c Fix the previous commit. 2019-03-14 08:23:38 +09:00
encrypt.c all: fix spelling and typos 2018-10-24 15:56:18 -04:00
exec.c gpg: Improve the photo image viewer selection. 2019-05-17 12:47:13 +02:00
exec.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
export.c gpg: Make the get_pubkey_byname interface easier to understand. 2019-07-04 10:42:48 +02:00
filter.h g10/armor: use libgcrypt's CRC24 implementation 2018-11-08 21:31:12 +02:00
free-packet.c gpg: Fix possible double free of the card serialno. 2017-07-21 17:49:10 +02:00
getkey.c gpg: Fix getting User ID. 2019-07-11 12:32:44 +09:00
gpg-w32info.rc w32: Add manifest to gpg. 2015-02-04 09:15:34 +01:00
gpg.c gpg: The option --passphrase= can be empty. 2019-07-19 17:17:15 +09:00
gpg.h Merge branch 'STABLE-BRANCH-2-2' into master 2018-03-27 08:48:00 +02:00
gpg.w32-manifest.in w32: Add manifest to gpg. 2015-02-04 09:15:34 +01:00
gpgcompose.c gpg: Make the get_pubkey_byname interface easier to understand. 2019-07-04 10:42:48 +02:00
gpgsql.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
gpgsql.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
gpgv.c g10: Change decryption key selection for public key encryption. 2018-08-27 13:12:31 +09:00
helptext.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
import.c gpg: Improve import slowness. 2019-07-10 15:42:07 +09:00
kbnode.c gpg: Avoid importing secret keys if the keyblock is not valid. 2019-03-15 20:41:38 +01:00
key-check.c gpg: Improve import's repair-key duplicate signature detection. 2018-06-07 18:41:17 +02:00
key-check.h gpg: Avoid output to the tty during import. 2017-07-27 11:38:57 +02:00
key-clean.c all: fix spelling and typos 2018-10-24 15:56:18 -04:00
key-clean.h headers: fix spelling 2018-10-25 16:53:05 -04:00
keydb.c gpg: Do not bail on an invalid packet in the local keyring. 2019-05-21 17:27:42 +02:00
keydb.h gpg: New command --locate-external-key. 2019-07-04 15:13:26 +02:00
keyedit.c gpg: Make the get_pubkey_byname interface easier to understand. 2019-07-04 10:42:48 +02:00
keyedit.h gpg: During secret key import print "sec" instead of "pub". 2019-03-15 19:14:34 +01:00
keygen.c gpg: Do not allow creation of user ids larger than our parser allows. 2019-05-21 16:25:56 +02:00
keyid.c gpg: Cache a once computed fingerprint in PKT_public_key. 2019-04-12 11:11:09 +02:00
keylist.c gpg: New command --locate-external-key. 2019-07-04 15:13:26 +02:00
keyring.c gpg: Fix keyring retrieval. 2019-07-10 15:06:54 +09:00
keyring.h gpg: Pass CTRL to many more functions. 2017-03-31 20:07:20 +02:00
keyserver-internal.h gpg: Pass key origin values to import functions. 2017-07-13 18:29:01 +02:00
keyserver.c gpg: A little clean up. 2019-07-23 12:04:21 +09:00
main.h gpg: New command --locate-external-key. 2019-07-04 15:13:26 +02:00
mainproc.c gpg: More check for symmetric key encryption. 2019-07-18 11:02:34 +09:00
mdfilter.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
migrate.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
misc.c gpg: Allow generating Ed25519 key from an existing key. 2019-01-30 11:28:14 +01:00
objcache.c gpg: Fix getting User ID. 2019-07-11 12:32:44 +09:00
objcache.h gpg: Fix getting User ID. 2019-07-11 12:32:44 +09:00
openfile.c gpg: Rename a misnomed arg in open_outfile. 2018-01-28 18:59:18 +01:00
options.h gpg: New import and keyserver option "self-sigs-only" 2019-07-01 15:15:30 +02:00
packet.h gpg: Do not allow creation of user ids larger than our parser allows. 2019-05-21 16:25:56 +02:00
parse-packet.c gpg: Do not allow creation of user ids larger than our parser allows. 2019-05-21 16:25:56 +02:00
passphrase.c gpg: Move S2K encoding function to a shared file. 2019-01-26 23:10:38 +01:00
photoid.c gpg: A little clean up. 2019-07-23 12:04:21 +09:00
photoid.h gpg: A little clean up. 2019-07-23 12:04:21 +09:00
pkclist.c gpg: New command --locate-external-key. 2019-07-04 15:13:26 +02:00
pkglue.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
pkglue.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
plaintext.c gpg: Fix using --decrypt along with --use-embedded-filename. 2019-05-17 13:40:24 +02:00
progress.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
pubkey-enc.c gpg: Return the last error for pubkey decryption. 2019-07-05 15:16:08 +09:00
pubring.asc Update copyright notices for 2017. 2017-01-23 19:16:55 +01:00
revoke.c gpg: Unify the the use of the print_pubkey_info functions. 2019-05-21 13:02:32 +02:00
rmd160.c Clean up word replication. 2017-02-21 13:11:46 -05:00
rmd160.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
seckey-cert.c More change for common. 2017-03-07 20:32:09 +09:00
server.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
seskey.c all: fix spelling and typos 2018-10-24 15:56:18 -04:00
sig-check.c sm: Add yet inactive options to support authenticode 2019-04-30 08:28:54 +02:00
sign.c gpg: Change update_keysig_packet to replace SHA-1 by SHA-256. 2019-05-13 19:01:28 +02:00
skclist.c gpg: Improve the code to decrypt using PIV cards. 2019-04-03 17:45:35 +02:00
t-keydb-get-keyblock.c gpg: Fix actual leak and possible leaks in the packet parser. 2017-03-30 16:01:52 +02:00
t-keydb-get-keyblock.gpg gpg: Correctly handle keyblocks followed by legacy keys. 2015-11-17 14:53:03 +01:00
t-keydb-keyring.kbx g10: Add test for keydb as well as new testing infrastructure. 2015-09-02 15:08:57 +02:00
t-keydb.c Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
t-rmd160.c Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
t-stutter-data.asc gpg: Add a new test. 2016-03-08 14:08:49 +01:00
t-stutter.c g10: Stop compiler warning for t-stutter. 2017-05-10 11:13:03 +09:00
tdbdump.c Merge branch 'STABLE-BRANCH-2-2' into master 2018-03-27 08:48:00 +02:00
tdbio.c all: fix spelling and typos 2018-10-24 15:56:18 -04:00
tdbio.h gpg: Pass CTRL arg to get_trusthashrec. 2018-03-26 18:06:43 +02:00
test-stubs.c g10: Change decryption key selection for public key encryption. 2018-08-27 13:12:31 +09:00
test.c tests: Locate resources and scripts relative to top source dir. 2017-04-24 14:14:05 +02:00
textfilter.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
tofu.c gpg: Fixed i18n markup of some strings. 2019-05-27 12:55:06 +02:00
tofu.h g10: Remove dead code. 2016-12-06 12:16:56 +01:00
trust.c gpg: Move key cleaning functions to a separate file. 2018-07-06 11:40:16 +02:00
trustdb.c common: Prepare for parsing mail sub-addresses. 2018-11-12 07:44:33 +01:00
trustdb.h gpg: Move key cleaning functions to a separate file. 2018-07-06 11:40:16 +02:00
verify.c all: fix spelling and typos 2018-10-24 15:56:18 -04:00
zlib-riscos.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00