1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-04 20:38:50 +01:00
gnupg/g10
Werner Koch 0aac920f23
gpg: Fix DoS while parsing mangled secret key packets.
* g10/parse-packet.c (parse_key): Check PKTLEN before calling mpi_read
et al.
--

Due to the missing length checks PKTLEN may turn negative.  Because
PKTLEN is an unsigned int the malloc in read_rest would try to malloc
a too large number and terminate the process with "error reading rest
of packet: Cannot allocate memory".

Reported-by: Hanno Böck.
Signed-off-by: Werner Koch <wk@gnupg.org>
(backported from 2.1 commit d901efceba)
2015-04-05 19:33:36 +02:00
..
armor.c gpg: Remove left-over debug message. 2015-02-26 09:38:58 +01:00
build-packet.c Use inline functions to convert buffer data to scalars. 2015-02-12 20:34:44 +01:00
call-agent.c gpg: Fix a couple of spelling errors 2014-06-24 14:37:26 +02:00
call-agent.h A bunch of minor changes 2009-12-21 16:19:09 +00:00
card-util.c Add OpenPGP card manufacturer Yubico (6). 2014-07-21 16:05:54 +02:00
ChangeLog-2011 Generate the ChangeLog from commit logs. 2011-12-02 19:28:02 +01:00
cipher.c Add provisions to build with Libgcrypt 1.6. 2012-05-24 10:55:11 +02:00
comment.c Started to implement the audit log feature. 2007-11-19 16:03:50 +00:00
compress-bz2.c Fix bug#1011. 2009-09-03 11:29:25 +00:00
compress.c gpg: Avoid infinite loop in uncompressing garbled packets. 2014-06-20 20:24:52 +02:00
cpr.c gpg: Change --show-session-key to print the session key earlier. 2013-12-11 10:33:25 +01:00
dearmor.c Started to implement the audit log feature. 2007-11-19 16:03:50 +00:00
decrypt.c Started to implement the audit log feature. 2007-11-19 16:03:50 +00:00
delkey.c Started to implement the audit log feature. 2007-11-19 16:03:50 +00:00
encode.c gpg: Fix --version output and explicitly disable ECC. 2013-10-11 09:18:01 +02:00
encr-data.c gpg: Remove useless diagnostic in MDC verification. 2014-06-03 08:05:54 +02:00
exec.c w32: Almost everywhere include winsock2.h before windows.h. 2013-04-23 18:06:46 +02:00
exec.h Changed to GPLv3. 2007-07-04 19:49:40 +00:00
export.c Started to implement the audit log feature. 2007-11-19 16:03:50 +00:00
filter.h gpg: Print better diagnostics for keyserver operations. 2015-02-18 12:14:22 +01:00
free-packet.c Changed to GPLv3. 2007-07-04 19:49:40 +00:00
getkey.c Use inline functions to convert buffer data to scalars. 2015-02-12 20:34:44 +01:00
gpg-w32info.rc w32: Add icons and version information. 2013-05-07 21:17:04 +02:00
gpg.c gpg: New command --list-gcrypt-config. 2015-03-11 14:59:25 +01:00
gpg.h gpg: Add kbnode_t for easier backporting. 2014-08-06 17:09:15 +02:00
gpgv.c gpgv: Init Libgcrypt to avoid syslog warning. 2013-08-19 11:22:11 +02:00
helptext.c Created help files form the current po entries. 2007-12-04 15:00:14 +00:00
import.c gpg: Remove an unused variable. 2015-02-18 14:20:21 +01:00
kbnode.c Changed to GPLv3. 2007-07-04 19:49:40 +00:00
keydb.c gpg: Detect Keybox files and print a diagnostic. 2013-01-03 20:21:20 +01:00
keydb.h A bunch of minor changes 2009-12-21 16:19:09 +00:00
keyedit.c gpg: Print a warning if the subkey expiration may not be what you want. 2015-01-26 14:55:24 +01:00
keygen.c Use inline functions to convert buffer data to scalars. 2015-02-12 20:34:44 +01:00
keyid.c Use inline functions to convert buffer data to scalars. 2015-02-12 20:34:44 +01:00
keylist.c Add provisions to build with Libgcrypt 1.6. 2012-05-24 10:55:11 +02:00
keyring.c gpg: Prevent an invalid memory read using a garbled keyring. 2015-02-12 18:58:36 +01:00
keyring.h Make gpgv error message about a missing keyring more useful. This fixes 2009-04-03 10:34:22 +00:00
keyserver-internal.h Changed to GPLv3. 2007-07-04 19:49:40 +00:00
keyserver.c gpg: Print better diagnostics for keyserver operations. 2015-02-18 12:14:22 +01:00
main.h gpg: Print better diagnostics for keyserver operations. 2015-02-18 12:14:22 +01:00
mainproc.c gpg: Fix a NULL-deref for invalid input data. 2014-11-24 19:27:20 +01:00
Makefile.am gpg: Do not link gpgv against libassuan. 2014-06-24 13:52:02 +02:00
mdfilter.c Started to implement the audit log feature. 2007-11-19 16:03:50 +00:00
misc.c Use inline functions to convert buffer data to scalars. 2015-02-12 20:34:44 +01:00
openfile.c gpg: Make the use of "--verify FILE" for detached sigs harder. 2014-11-14 09:36:19 +01:00
OPTIONS See ChangeLog: Mon Jul 31 10:04:47 CEST 2000 Werner Koch 2000-07-31 08:04:16 +00:00
options.h gpg: Add import option "keep-ownertrust". 2014-11-12 10:23:53 +01:00
options.skel gpg: Remove legacy keyserver examples from the template conf file. 2013-08-06 10:04:12 +02:00
packet.h Fix bug#1122. 2009-09-03 20:51:55 +00:00
parse-packet.c gpg: Fix DoS while parsing mangled secret key packets. 2015-04-05 19:33:36 +02:00
passphrase.c gpg: Allow for positional parameters in the passphrase prompt. 2014-08-26 10:16:44 +02:00
photoid.c gpg: New %U expando for the photo viewer. 2014-06-03 08:55:31 +02:00
photoid.h * main.h, mainproc.c (check_sig_and_print), keylist.c 2008-10-03 20:00:46 +00:00
pkclist.c gpg: Use more specific reason codes for INV_RECP. 2014-06-24 10:08:39 +02:00
pkglue.c Fix a for a bug fix in the latest Libgcrypt. 2011-06-13 14:35:30 +02:00
pkglue.h Changed to GPLv3. 2007-07-04 19:49:40 +00:00
plaintext.c gpg: Make the use of "--verify FILE" for detached sigs harder. 2014-11-14 09:36:19 +01:00
progress.c Changed to GPLv3. 2007-07-04 19:49:40 +00:00
pubkey-enc.c Add full Camellia support. 2009-06-05 14:11:03 +00:00
pubring.asc See ChangeLog: Mon Jul 31 10:04:47 CEST 2000 Werner Koch 2000-07-31 08:04:16 +00:00
revoke.c Fixed a bunch of little bugs as reported by Fabian Keil. 2009-06-24 14:03:09 +00:00
rmd160.c Add rmd160.c. 2008-12-12 12:01:20 +00:00
rmd160.h Add missing header file. 2008-12-12 08:54:50 +00:00
seckey-cert.c Return a posiive status message for a successfull passphrase change. 2010-03-12 17:24:06 +00:00
server.c 2009-09-23 Marcus Brinkmann <marcus@g10code.de> 2010-02-12 15:15:34 +00:00
seskey.c Add full Camellia support. 2009-06-05 14:11:03 +00:00
sig-check.c doc: Change remaining http links to gnupg.org to https 2015-02-12 19:32:19 +01:00
sign.c gpg: Default to SHA-256 for all signature types on RSA keys. 2014-09-27 15:36:02 +02:00
signal.c Fix a signal cleanup problem. 2009-05-26 09:29:02 +00:00
skclist.c Improved detection of bad/invalid signer keys. 2009-08-06 20:12:00 +00:00
t-rmd160.c Make gpg not depend on the RIPE-MD160 implementaion in Libgcrypt. 2008-12-11 17:44:52 +00:00
tdbdump.c Marked all unused args on non-W32 platforms. 2008-10-20 13:53:23 +00:00
tdbio.c Use inline functions to convert buffer data to scalars. 2015-02-12 20:34:44 +01:00
tdbio.h gpg: Do not require a trustdb with --always-trust. 2013-10-11 09:25:58 +02:00
textfilter.c Started to implement the audit log feature. 2007-11-19 16:03:50 +00:00
trustdb.c Use inline functions to convert buffer data to scalars. 2015-02-12 20:34:44 +01:00
trustdb.h Changes to --min-cert-level should cause a trustdb rebuild (issue 1366) 2012-01-19 23:03:56 -05:00
verify.c Marked all unused args on non-W32 platforms. 2008-10-20 13:53:23 +00:00