1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-04 20:38:50 +01:00
gnupg/g10
Werner Koch d2b0e61313 gpg: Fix possible read of unallocated memory
* g10/parse-packet.c (can_handle_critical): Check content length
before calling can_handle_critical_notation.
--

The problem was found by Jan Bee and gniibe proposed the used fix.
Thanks.

This bug can't be exploited: Only if the announced length of the
notation is 21 or 32 a memcmp against fixed strings using that length
would be done.  The compared data is followed by the actual signature
and thus it is highly likely that not even read of unallocated memory
will happen.  Nevertheless such a bug needs to be fixed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-13 10:44:11 +09:00
..
armor.c gpg: Change armor Version header to emit only the major version. 2013-11-27 09:32:43 +01:00
build-packet.c Removed some set but unused variables. 2011-08-04 12:22:04 +02:00
call-agent.c gpg: Fix a couple of spelling errors 2014-06-24 14:37:26 +02:00
call-agent.h A bunch of minor changes 2009-12-21 16:19:09 +00:00
card-util.c Add OpenPGP card manufacturer Yubico (6). 2014-07-21 16:05:54 +02:00
ChangeLog-2011 Generate the ChangeLog from commit logs. 2011-12-02 19:28:02 +01:00
cipher.c Add provisions to build with Libgcrypt 1.6. 2012-05-24 10:55:11 +02:00
comment.c Started to implement the audit log feature. 2007-11-19 16:03:50 +00:00
compress-bz2.c Fix bug#1011. 2009-09-03 11:29:25 +00:00
compress.c gpg: Avoid infinite loop in uncompressing garbled packets. 2014-06-20 20:24:52 +02:00
cpr.c gpg: Change --show-session-key to print the session key earlier. 2013-12-11 10:33:25 +01:00
dearmor.c Started to implement the audit log feature. 2007-11-19 16:03:50 +00:00
decrypt.c Started to implement the audit log feature. 2007-11-19 16:03:50 +00:00
delkey.c Started to implement the audit log feature. 2007-11-19 16:03:50 +00:00
encode.c gpg: Fix --version output and explicitly disable ECC. 2013-10-11 09:18:01 +02:00
encr-data.c gpg: Remove useless diagnostic in MDC verification. 2014-06-03 08:05:54 +02:00
exec.c w32: Almost everywhere include winsock2.h before windows.h. 2013-04-23 18:06:46 +02:00
exec.h Changed to GPLv3. 2007-07-04 19:49:40 +00:00
export.c Started to implement the audit log feature. 2007-11-19 16:03:50 +00:00
filter.h Changed to GPLv3. 2007-07-04 19:49:40 +00:00
free-packet.c Changed to GPLv3. 2007-07-04 19:49:40 +00:00
getkey.c gpg: Fix bug parsing a zero length user id. 2014-06-02 11:56:06 +02:00
gpg-w32info.rc w32: Add icons and version information. 2013-05-07 21:17:04 +02:00
gpg.c gpg: Add build and runtime support for larger RSA keys 2014-10-03 20:24:03 +02:00
gpg.h gpg: Add kbnode_t for easier backporting. 2014-08-06 17:09:15 +02:00
gpgv.c gpgv: Init Libgcrypt to avoid syslog warning. 2013-08-19 11:22:11 +02:00
helptext.c Created help files form the current po entries. 2007-12-04 15:00:14 +00:00
import.c gpg: Add import option "keep-ownertrust". 2014-11-12 10:23:53 +01:00
kbnode.c Changed to GPLv3. 2007-07-04 19:49:40 +00:00
keydb.c gpg: Detect Keybox files and print a diagnostic. 2013-01-03 20:21:20 +01:00
keydb.h A bunch of minor changes 2009-12-21 16:19:09 +00:00
keyedit.c gpg: Fix --version output and explicitly disable ECC. 2013-10-11 09:18:01 +02:00
keygen.c gpg: release DEK soon after its use. 2014-12-12 17:46:45 +09:00
keyid.c gpg: Show v3 key fingerprints as all zero. 2014-10-11 19:44:13 +02:00
keylist.c Add provisions to build with Libgcrypt 1.6. 2012-05-24 10:55:11 +02:00
keyring.c gpg: Avoid using cached MD5 signature status. 2014-10-11 19:41:51 +02:00
keyring.h Make gpgv error message about a missing keyring more useful. This fixes 2009-04-03 10:34:22 +00:00
keyserver-internal.h Changed to GPLv3. 2007-07-04 19:49:40 +00:00
keyserver.c gpg: Fix regression due to the keyserver import filter. 2014-08-06 17:11:21 +02:00
main.h gpg: Make the use of "--verify FILE" for detached sigs harder. 2014-11-14 09:36:19 +01:00
mainproc.c gpg: Fix a NULL-deref for invalid input data. 2014-11-24 19:27:20 +01:00
Makefile.am gpg: Do not link gpgv against libassuan. 2014-06-24 13:52:02 +02:00
mdfilter.c Started to implement the audit log feature. 2007-11-19 16:03:50 +00:00
misc.c gpg: Avoid using cached MD5 signature status. 2014-10-11 19:41:51 +02:00
openfile.c gpg: Make the use of "--verify FILE" for detached sigs harder. 2014-11-14 09:36:19 +01:00
OPTIONS See ChangeLog: Mon Jul 31 10:04:47 CEST 2000 Werner Koch 2000-07-31 08:04:16 +00:00
options.h gpg: Add import option "keep-ownertrust". 2014-11-12 10:23:53 +01:00
options.skel gpg: Remove legacy keyserver examples from the template conf file. 2013-08-06 10:04:12 +02:00
packet.h Fix bug#1122. 2009-09-03 20:51:55 +00:00
parse-packet.c gpg: Fix possible read of unallocated memory 2015-01-13 10:44:11 +09:00
passphrase.c gpg: Allow for positional parameters in the passphrase prompt. 2014-08-26 10:16:44 +02:00
photoid.c gpg: New %U expando for the photo viewer. 2014-06-03 08:55:31 +02:00
photoid.h * main.h, mainproc.c (check_sig_and_print), keylist.c 2008-10-03 20:00:46 +00:00
pkclist.c gpg: Use more specific reason codes for INV_RECP. 2014-06-24 10:08:39 +02:00
pkglue.c Fix a for a bug fix in the latest Libgcrypt. 2011-06-13 14:35:30 +02:00
pkglue.h Changed to GPLv3. 2007-07-04 19:49:40 +00:00
plaintext.c gpg: Make the use of "--verify FILE" for detached sigs harder. 2014-11-14 09:36:19 +01:00
progress.c Changed to GPLv3. 2007-07-04 19:49:40 +00:00
pubkey-enc.c Add full Camellia support. 2009-06-05 14:11:03 +00:00
pubring.asc See ChangeLog: Mon Jul 31 10:04:47 CEST 2000 Werner Koch 2000-07-31 08:04:16 +00:00
revoke.c Fixed a bunch of little bugs as reported by Fabian Keil. 2009-06-24 14:03:09 +00:00
rmd160.c Add rmd160.c. 2008-12-12 12:01:20 +00:00
rmd160.h Add missing header file. 2008-12-12 08:54:50 +00:00
seckey-cert.c Return a posiive status message for a successfull passphrase change. 2010-03-12 17:24:06 +00:00
server.c 2009-09-23 Marcus Brinkmann <marcus@g10code.de> 2010-02-12 15:15:34 +00:00
seskey.c Add full Camellia support. 2009-06-05 14:11:03 +00:00
sig-check.c gpg: Avoid using cached MD5 signature status. 2014-10-11 19:41:51 +02:00
sign.c gpg: Default to SHA-256 for all signature types on RSA keys. 2014-09-27 15:36:02 +02:00
signal.c Fix a signal cleanup problem. 2009-05-26 09:29:02 +00:00
skclist.c Improved detection of bad/invalid signer keys. 2009-08-06 20:12:00 +00:00
t-rmd160.c Make gpg not depend on the RIPE-MD160 implementaion in Libgcrypt. 2008-12-11 17:44:52 +00:00
tdbdump.c Marked all unused args on non-W32 platforms. 2008-10-20 13:53:23 +00:00
tdbio.c gpg: Do not require a trustdb with --always-trust. 2013-10-11 09:25:58 +02:00
tdbio.h gpg: Do not require a trustdb with --always-trust. 2013-10-11 09:25:58 +02:00
textfilter.c Started to implement the audit log feature. 2007-11-19 16:03:50 +00:00
trustdb.c gpg: Need to init the trustdb for import. 2014-09-03 09:46:30 +02:00
trustdb.h Changes to --min-cert-level should cause a trustdb rebuild (issue 1366) 2012-01-19 23:03:56 -05:00
verify.c Marked all unused args on non-W32 platforms. 2008-10-20 13:53:23 +00:00