security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-16 00:29:50 +02:00
Code Activity
397987c332
gnupg/g10
History
Werner Koch aab282855a gpg: Fix possible read of unallocated memory 
* g10/parse-packet.c (can_handle_critical): Check content length
before calling can_handle_critical_notation.
--

The problem was found by Jan Bee and gniibe proposed the used fix.
Thanks.

This bug can't be exploited: Only if the announced length of the
notation is 21 or 32 a memcmp against fixed strings using that length
would be done.  The compared data is followed by the actual signature
and thus it is highly likely that not even read of unallocated memory
will happen.  Nevertheless such a bug needs to be fixed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-13 10:45:41 +09:00
..
apdu.c Fix syntax error introduced with 60bd6488 2014-06-23 17:14:55 +02:00
apdu.h First set of changes to backport the new card code from 2.0. 2009-07-21 14:30:13 +00:00
app-common.h First set of changes to backport the new card code from 2.0. 2009-07-21 14:30:13 +00:00
app-openpgp.c scd: Fix possibly inhibited checkpin of the admin pin. 2015-01-09 09:07:53 +09:00
armor.c gpg: Change armor Version header to emit only the major version. 2013-11-27 11:00:55 +01:00
build-packet.c Add pubkey letters e and E for ECC. 2011-07-01 10:21:08 +02:00
card-util.c Preparing a release candidate 2010-09-23 08:15:45 +00:00
cardglue.c support more hash algorithms to support the v2 card 2010-07-24 09:18:42 +00:00
cardglue.h support more hash algorithms to support the v2 card 2010-07-24 09:18:42 +00:00
ccid-driver.c Fix some spelling errors. Fixes bug#1127. 2009-12-21 15:58:06 +00:00
ccid-driver.h First set of changes to backport the new card code from 2.0. 2009-07-21 14:30:13 +00:00
ChangeLog-2011 Rename all ChangeLog files to ChangeLog-2011. 2011-12-02 19:42:56 +01:00
cipher.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
compress-bz2.c Preparing 1.4.10. 2009-09-02 15:02:01 +00:00
compress.c gpg: Avoid infinite loop in uncompressing garbled packets. 2014-06-20 20:23:19 +02:00
dearmor.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
decrypt.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
delkey.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
encode.c Print 'empty file' warning only with --verbose. 2009-05-11 09:20:39 +00:00
encr-data.c Remove useless diagnostic in MDC verification. 2014-06-23 13:24:43 +02:00
exec.c Revert that last stupid setuid detection fix. 2008-07-17 19:47:19 +00:00
exec.h Switched to GPLv3. 2007-10-23 10:48:09 +00:00
export.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
filter.h Switched to GPLv3. 2007-10-23 10:48:09 +00:00
free-packet.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
getkey.c gpg: Distinguish between missing and cleared key flags. 2013-10-04 20:53:51 +02:00
global.h Add kbnode_t for easier backporting. 2014-08-06 18:33:21 +02:00
gpg.c gpg: Add build and runtime support for larger RSA keys 2014-10-03 18:27:28 +02:00
gpgv.c Use blinding for the RSA secret operation. 2013-12-03 09:25:57 +01:00
helptext.c Fix typos spotted during translations 2012-08-24 16:37:44 +02:00
import.c gpg: Add import option "keep-ownertrust". 2014-11-12 10:27:50 +01:00
iso7816.c minor changes for VMS 2009-12-15 11:07:43 +00:00
iso7816.h Last minute fixes 2009-09-02 17:30:53 +00:00
kbnode.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
keydb.c gpg: signal handling fix 2013-07-12 17:26:55 +09:00
keydb.h Switched to GPLv3. 2007-10-23 10:48:09 +00:00
keyedit.c gpg: Print a "not found" message for an unknown key in --key-edit. 2013-10-04 20:59:45 +02:00
keygen.c gpg: release DEK soon after its use. 2014-12-12 17:41:56 +09:00
keyid.c Prepare for a forthcoming new algorithm id. 2013-07-25 10:37:41 +02:00
keylist.c Print hash algorithm in sig records 2014-06-23 14:57:32 +02:00
keyring.c Replace file locking by the new portable dotlock code. 2012-01-10 15:16:44 +01:00
keyring.h Switched to GPLv3. 2007-10-23 10:48:09 +00:00
keyserver-internal.h Switched to GPLv3. 2007-10-23 10:48:09 +00:00
keyserver.c gpg: Fix regression due to the keyserver import filter. 2014-08-06 18:43:40 +02:00
main.h gpg: Make the use of "--verify FILE" for detached sigs harder. 2014-11-14 19:41:24 +01:00
mainproc.c gpg: Fix a NULL-deref for invalid input data. 2014-11-24 19:32:47 +01:00
Makefile.am Don't link gpgv with libreadline 2011-02-23 15:13:40 +01:00
mdfilter.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
misc.c Support the not anymore patented IDEA cipher algorithm. 2012-11-08 13:25:02 +01:00
openfile.c gpg: Make the use of "--verify FILE" for detached sigs harder. 2014-11-14 19:41:24 +01:00
OPTIONS See ChangeLog: Mon Jul 31 10:04:47 CEST 2000 Werner Koch 2000-07-31 08:04:16 +00:00
options.h gpg: Add import option "keep-ownertrust". 2014-11-12 10:27:50 +01:00
options.skel * options.skel: Make the example for force-v3-sigs match reality (it 2010-09-28 16:13:24 +00:00
packet.h Switched to GPLv3. 2007-10-23 10:48:09 +00:00
parse-packet.c gpg: Fix possible read of unallocated memory 2015-01-13 10:45:41 +09:00
passphrase.c With --quiet do not print reading passphrase from fd message. 2012-04-29 11:54:28 +02:00
photoid.c * photoid.c (generate_photo_id): Check for the JPEG magic numbers 2011-04-05 23:47:58 -04:00
photoid.h * main.h, mainproc.c (check_sig_and_print), keylist.c 2008-10-03 19:54:30 +00:00
pipemode.c Removed some set but unused vars. 2011-08-09 10:54:22 +02:00
pkclist.c gpg: Use more specific reason codes for INV_RECP. 2014-06-23 09:25:45 +02:00
plaintext.c gpg: Make the use of "--verify FILE" for detached sigs harder. 2014-11-14 19:41:24 +01:00
progress.c Renamed g10.c to gpg.c 2005-10-05 16:58:50 +00:00
pubkey-enc.c Support the not anymore patented IDEA cipher algorithm. 2012-11-08 13:25:02 +01:00
pubring.asc See ChangeLog: Mon Jul 31 10:04:47 CEST 2000 Werner Koch 2000-07-31 08:04:16 +00:00
revoke.c Fix a couple of minor bugs. 2009-06-24 14:01:20 +00:00
seckey-cert.c Support the not anymore patented IDEA cipher algorithm. 2012-11-08 13:25:02 +01:00
seskey.c * sig-check.c (do_check): Code to try both the incorrect and correct 2007-11-28 23:08:35 +00:00
sig-check.c Removed some set but unused vars. 2011-08-09 10:54:22 +02:00
sign.c Fix honoring --cert-digest-algo when recreating a cert 2013-01-11 13:33:44 +01:00
signal.c gpg: signal handling fix 2013-07-12 17:26:55 +09:00
skclist.c Fix bug 1045. 2009-05-11 09:37:25 +00:00
status.c Support the not anymore patented IDEA cipher algorithm. 2012-11-08 13:25:02 +01:00
status.h Support the not anymore patented IDEA cipher algorithm. 2012-11-08 13:25:02 +01:00
tdbdump.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
tdbio.c gpg: Do not require a trustdb with --always-trust. 2013-10-11 09:35:01 +02:00
tdbio.h gpg: Do not require a trustdb with --always-trust. 2013-10-11 09:35:01 +02:00
textfilter.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
tlv.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
tlv.h Switched to GPLv3. 2007-10-23 10:48:09 +00:00
trustdb.c gpg: Need to init the trustdb for import. 2014-03-06 16:11:34 +01:00
trustdb.h Changes to --min-cert-level should cause a trustdb rebuild (issue 1366) 2012-01-19 22:33:51 -05:00
verify.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00