security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-17 00:39:50 +02:00
Code Activity
bab9cdd971
gnupg/g10
History
Werner Koch bab9cdd971 gpg: Cap size of attribute packets at 16MB. 
* g10/parse-packet.c (parse_attribute): Avoid xmalloc failure and cap
size of packet.
--

Tavis Ormandy reported a fatal error for attribute packets with a zero
length payload.  This is due to a check in Libgcrypt's xmalloc which
rejects a malloc(0) instead of silently allocating 1 byte.  The fix is
obvious.

In addition we cap the size of attribute packets similar to what we do
with user id packets.  OpenPGP keys are not the proper way to store
movies.
2014-07-21 13:50:36 +02:00
..
armor.c gpg: Change armor Version header to emit only the major version. 2013-11-27 09:20:02 +01:00
build-packet.c gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id. 2014-01-30 18:48:37 +01:00
call-agent.c gpg: Fix a couple of spelling errors 2014-06-17 11:42:39 +02:00
call-agent.h gpg: Re-enable secret key deletion. 2014-04-15 19:44:50 +02:00
call-dirmngr.c Use "samethread" mode keyword for some es_fopenmem. 2014-05-06 09:49:26 +02:00
call-dirmngr.h gpg: Print the actual used keyserver address. 2014-03-14 16:12:54 +01:00
card-util.c gpg: Allow key-to-card upload for cert-only keys 2014-06-25 09:21:32 +02:00
ChangeLog-2011 Generate the ChangeLog from commit logs. 2011-12-01 11:09:02 +01:00
cipher.c Replace gcry_md_start_debug by gcry_md_debug. 2011-09-20 09:54:27 +02:00
comment.c Nuked almost all trailing white space. 2011-02-04 12:57:53 +01:00
compress-bz2.c Nuked almost all trailing white space. 2011-02-04 12:57:53 +01:00
compress.c gpg: Avoid infinite loop in uncompressing garbled packets. 2014-06-20 10:41:38 +02:00
cpr.c gpg: Start using OpenPGP digest algo ids. 2014-01-31 15:33:03 +01:00
dearmor.c gpg: Create exported secret files and revocs with mode 700. 2014-06-30 09:12:48 +02:00
decrypt-data.c gpg: Remove useless diagnostic in MDC verification. 2014-05-14 08:56:39 +02:00
decrypt.c Silence several warnings when building under Windows. 2014-03-07 16:06:35 +01:00
dek.h gpg: Remove cipher.h and put algo ids into a common file. 2014-01-29 20:35:05 +01:00
delkey.c gpg: Re-enable secret key deletion. 2014-04-15 19:44:50 +02:00
ecdh.c gpg: Use only OpenPGP cipher algo ids. 2014-01-31 14:35:49 +01:00
encrypt.c gpg: Create exported secret files and revocs with mode 700. 2014-06-30 09:12:48 +02:00
exec.c w32: Include winsock2.h to silence warnings. 2014-03-07 14:18:43 +01:00
exec.h Changed to GPLv3. 2007-07-04 19:49:40 +00:00
export.c gpg: Create exported secret files and revocs with mode 700. 2014-06-30 09:12:48 +02:00
filter.h gpg: Remove cipher.h and put algo ids into a common file. 2014-01-29 20:35:05 +01:00
free-packet.c gpg: Remove cipher.h and put algo ids into a common file. 2014-01-29 20:35:05 +01:00
getkey.c gpg: Fix bug parsing a zero length user id. 2014-06-02 11:47:25 +02:00
gpg-w32info.rc w32: Add icons and version information. 2013-05-07 21:35:48 +02:00
gpg.c gpg: Make show-uid-validity the default. 2014-07-03 11:04:23 +02:00
gpg.h gpg: Remove cipher.h and put algo ids into a common file. 2014-01-29 20:35:05 +01:00
gpgv.c gpgv: Init Libgcrypt to avoid syslog warning. 2014-03-07 09:58:22 +01:00
helptext.c Change all quotes in strings and comments to the new GNU standard. 2012-06-05 19:29:22 +02:00
import.c gpg: Auto-migrate existing secring.gpg. 2014-06-05 11:19:59 +02:00
kbnode.c Fix minor compiler warnings. 2013-11-15 15:49:34 +01:00
keydb.c gpg: Create exported secret files and revocs with mode 700. 2014-06-30 09:12:48 +02:00
keydb.h gpg: Auto-create revocation certificates. 2014-06-30 16:40:55 +02:00
keyedit.c Make more use of *_NAME macros. 2014-05-08 10:28:23 +02:00
keygen.c gpg: Auto-create revocation certificates. 2014-06-30 16:40:55 +02:00
keyid.c gpg: Auto-create revocation certificates. 2014-06-30 16:40:55 +02:00
keylist.c Add new option --with-secret. 2014-06-03 21:35:59 +02:00
keyring.c gpg: Create exported secret files and revocs with mode 700. 2014-06-30 09:12:48 +02:00
keyring.h Decryption and signi via agent is now implemented. 2010-04-23 11:36:59 +00:00
keyserver-internal.h Initial code checking for backup - not yet working. 2011-01-10 14:30:17 +01:00
keyserver.c gpg: Make --auto-key-locate work again with keyservers. 2014-03-17 15:39:33 +01:00
main.h gpg: Auto-create revocation certificates. 2014-06-30 16:40:55 +02:00
mainproc.c po: Update the German (de) translation 2014-06-27 20:14:54 +02:00
Makefile.am gpg: Auto-migrate existing secring.gpg. 2014-06-05 11:19:59 +02:00
mdfilter.c Nuked almost all trailing white space. 2011-02-04 12:57:53 +01:00
migrate.c gpg: Auto-migrate existing secring.gpg. 2014-06-05 11:19:59 +02:00
misc.c gpg: Avoid NULL-deref in default key listing. 2014-06-02 19:54:22 +02:00
openfile.c gpg: Auto-create revocation certificates. 2014-06-30 16:40:55 +02:00
OPTIONS See ChangeLog: Mon Jul 31 10:04:47 CEST 2000 Werner Koch 2000-07-31 08:04:16 +00:00
options.h Add new option --with-secret. 2014-06-03 21:35:59 +02:00
options.skel gpg: Remove legacy keyserver examples from the template conf file. 2014-03-07 09:53:29 +01:00
packet.h gpg: Remove cipher.h and put algo ids into a common file. 2014-01-29 20:35:05 +01:00
parse-packet.c gpg: Cap size of attribute packets at 16MB. 2014-07-21 13:50:36 +02:00
passphrase.c gpg: Auto-create revocation certificates. 2014-06-30 16:40:55 +02:00
photoid.c gpg: New %U expando for the photo viewer. 2014-04-17 21:44:09 +02:00
photoid.h Decryption and signi via agent is now implemented. 2010-04-23 11:36:59 +00:00
pkclist.c gpg: Use more specific reason codes for INV_RECP. 2014-06-10 14:54:55 +02:00
pkglue.c gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id. 2014-01-30 18:48:37 +01:00
pkglue.h gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id. 2014-01-30 18:48:37 +01:00
plaintext.c Change all quotes in strings and comments to the new GNU standard. 2012-06-05 19:29:22 +02:00
progress.c Nuked almost all trailing white space. 2011-02-04 12:57:53 +01:00
pubkey-enc.c ECC Fixes. 2014-04-28 10:36:16 +09:00
pubring.asc See ChangeLog: Mon Jul 31 10:04:47 CEST 2000 Werner Koch 2000-07-31 08:04:16 +00:00
revoke.c gpg: Auto-create revocation certificates. 2014-06-30 16:40:55 +02:00
rmd160.c Nuked almost all trailing white space. 2011-02-04 12:57:53 +01:00
rmd160.h Add missing header file. 2008-12-12 08:54:50 +00:00
seckey-cert.c Add tweaks for the not anymore patented IDEA algorithm. 2012-05-08 18:18:32 +02:00
server.c Silence several warnings when building under Windows. 2014-03-07 16:06:35 +01:00
seskey.c gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id. 2014-01-30 18:48:37 +01:00
sig-check.c gpg: Reject signatures made with MD5. 2014-03-17 18:14:23 +01:00
sign.c gpg: Create exported secret files and revocs with mode 700. 2014-06-30 09:12:48 +02:00
signal.c Nuked almost all trailing white space. 2011-02-04 12:57:53 +01:00
skclist.c gpg: Remove cipher.h and put algo ids into a common file. 2014-01-29 20:35:05 +01:00
t-rmd160.c Nuked almost all trailing white space. 2011-02-04 12:57:53 +01:00
tdbdump.c Change all quotes in strings and comments to the new GNU standard. 2012-06-05 19:29:22 +02:00
tdbio.c Silence more warnings about unused vars and args. 2014-03-07 19:05:41 +01:00
tdbio.h gpg: Do not require a trustdb with --always-trust. 2014-03-07 10:44:27 +01:00
textfilter.c Started to implement the audit log feature. 2007-11-19 16:03:50 +00:00
trust.c Fix g10/trust.c. 2014-03-06 16:23:10 +09:00
trustdb.c w32: Silence warnings about unused vars. 2014-03-07 16:11:15 +01:00
trustdb.h gpg: Allow building without any trust model support. 2014-02-10 17:46:40 +01:00
verify.c Change all quotes in strings and comments to the new GNU standard. 2012-06-05 19:29:22 +02:00
zlib-riscos.h include: Remove this directory. 2014-01-29 17:45:05 +01:00