Fix CVE-2012-6085 by backporting a patch from upstream's git repository. Upstream-Status: Backport Signed-off-by: Ross Burton From 498882296ffac7987c644aaf2a0aa108a2925471 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 20 Dec 2012 09:43:41 +0100 Subject: [PATCH] gpg: Import only packets which are allowed in a keyblock. * g10/import.c (valid_keyblock_packet): New. (read_block): Store only valid packets. -- A corrupted key, which for example included a mangled public key encrypted packet, used to corrupt the keyring. This change skips all packets which are not allowed in a keyblock. GnuPG-bug-id: 1455 (cherry-picked from commit 3a4b96e665fa639772854058737ee3d54ba0694e) --- g10/import.c | 23 ++++++++++++++++++++++- 1 files changed, 22 insertions(+), 1 deletions(-) diff --git a/g10/import.c b/g10/import.c index ba2439d..ad112d6 100644 --- a/g10/import.c +++ b/g10/import.c @@ -347,6 +347,27 @@ import_print_stats (void *hd) } +/* Return true if PKTTYPE is valid in a keyblock. */ +static int +valid_keyblock_packet (int pkttype) +{ + switch (pkttype) + { + case PKT_PUBLIC_KEY: + case PKT_PUBLIC_SUBKEY: + case PKT_SECRET_KEY: + case PKT_SECRET_SUBKEY: + case PKT_SIGNATURE: + case PKT_USER_ID: + case PKT_ATTRIBUTE: + case PKT_RING_TRUST: + return 1; + default: + return 0; + } +} + + /**************** * Read the next keyblock from stream A. * PENDING_PKT should be initialzed to NULL @@ -424,7 +445,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ) } in_cert = 1; default: - if( in_cert ) { + if (in_cert && valid_keyblock_packet (pkt->pkttype)) { if( !root ) root = new_kbnode( pkt ); else -- 1.7.2.5