blob: 2b98a3c4f2ea2c6eacecdf6761345b4c5311450d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
Fix CVE-2012-6085 by backporting a patch from upstream's git repository.
Upstream-Status: Backport
Signed-off-by: Ross Burton <ross.burton@intel.com>
From 498882296ffac7987c644aaf2a0aa108a2925471 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 20 Dec 2012 09:43:41 +0100
Subject: [PATCH] gpg: Import only packets which are allowed in a keyblock.
* g10/import.c (valid_keyblock_packet): New.
(read_block): Store only valid packets.
--
A corrupted key, which for example included a mangled public key
encrypted packet, used to corrupt the keyring. This change skips all
packets which are not allowed in a keyblock.
GnuPG-bug-id: 1455
(cherry-picked from commit 3a4b96e665fa639772854058737ee3d54ba0694e)
---
g10/import.c | 23 ++++++++++++++++++++++-
1 files changed, 22 insertions(+), 1 deletions(-)
diff --git a/g10/import.c b/g10/import.c
index ba2439d..ad112d6 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -347,6 +347,27 @@ import_print_stats (void *hd)
}
+/* Return true if PKTTYPE is valid in a keyblock. */
+static int
+valid_keyblock_packet (int pkttype)
+{
+ switch (pkttype)
+ {
+ case PKT_PUBLIC_KEY:
+ case PKT_PUBLIC_SUBKEY:
+ case PKT_SECRET_KEY:
+ case PKT_SECRET_SUBKEY:
+ case PKT_SIGNATURE:
+ case PKT_USER_ID:
+ case PKT_ATTRIBUTE:
+ case PKT_RING_TRUST:
+ return 1;
+ default:
+ return 0;
+ }
+}
+
+
/****************
* Read the next keyblock from stream A.
* PENDING_PKT should be initialzed to NULL
@@ -424,7 +445,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root )
}
in_cert = 1;
default:
- if( in_cert ) {
+ if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
if( !root )
root = new_kbnode( pkt );
else
--
1.7.2.5
|