dgit.raspbian.org Git - gnupg2.git/commit

author	Werner Koch <wk@gnupg.org>
	Tue, 21 May 2019 14:25:56 +0000 (16:25 +0200)
committer	Daniel Kahn Gillmor <dkg@fifthhorseman.net>
	Fri, 1 Jul 2022 16:06:43 +0000 (17:06 +0100)
commit	fcd5563d8c5a58b4f6bd4d67b289942996e7c394
tree	023547de066bb603eca997344ce8578da5ab9e57	tree \| snapshot
parent	b86db6eaada2d24d64aed7adabf85d95866a21e8	commit \| diff

gpg: Do not allow creation of user ids larger than our parser allows.

* g10/parse-packet.c: Move max packet lengths constants to ...
* g10/packet.h: ... here.
* g10/build-packet.c (do_user_id): Return an error if too data is too
large.
* g10/keygen.c (write_uid): Return an error for too large data.
--

This can lead to keyring corruption becuase we expect that our parser
is abale to parse packts created by us.  Test case is

  gpg --batch --passphrase 'abc' -v  \
      --quick-gen-key $(yes 'a'| head -4000|tr -d '\n')

GnuPG-bug-id: 4532
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d32963eeb33fd3053d40a4e7071fb0e8b28a8651)

Gbp-Pq: Topic from-2.2.16
Gbp-Pq: Name gpg-Do-not-allow-creation-of-user-ids-larger-than-our-par.patch

g10/build-packet.c		diff \| blob \| history
g10/keygen.c		diff \| blob \| history
g10/packet.h		diff \| blob \| history
g10/parse-packet.c		diff \| blob \| history