* pkclist.c (select_algo_from_prefs): Make sure the scores can't

overflow when picking an algorithm (not a security issue since we can't pick something not present in all preference lists, but we might pick something that isn't scored first choice). * pkclist.c (select_algo_from_prefs): Slightly improve the handling of MD5 in preference lists. Instead of replacing MD5 with SHA-1, just remove MD5 from the list altogether, and let the next-highest ranked algorithm be chosen.
author: David Shaw <[email protected]> 2010-10-29 19:54:56 +0000
committer: David Shaw <[email protected]> 2010-10-29 19:54:56 +0000
commit: 2bd66b59a29a1d81b2c7a431160b68f0010417a4 (patch)
tree: 21d3c5b44b0e55a34157216611f854e84489469f
parent: Fix memory leak (diff)
download: gnupg-2bd66b59a29a1d81b2c7a431160b68f0010417a4.tar.gz
gnupg-2bd66b59a29a1d81b2c7a431160b68f0010417a4.zip
2 files changed, 44 insertions, 18 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog
index 898306a4b..7e09fb77e 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,15 @@
+2010-10-29  David Shaw  <[email protected]>
+
+	* pkclist.c (select_algo_from_prefs): Make sure the scores can't
+	overflow when picking an algorithm (not a security issue since we
+	can't pick something not present in all preference lists, but we
+	might pick something that isn't scored first choice).
+
+	* pkclist.c (select_algo_from_prefs): Slightly improve the
+	handling of MD5 in preference lists.  Instead of replacing MD5
+	with SHA-1, just remove MD5 from the list altogether, and let the
+	next-highest ranked algorithm be chosen.
+
 2010-09-29  Werner Koch  <[email protected]>
 
 	* keygen.c (key_from_sexp): Fix memory leak in the error case.
@@ -10973,7 +10985,7 @@ Thu Feb 12 22:24:42 1998  Werner Koch  (wk@frodo)
 
 
  Copyright 1998,1999,2000,2001,2002,2003,2004,2005,
-	   2006,2007,2008,2009 Free Software Foundation, Inc.
+	   2006,2007,2008,2009,2010 Free Software Foundation, Inc.
 
  This file is free software; as a special exception the author gives
  unlimited permission to copy and/or distribute it, with or without
diff --git a/g10/pkclist.c b/g10/pkclist.c
index 3203a7ea6..7ad97557f 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -1,6 +1,6 @@
 /* pkclist.c - create a list of public keys
  * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
- *               2008 Free Software Foundation, Inc.
+ *               2008, 2009, 2010 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -1275,9 +1275,8 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype,
   u32 bits[8];
   const prefitem_t *prefs;
   int result=-1,i;
-  unsigned int best=-1;    
-  byte scores[256];
-    
+  u16 scores[256];
+
   if( !pk_list )
     return -1;
 
@@ -1339,7 +1338,13 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype,
 	    {
 	      if( prefs[i].type == preftype )
 		{
-		  scores[prefs[i].value]+=rank;
+		  /* Make sure all scores don't add up past 0xFFFF
+		     (and roll around) */
+		  if(rank+scores[prefs[i].value]<=0xFFFF)
+		    scores[prefs[i].value]+=rank;
+		  else
+		    scores[prefs[i].value]=0xFFFF;
+
 		  mask[prefs[i].value/32] |= 1<<(prefs[i].value%32);
 
 		  rank++;
@@ -1406,10 +1411,31 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype,
 
   if(result==-1)
     {
+      unsigned int best=-1;    
+
       /* At this point, we have not selected an algorithm due to a
 	 special request or via personal prefs.  Pick the highest
 	 ranked algorithm (i.e. the one with the lowest score). */
 
+      if(preftype==PREFTYPE_HASH && scores[DIGEST_ALGO_MD5])
+	{
+	  /* "If you are building an authentication system, the recipient
+	     may specify a preferred signing algorithm. However, the
+	     signer would be foolish to use a weak algorithm simply
+	     because the recipient requests it." (RFC4880:14).  If any
+	     other hash algorithm is available, pretend that MD5 isn't.
+	     Note that if the user intentionally chose MD5 by putting it
+	     in their personal prefs, then we do what the user said (as we
+	     never reach this code). */
+
+	  for(i=DIGEST_ALGO_MD5+1;i<256;i++)
+	    if(scores[i])
+	      {
+		scores[DIGEST_ALGO_MD5]=0;
+		break;
+	      }
+	}
+
       for(i=0;i<256;i++)
 	{
 	  /* Note the '<' here.  This means in case of a tie, we will
@@ -1427,18 +1453,6 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype,
 	      result=i;
 	    }
 	}
-
-      /* "If you are building an authentication system, the recipient
-	 may specify a preferred signing algorithm. However, the
-	 signer would be foolish to use a weak algorithm simply
-	 because the recipient requests it." (RFC4880:14).  If we
-	 settle on MD5, and SHA1 is also available, use SHA1 instead.
-	 Note that if the user intentionally chose MD5 by putting it
-	 in their personal prefs, then we do what the user said (as we
-	 never reach this code). */
-      if(preftype==PREFTYPE_HASH && result==DIGEST_ALGO_MD5
-	 && (bits[0] & (1<<DIGEST_ALGO_SHA1)))
-	result=DIGEST_ALGO_SHA1;
     }
 
   return result;
author	David Shaw <[email protected]>	2010-10-29 19:54:56 +0000
committer	David Shaw <[email protected]>	2010-10-29 19:54:56 +0000
commit	2bd66b59a29a1d81b2c7a431160b68f0010417a4 (patch)
tree	21d3c5b44b0e55a34157216611f854e84489469f
parent	Fix memory leak (diff)
download	gnupg-2bd66b59a29a1d81b2c7a431160b68f0010417a4.tar.gz gnupg-2bd66b59a29a1d81b2c7a431160b68f0010417a4.zip