diff options
| author | NIIBE Yutaka <[email protected]> | 2015-04-30 08:20:08 +0000 |
|---|---|---|
| committer | NIIBE Yutaka <[email protected]> | 2015-04-30 08:20:08 +0000 |
| commit | 04667cabef2d6aaa214b288482bb902c891893a5 (patch) | |
| tree | e5931d87411613e42fc5fe6d435270689dd21a73 | |
| parent | gpg: Fix DoS while parsing mangled secret key packets. (diff) | |
| download | gnupg-04667cabef2d6aaa214b288482bb902c891893a5.tar.gz gnupg-04667cabef2d6aaa214b288482bb902c891893a5.zip | |
g10: fix cmp_public_key and cmp_secret_keys.
* g10/free-packet.c (cmp_public_keys, cmp_secret_keys): Compare opaque
data at the first entry of the array when it's unknown algo.
* mpi/mpi-cmp.c (mpi_cmp): Backport libgcrypt 1.5.0's semantics.
--
(backported from 2.0 commit 43429c7869152f301157e4b24790b3801dce0f0a)
GnuPG-bug-id: 1962
| -rw-r--r-- | g10/free-packet.c | 22 | ||||
| -rw-r--r-- | mpi/mpi-cmp.c | 16 |
2 files changed, 30 insertions, 8 deletions
diff --git a/g10/free-packet.c b/g10/free-packet.c index 0f8e0e8ce..e772c0866 100644 --- a/g10/free-packet.c +++ b/g10/free-packet.c @@ -452,11 +452,14 @@ cmp_public_keys( PKT_public_key *a, PKT_public_key *b ) return -1; n = pubkey_get_npkey( b->pubkey_algo ); - if( !n ) - return -1; /* can't compare due to unknown algorithm */ - for(i=0; i < n; i++ ) { - if( mpi_cmp( a->pkey[i], b->pkey[i] ) ) + if( !n ) { /* unknown algorithm, rest is in opaque MPI */ + if( mpi_cmp( a->pkey[0], b->pkey[0] ) ) return -1; + } else { + for(i=0; i < n; i++ ) { + if( mpi_cmp( a->pkey[i], b->pkey[i] ) ) + return -1; + } } return 0; @@ -479,11 +482,14 @@ cmp_secret_keys( PKT_secret_key *a, PKT_secret_key *b ) return -1; n = pubkey_get_npkey( b->pubkey_algo ); - if( !n ) - return -1; /* can't compare due to unknown algorithm */ - for(i=0; i < n; i++ ) { - if( mpi_cmp( a->skey[i], b->skey[i] ) ) + if( !n ) { /* unknown algorithm, rest is in opaque MPI */ + if( mpi_cmp( a->skey[0], b->skey[0] ) ) return -1; + } else { + for(i=0; i < n; i++ ) { + if( mpi_cmp( a->skey[i], b->skey[i] ) ) + return -1; + } } return 0; diff --git a/mpi/mpi-cmp.c b/mpi/mpi-cmp.c index e119fad04..3c1322a10 100644 --- a/mpi/mpi-cmp.c +++ b/mpi/mpi-cmp.c @@ -20,6 +20,7 @@ #include <config.h> #include <stdio.h> #include <stdlib.h> +#include <string.h> #include "mpi-internal.h" int @@ -49,6 +50,21 @@ mpi_cmp( MPI u, MPI v ) mpi_size_t usize, vsize; int cmp; + if (mpi_is_opaque (u) || mpi_is_opaque (v)) + { + if (mpi_is_opaque (u) && !mpi_is_opaque (v)) + return -1; + if (!mpi_is_opaque (u) && mpi_is_opaque (v)) + return 1; + if (!u->nbits && !v->nbits) + return 0; /* Empty buffers are identical. */ + if (u->nbits < v->nbits) + return -1; + if (u->nbits > v->nbits) + return 1; + return memcmp (u->d, v->d, u->nbits); + } + mpi_normalize( u ); mpi_normalize( v ); usize = u->nlimbs; |