diff options
Diffstat (limited to 'sm')
| -rw-r--r-- | sm/call-agent.c | 23 | ||||
| -rw-r--r-- | sm/decrypt.c | 6 | ||||
| -rw-r--r-- | sm/keydb.c | 5 |
3 files changed, 22 insertions, 12 deletions
diff --git a/sm/call-agent.c b/sm/call-agent.c index b37c2e53d..7ee728b74 100644 --- a/sm/call-agent.c +++ b/sm/call-agent.c @@ -477,7 +477,7 @@ gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc, { int rc; char line[ASSUAN_LINELENGTH]; - membuf_t data; + membuf_t data; struct cipher_parm_s cipher_parm; size_t n, len; char *p, *buf, *endp; @@ -528,7 +528,8 @@ gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc, return rc; } - put_membuf (&data, "", 1); /* Make sure it is 0 terminated. */ + /* Make sure it is 0 terminated so we can invoke strtoul safely. */ + put_membuf (&data, "", 1); buf = get_membuf (&data, &len); if (!buf) return gpg_error (GPG_ERR_ENOMEM); @@ -538,14 +539,20 @@ gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc, { if (len < 13 || memcmp (buf, "(5:value", 8) ) /* "(5:valueN:D)\0" */ return gpg_error (GPG_ERR_INV_SEXP); - len -= 11; /* Count only the data of the second part. */ - p = buf + 8; /* Skip leading parenthesis and the value tag. */ + /* Trim any spurious trailing Nuls: */ + while (buf[len-1] == 0) + len--; + if (buf[len-1] != ')') + return gpg_error (GPG_ERR_INV_SEXP); + len--; /* Drop the final close-paren: */ + p = buf + 8; /* Skip leading parenthesis and the value tag. */ + len -= 8; /* Count only the data of the second part. */ } else { /* For compatibility with older gpg-agents handle the old style - incomplete S-exps. */ - len--; /* Do not count the Nul. */ + incomplete S-exps. */ + len--; /* Do not count the Nul. */ p = buf; } @@ -553,8 +560,8 @@ gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc, if (!n || *endp != ':') return gpg_error (GPG_ERR_INV_SEXP); endp++; - if (endp-p+n > len) - return gpg_error (GPG_ERR_INV_SEXP); /* Oops: Inconsistent S-Exp. */ + if (endp-p+n != len) + return gpg_error (GPG_ERR_INV_SEXP); /* Oops: Inconsistent S-Exp. */ memmove (buf, endp, n); diff --git a/sm/decrypt.c b/sm/decrypt.c index ec9800840..02b5509e6 100644 --- a/sm/decrypt.c +++ b/sm/decrypt.c @@ -75,10 +75,10 @@ prepare_decryption (ctrl_t ctrl, const char *hexkeygrip, const char *desc, log_printhex (seskey, seskeylen, "pkcs1 encoded session key:"); n=0; - if (seskeylen == 24 || seskeylen == 16) + if (seskeylen == 32 || seskeylen == 24 || seskeylen == 16) { - /* Smells like a 3-DES or AES-128 key. This might happen - * because a SC has already done the unpacking. A better + /* Smells like an AES-128, 3-DES, or AES-256 key. This might + * happen because a SC has already done the unpacking. A better * solution would be to test for this only after we triggered * the GPG_ERR_INV_SESSION_KEY. */ } diff --git a/sm/keydb.c b/sm/keydb.c index cf643abcd..5c7ff6fce 100644 --- a/sm/keydb.c +++ b/sm/keydb.c @@ -362,7 +362,10 @@ keydb_add_resource (ctrl_t ctrl, const char *url, int force, int *auto_created) if (kbxhd) { if (!keybox_lock (kbxhd, 1, 0)) - keybox_compress (kbxhd); + { + keybox_compress (kbxhd); + keybox_lock (kbxhd, 0, 0); + } keybox_release (kbxhd); } |