aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* agent: Fix length test in sshcontrol parser.Werner Koch2015-04-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | * agent/command-ssh.c (ssh_search_control_file): Check S before upcasing it. -- In contradiction to the comment we did not check the length of HEXGRIP and thus the GPG_ERR_INV_LENGTH was never triggered. Detected by Stack 0.3: bug: anti-simplify model: | %cmp8 = icmp ne i32 %i.0, 40, !dbg !986 --> false stack: - /home/wk/s/gnupg/agent/command-ssh.c:1226:0 ncore: 2 core: - /home/wk/s/gnupg/agent/command-ssh.c:1225:0 - buffer overflow - /home/wk/s/gnupg/agent/command-ssh.c:1225:0 - buffer overflow (backported from 2.1 commit 3529dd8bb5bafc4e02915648d5f409bd27a9cc37)
* scd: Fix possible NULL deref in apdu.cWerner Koch2015-04-151-3/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/apdu.c (control_pcsc_direct): Take care of BUFLEN being NULL. (control_pcsc_wrapped): Ditto. -- pcsc_vendor_specific_init calls the above with BUFFER and BUFLEN as NULL. Reported by Stack 0.3: bug: anti-dce model: | control_pcsc.exit77: %retval.0.i.i76 = phi i32 [ %rc.0.i.i.i73, \ %pcsc_error_to_sw.exit.i.i74 ], [ 0, %if.end.i.i75 ] %tobool198 = icmp ne i32 %retval.0.i.i76, 0, !dbg !728 br i1 %tobool198, label %if.then199, label %if.end200, !dbg !728 stack: - /home/wk/s/gnupg/scd/apdu.c:1882:0 ncore: 1 core: - /home/wk/s/gnupg/scd/apdu.c:1309:0 - buffer overflow (backported from 2.1 commit ef0a3abf7305133d071bf1a94a7f461082f9a9aa)
* po: Update Japanese translation.NIIBE Yutaka2015-04-151-9/+6
|
* gpg: Fix DoS while parsing mangled secret key packets.Werner Koch2015-04-051-7/+43
| | | | | | | | | | | | | | | * g10/parse-packet.c (parse_key): Check PKTLEN before calling mpi_read et al. -- Due to the missing length checks PKTLEN may turn negative. Because PKTLEN is an unsigned int the malloc in read_rest would try to malloc a too large number and terminate the process with "error reading rest of packet: Cannot allocate memory". Reported-by: Hanno Böck. Signed-off-by: Werner Koch <[email protected]> (backported from 2.1 commit d901efcebaefaf6eae4a9b9aa8f0c2c055d3518a)
* doc: Document the changed default algos for gpgsm.Werner Koch2015-03-251-2/+2
| | | | --
* sm: Change default algos to SHA256 (CSR) and AES128 (bulk encryption).Werner Koch2015-03-252-3/+3
| | | | | | | | * sm/certreqgen.c (create_request): Change default hash algo. * sm/gpgsm.c (main): Change default bulk cipher algo. -- Signed-off-by: Werner Koch <[email protected]>
* gpgtar: Fix extracting files with !(size % 512)Andre Heinecke2015-03-171-1/+5
| | | | | | | | | | | | | | | | | | * tools/gpgtar-extract.c (extract_regular): Handle size multiples of RECORDSIZE. -- If a hdr->size was a multiple of 512 the last record would not have been written and the files corrupted accordingly. GnuPG-bug-id: 1926 Signed-off-by: Andre Heinecke <[email protected]> Changed to use only if-else. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 6cbbb0bec98e1acefc4c7163cc41a507469db920)
* common: Check option arguments for a valid rangeWerner Koch2015-03-112-8/+47
| | | | | | | | | | | | | | * common/argparse.h (ARGPARSE_INVALID_ARG): New. * common/argparse.c: Include limits h and errno.h. (initialize): Add error strings for new error constant. (set_opt_arg): Add range checking. -- Signed-off-by: Werner Koch <[email protected]> [ This is a backport of 0d73a242cb53522669cf712b5ece7d1ed05d003a from master to STABLE-BRANCH-2-0 ] Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* gpg: New command --list-gcrypt-config.Werner Koch2015-03-111-0/+10
| | | | | | | * g10/gpg.c (aListGcryptConfig): New. (main): Implement command. Signed-off-by: Werner Koch <[email protected]>
* gpg: Remove left-over debug message.Werner Koch2015-02-261-3/+0
| | | | * g10/armor.c (check_input): Remove log_debug.
* Post release updates.Werner Koch2015-02-182-1/+5
| | | | --
* Release 2.0.27gnupg-2.0.27Werner Koch2015-02-184-14/+36
|
* gpg: Remove an unused variable.Werner Koch2015-02-181-1/+0
| | | | * g10/import.c (import): Remove need_armor.
* po: Auto updateWerner Koch2015-02-1829-296/+847
| | | | --
* po: Update German translationWerner Koch2015-02-181-10/+32
|
* curl-shim: clean up varargsDaniel Kahn Gillmor2015-02-181-0/+2
| | | | | | | | | | | | | | | * keyserver/curl-shim.c (curl_easy_setopt) : ensure that va_end is called. -- stdarg(3) says: Each invocation of va_start() must be matched by a corresponding invocation of va_end() in the same function. Observed by Joshua Rogers <[email protected]> Debian-Bug-Id: #773475
* gpg: Print better diagnostics for keyserver operations.Werner Koch2015-02-185-22/+122
| | | | | | | | | | | | | | | | | | | | | | | * g10/armor.c (parse_key_failed_line): New. (check_input): Watch out for gpgkeys_ error lines. * g10/filter.h (armor_filter_context_t): Add field key_failed_code. * g10/import.c (import): Add arg r_gpgkeys_err. (import_keys_internal): Ditto. (import_keys_stream): Ditto. * g10/keyserver.c (keyserver_errstr): New. (keyserver_spawn): Detect "KEY " lines while sending. Get gpgkeys_err while receiving keys. (keyserver_work): Add kludge for better error messages. -- GnuPG-bug-id: 1832 Note that these changes can be backported to 1.4 but they don't make sense for 2.1 due to the removal of the keyserver helpers. The error reporting could be improved even more but given that this is an old GnuPG branch it is not justified to put too much effort into it. Signed-off-by: Werner Koch <[email protected]>
* keyserver: Show log prefix when not build with cURL.Werner Koch2015-02-131-0/+6
| | | | | | | * keyserver/ksutil.c (init_ks_options) [!HAVE_LIBCURL]: Set logging prefix. Signed-off-by: Werner Koch <[email protected]>
* Use inline functions to convert buffer data to scalars.Werner Koch2015-02-1220-275/+310
| | | | | | | | | | | | | | | | * include/host2net.h (buf16_to_ulong, buf16_to_uint): New. (buf16_to_ushort, buf16_to_u16): New. (buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New. -- This fixes sign extension on shift problems. Hanno Böck found a case with an invalid read due to this problem. To fix that almost all uses of "<< 24" and "<< 8" are changed by this patch to use an inline function from host2net.h. (back ported from commit 2183683bd633818dd031b090b5530951de76f392) Signed-off-by: Werner Koch <[email protected]>
* build: Update standard build-aux files.Werner Koch2015-02-124-537/+332
| | | | --
* doc: Change remaining http links to gnupg.org to httpsWerner Koch2015-02-123-3/+3
| | | | | -- GnuPG-bug-id: 1830
* gpg: Prevent an invalid memory read using a garbled keyring.Werner Koch2015-02-121-3/+21
| | | | | | | | | | | | | | | | | | | | * g10/keyring.c (keyring_get_keyblock): Whitelist allowed packet types. -- The keyring DB code did not reject packets which don't belong into a keyring. If for example the keyblock contains a literal data packet it is expected that the processing code stops at the data packet and reads from the input stream which is referenced from the data packets. Obviously the keyring processing code does not and cannot do that. However, when exporting this messes up the IOBUF and leads to an invalid read of sizeof (int). We now skip all packets which are not allowed in a keyring. Reported-by: Hanno Böck <[email protected]> (back ported from commit f0f71a721ccd7ab9e40b8b6b028b59632c0cc648)
* gpg: Fix a NULL-deref in export due to invalid packet lengths.Werner Koch2015-02-121-1/+2
| | | | | | | | | | * g10/build-packet.c (write_fake_data): Take care of a NULL stored as opaque MPI. -- Reported-by: Hanno Böck <[email protected]> (back ported from commit 0835d2f44ef62eab51fce6a927908f544e01cf8f)
* gpg: Fix a NULL-deref due to empty ring trust packets.Werner Koch2015-02-121-3/+5
| | | | | | | | | | * g10/parse-packet.c (parse_trust): Always allocate a packet. -- Reported-by: Hanno Böck <[email protected]> Signed-off-by: Werner Koch <[email protected]> (back ported from commit 39978487863066e59bb657f5fe4e8baab510da7e)
* kbx: Fix resource leak.Joshua Rogers2015-02-121-5/+32
| | | | | | | | | | | | | * kbx/keybox-update.c (blob_filecopy): Fix resource leak. On error return, 'fp' and 'newfp' was never closed. -- Signed-off-by: Joshua Rogers <[email protected]> [Log entry reformatted, and added more fixes - gniibe] (cherry picked from commit 7db6c82cec49b7c56c403a8ea98364086baf75f3)
* gpg: Limit the size of key packets to a sensible value.Werner Koch2015-02-121-3/+18
| | | | | | | | | | | | | | | | | | | | | | | | | * g10/parse-packet.c (MAX_KEY_PACKET_LENGTH): New. (MAX_UID_PACKET_LENGTH): New. (MAX_COMMENT_PACKET_LENGTH): New. (MAX_ATTR_PACKET_LENGTH): New. (parse_key): Limit the size of a key packet to 256k. (parse_user_id): Use macro for the packet size limit. (parse_attribute): Ditto. (parse_comment): Ditto. -- Without that it is possible to force gpg to allocate large amounts of memory by using a bad encoded MPI. This would be an too easy DoS. Another way to mitigate would be to change the MPI read function to allocate memory dynamically while reading the MPI. However, that complicates and possibly slows down the code. A too large key packet is in any case a sign for broken data and thus gpg should not use it. Reported-by: Hanno Böck GnuPG-bug-id: 1823 Signed-off-by: Werner Koch <[email protected]> (back ported from commit 382ba4b137b42d5f25a7e256bb7c053ee5ac7b64)
* Avoid double-close in unusual dotlock situations.Werner Koch2015-02-121-26/+32
| | | | | | | | | | | | | | | * jnlib/dotlock.c (create_dotlock): Avoid double close due to EINTR. -- close(2) says: close() should not be retried after an EINTR since this may cause a reused descriptor from another thread to be closed. (backported from commit 628b111fa679612e23c0d46505b1ecbbf091897d) Debian-Bug-Id: 773423 Signed-off-by: Werner Koch <[email protected]>
* gpg: Allow predefined names as answer to the keygen.algo prompt.Werner Koch2015-01-282-10/+40
| | | | | | | | * g10/keygen.c (ask_algo): Add list of strings. -- Signed-off-by: Werner Koch <[email protected]> (backported from commit b1d5ed6ac842469afcb84868d0f6641dc286a6c7)
* gpg: Print a warning if the subkey expiration may not be what you want.Werner Koch2015-01-261-1/+59
| | | | | | | | | | | | * g10/keyedit.c (subkey_expire_warning): New. keyedit_menu): Call it when needed. -- GnuPG-bug-id: 1715 The heuristic to detect a problem is not very advanced but it should catch the most common cases. (backported from commit ae3d1bbb65b65cf3c57bb14886be120f5e31635d)
* build: Update to gettext 0.19.3.Werner Koch2015-01-2615-1131/+1533
|
* build: Require automake 1.14.Werner Koch2015-01-264-16/+12
| | | | | | * Makefile.am (AUTOMAKE_OPTIONS): Move to ... * configure.ac (AM_INIT_AUTOMAKE): here. Add option serial-tests. * kbx/Makefile.am (INCLUDES): Remove. Include ../am/cmacros.
* po: Yet another update for Chinese (traditional)Jedi Lin2015-01-261-27/+31
|
* Remove incorrect expression leading to errors.Joshua Rogers2015-01-251-1/+1
| | | | | | | | | | | | * scd/ccid-driver.c (send_escape_cmd): Fix setting of 'rc'. -- Variable 'rc' in send_escape_cmd was overwritten before it was returned, leading to incorrect computation. Signed-off-by: Joshua Rogers <[email protected]> [Log entry reformatted - wk]
* gpgconf: Fix validity check for UINT32 values.Werner Koch2015-01-231-1/+1
| | | | | | | | | | | | | | * tools/gpgconf-comp.c (option_check_validity): Enable check for UINT32. -- Reported-by: Günther Noack <[email protected]> This is actually a bug which inhibited the checking of values of type UINT32. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 3f6abb57a7b5e54b593c5775c8f7a07d61119705)
* tools: Free variable before returnJoshua Rogers2015-01-131-1/+4
| | | | | | | | * tools/gpgconf-comp.c: Free 'dest_filename' before it is returned upon error. -- Signed-off-by: Joshua Rogers <[email protected]>
* sm: Avoid double-free on iconv failureDaniel Kahn Gillmor2015-01-131-0/+2
| | | | | | | | | | | | | | * sm/minip12.c: (p12_build) if jnlib_iconv_open fails, avoid double-free of pwbuf. -- Observed by Joshua Rogers <[email protected]>, who proposed a slightly different fix. Debian-Bug-Id: 773472 Added fix at a second place - wk.
* scd: Avoid double-free on error condition in scdDaniel Kahn Gillmor2015-01-131-4/+2
| | | | | | | | | | | | * scd/command.c (cmd_readkey): avoid double-free of cert -- When ksba_cert_new() fails, cert will be double-freed. Debian-Bug-Id: 773471 Original patch changed by wk to do the free only at leave.
* avoid future chance of using uninitialized memoryDaniel Kahn Gillmor2015-01-131-1/+1
| | | | | | | | | | | | | | | | | | | | * common/iobuf.c: (iobuf_open): initialize len -- In iobuf_open, IOBUFCTRL_DESC and IOBUFCTRL_INIT commands are invoked (via file_filter()) on fcx, passing in a pointer to an uninitialized len. With these two commands, file_filter doesn't actually do anything with the value of len, so there's no actual risk of use of uninitialized memory in the code as it stands. However, some static analysis tools might flag this situation with a warning, and initializing the value doesn't hurt anything, so i think this trivial cleanup is warranted. Debian-Bug-Id: 773469
* gpgkey2ssh: clean up varargsDaniel Kahn Gillmor2015-01-131-0/+2
| | | | | | | | | | | | | | * tools/gpgkey2ssh.c (key_to_blob) : ensure that va_end is called. -- stdarg(3) says: Each invocation of va_start() must be matched by a corresponding invocation of va_end() in the same function. Observed by Joshua Rogers <[email protected]> Debian-Bug-Id: 773415
* doc: Fix memory leak in yat2m.Werner Koch2015-01-131-0/+1
| | | | | | | * doc/yat2m.c (write_th): Free NAME. -- Reported-by: Joshua Rogers <[email protected]>
* gpgsm: Return NULL on failWerner Koch2015-01-131-0/+1
| | | | | | | | | | | | | | | | | * sm/gpgsm.c (parse_keyserver_line): Set SERVER to NULL. -- Cherry-pick of abd5f6752d693b7f313c19604f0723ecec4d39a6. Reported-by: Joshua Rogers <[email protected]> "If something inside the ldapserver_parse_one function failed, 'server' would be freed, then returned, leading to a use-after-free. This code is likely copied from sm/gpgsm.c, which was also susceptible to this bug." Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix possible read of unallocated memoryWerner Koch2015-01-131-4/+7
| | | | | | | | | | | | | | | | | * g10/parse-packet.c (can_handle_critical): Check content length before calling can_handle_critical_notation. -- The problem was found by Jan Bee and gniibe proposed the used fix. Thanks. This bug can't be exploited: Only if the announced length of the notation is 21 or 32 a memcmp against fixed strings using that length would be done. The compared data is followed by the actual signature and thus it is highly likely that not even read of unallocated memory will happen. Nevertheless such a bug needs to be fixed. Signed-off-by: Werner Koch <[email protected]>
* scd: Fix possibly inhibited checkpin of the admin pin.Werner Koch2015-01-091-1/+1
| | | | | | | * scd/app-openpgp.c (do_check_pin): Do not check a byte of a released buffer. Signed-off-by: Werner Koch <[email protected]>
* scd: fix get_public_key for OpenPGPcard v1.0.Joshua Rogers2015-01-081-1/+1
| | | | | | | | | | | * scd/app-openpgp.c (get_public_key): correctly close 'fp' upon use. -- Inside the get_public_key function, 'fp' was opened using popen, but incorrectly closed using fclose. Debian-Bug-Id: 773474
* gpg: release DEK soon after its use.NIIBE Yutaka2014-12-121-1/+1
| | | | | | | | | | | | | | | | * g10/keygen.c (generate_subkeypair): Release DEK soon. -- This fixes the out_of_core error in the test case of adding RSA-4096 subkey to RSA-4096 primary key with configuration: s2k-cipher-algo S10 Debian-bug-id: 772780 Cherry-picked da66ad5bba4215b9ddd0cb927a89aa75355632aa from STABLE-BRANCH-1-4 branch.
* po: Update French translationDavid Prévot2014-11-261-156/+163
|
* po: Update Danish translationDavid Prévot2014-11-261-26/+38
|
* po: Update Ukrainian translationYuri Chornoivan2014-11-261-41/+51
|
* po: Update Chinese (traditional) translationJedi Lin2014-11-261-27/+34
|
* po: Update Russian translationIneiev2014-11-261-1287/+1275
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-20 21:39:03 +0000