From d837f6b0eadb14ea08c1c6030b4d6adaaee8778e Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 2 Jun 2016 15:14:49 +0200 Subject: gpg: Do not abort on certain invalid packets. * g10/build-packet.c (write_fake_data): Check for non-opaque data. * g10/seskey.c (do_encode_md): Return NULL instead of abort. -- The first may happen if the usage flags of an algorithm do not match the allowed usage. When writing a backsig this would lead to a log_bug in libgcrypt due to the use of a regular MPI as opaque data. The second may happen with all kind of invalid data. It is easy to avoid an abort, though. Signed-off-by: Werner Koch --- g10/build-packet.c | 2 ++ g10/seskey.c | 9 ++++++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/g10/build-packet.c b/g10/build-packet.c index 1353a863c..2745734b4 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -301,6 +301,8 @@ write_fake_data (IOBUF out, gcry_mpi_t a) if (!a) return 0; + if (!gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE)) + return 0; /* e.g. due to generating a key with wrong usage. */ p = gcry_mpi_get_opaque ( a, &n); if (!p) return 0; /* For example due to a read error in diff --git a/g10/seskey.c b/g10/seskey.c index c41a1455b..e5385af98 100644 --- a/g10/seskey.c +++ b/g10/seskey.c @@ -211,9 +211,12 @@ do_encode_md( gcry_md_hd_t md, int algo, size_t len, unsigned nbits, int i,n; gcry_mpi_t a; - if( len + asnlen + 4 > nframe ) - log_bug ("can't encode a %d bit MD into a %d bits frame, algo=%d\n", - (int)(len*8), (int)nbits, algo); + if (len + asnlen + 4 > nframe) + { + log_error ("can't encode a %d bit MD into a %d bits frame, algo=%d\n", + (int)(len*8), (int)nbits, algo); + return NULL; + } /* We encode the MD in this way: * -- cgit v1.2.3