From e6175055fbca958b7fa43aaf84359574ca7f3ebb Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Fri, 4 Oct 2013 08:20:49 +0200 Subject: gpg: Limit the nesting level of I/O filters. * common/iobuf.c (MAX_NESTING_FILTER): New. (iobuf_push_filter2): Limit the nesting level. * g10/mainproc.c (mainproc_context): New field ANY. Change HAVE_DATA and ANY_SIG_SIGN to bit fields of ANY. Add bit field UNCOMPRESS_FAILED. (proc_compressed): Avoid printing multiple Bad Data messages. (check_nesting): Return GPG_ERR_BAD_DATA instead of UNEXPECTED_DATA. -- This is a more general fix for the nested compression packet bug. In particular this helps g10/import.c:read_block to stop pushing compression filters onto an iobuf stream. This patch also reduces the number of error messages for the non-import case. Signed-off-by: Werner Koch (cherry picked from commit 35e40e2d514223c950c2f6d1214e02e92d87e997) Resolved conflicts: common/iobuf.c g10/mainproc.c --- common/iobuf.c | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'common') diff --git a/common/iobuf.c b/common/iobuf.c index a3058303d..71930208c 100644 --- a/common/iobuf.c +++ b/common/iobuf.c @@ -60,6 +60,10 @@ test "armored_key_8192" in armor.test! */ #define IOBUF_BUFFER_SIZE 8192 +/* To avoid a potential DoS with compression packets we better limit + the number of filters in a chain. */ +#define MAX_NESTING_FILTER 64 + /*-- End configurable part. --*/ @@ -1599,6 +1603,13 @@ iobuf_push_filter2 (iobuf_t a, if (a->use == 2 && (rc = iobuf_flush (a))) return rc; + + if (a->subno >= MAX_NESTING_FILTER) + { + log_error ("i/o filter too deeply nested - corrupted data?\n"); + return GPG_ERR_BAD_DATA; + } + /* make a copy of the current stream, so that * A is the new stream and B the original one. * The contents of the buffers are transferred to the -- cgit v1.2.3