| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
* configure.ac (AM_INIT_AUTOMAKE): Add serial-tests.
|
| | |
|
| |
|
|
|
|
|
|
| |
* tools/gpgconf-comp.c: Free 'dest_filename' before it is returned
upon error.
--
Signed-off-by: Joshua Rogers <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/minip12.c: (p12_build) if jnlib_iconv_open fails, avoid
double-free of pwbuf.
--
Observed by Joshua Rogers <[email protected]>, who proposed a
slightly different fix.
Debian-Bug-Id: 773472
Added fix at a second place - wk.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* scd/command.c (cmd_readkey): avoid double-free of cert
--
When ksba_cert_new() fails, cert will be double-freed.
Debian-Bug-Id: 773471
Original patch changed by wk to do the free only at leave.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/iobuf.c: (iobuf_open): initialize len
--
In iobuf_open, IOBUFCTRL_DESC and IOBUFCTRL_INIT commands are invoked
(via file_filter()) on fcx, passing in a pointer to an uninitialized
len.
With these two commands, file_filter doesn't actually do anything with
the value of len, so there's no actual risk of use of uninitialized
memory in the code as it stands.
However, some static analysis tools might flag this situation with a
warning, and initializing the value doesn't hurt anything, so i think
this trivial cleanup is warranted.
Debian-Bug-Id: 773469
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/dotlock.c: (dotlock_create_unix) avoid double-close()
in unusual situations.
--
close(2) says:
close() should not be retried after an EINTR since this may
cause a reused descriptor from another thread to be closed.
Before this patch was applied, if close(fd) failed with EINTR, it
would be closed again in the write_failed: block.
It could also have been closed a second time in the case that
(use_hardlinks_p (h->tname)) evaluated to something other than 0 or 1.
This patch avoids both of those scenarios.
Note that close() could still be called twice on the same file
descriptor if the first close(fd) fails but errno is not EINTR. I'm
not sure the right thing to do in that scenario. An alternate
resolution could be to unequivocally set fd to -1 after the first
failed close(fd), avoiding the errno == EINTR test.
Debian-Bug-Id: 773423
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpgkey2ssh.c (key_to_blob) : ensure that va_end is called.
--
stdarg(3) says:
Each invocation of va_start() must be matched by a
corresponding invocation of va_end() in the same function.
Observed by Joshua Rogers <[email protected]>
Debian-Bug-Id: 773415
|
| |
|
|
|
|
|
| |
* doc/yat2m.c (write_th): Free NAME.
--
Reported-by: Joshua Rogers <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* dirmngr/server.c (cmd_ks_search, cmd_ks_get): Fix memory leak.
* dirmngr/ks-engine-hkp.c (ks_hkp_mark_host): Remove double check.
--
Reported-by: Joshua Rogers <[email protected]>
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/crlfetch.c (crl_fetch): Check that URL is not NULL.
--
Reported-by: Joshua Rogers <[email protected]>
"Remove un-needed check. If 'url' were not to be true,
http_parse_uri(parse_uri(do_parse_uri))) would fail, leaving 'err'
false."
In addition I added an explicit check for the URL arg not beeing NULL.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/ldapserver.c (ldapserver_parse_one): Set SERVER to NULL.
* sm/gpgsm.c (parse_keyserver_line): Ditto.
--
Reported-by: Joshua Rogers <[email protected]>
"If something inside the ldapserver_parse_one function failed,
'server' would be freed, then returned, leading to a
use-after-free. This code is likely copied from sm/gpgsm.c, which
was also susceptible to this bug."
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/divert-scd.c (divert_pkdecrypt): Support ECDH.
* scd/app-openpgp.c (get_algo_byte, store_fpr): Support ECDH.
(send_key_attr): Support ECDH. Fix EdDSA algorithm value.
(retrieve_key_material): Initialize fields.
(get_public_key, ecc_writekey, do_writekey): Support ECDH.
(ecdh_writekey): Remove.
(do_decipher): Support ECDH.
(parse_algorithm_attribute): Support ECDH. Fix EdDSA.
--
Following the gpg-agent protocol, SCDaemon's counter part is now
implemented.
|
| |
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (finalize_rereadable_options): New.
(main, reread_configuration): Call it.
--
This change should help to avoid surprising behaviour.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/command-ssh.c (setup_ssh_env): Move code to ...
* agent/gpg-agent.c (agent_copy_startup_env): .. new function. Change
calllers.
* agent/command.c (start_command_handler): Call that fucntion for
restricted connections.
--
A remote connection is and should not be able to setup the local
session environment. However, unless --keep-display is used we would
be left without an environment and thus pinentry can't be used. The
fix is the same as used for ssh-agent connection: We use the default
environment as used at the startup of the agent.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* agent/command.c (cmd_setkeydesc): Use %0A and not \n. Make
translatable.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
* configure.ac (build-agent): Set to yes.
|
| |
|
|
|
|
|
| |
* tools/gpgconf-comp.c (gc_component_launch): Return an error code.
* tools/gpgconf.c (main): Exit if launch failed.
--
GnuPG-bug-id: 1791
|
| |
|
|
|
|
| |
--
Investigated who is P.KATOH, and fixed the header, accordingly.
|
| |
|
|
| |
--
|
| | |
|
| |
|
|
| |
--
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* g10/call-agent.c (agent_release_card_info): Free private_do.
(learn_status_cb): Parse PRIVATE-DO-n stati.
--
Reported-by: Damien Goutte-Gattat <[email protected]>
Provided patch extended to release the memory.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/util.h (GPG_ERR_OBJ_TERM_STATE): New.
* scd/iso7816.c (map_sw): Add this error code.
* scd/app-openpgp.c (do_getattr): Return the life cycle indicator.
* scd/app.c (select_application): Allow a return value of
GPG_ERR_OBJ_TERM_STATE.
* scd/scdaemon.c (set_debug): Print the DBG_READER value.
* g10/call-agent.c (start_agent): Print a status line for the
termination state.
(agent_scd_learn): Make arg "info" optional.
(agent_scd_apdu): New.
* g10/card-util.c (send_apdu): New.
(factory_reset): New.
(card_edit): Add command factory-reset.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/misc.c (pct_expando): Reorder conditions for clarity.
* g10/sign.c (write_signature_packets): Fix notation data creation.
--
Also re-added the check for signature version > 3.
Reported-by: MFPA
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
* g10/keylist.c (show_notation): Use log_printf.
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
| |
* scd/app-openpgp.c (do_check_pin): Do not check a byte of a released
buffer.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/command.c (cmd_learn): Add option --sendinfo.
* agent/learncard.c (agent_handle_learn): Add arg "send" andsend
certifciate only if that is set.
* g10/call-agent.c (agent_scd_learn): Use --sendinfo. Make INFO
optional.
(agent_learn): Remove.
* g10/keygen.c (gen_card_key): Replace agent_learn by agent_scd_learn.
--
The requirement of using --card-status on the first use of card on a
new box is a bit annoying but the alternative of always checking
whether a card is available before a decryption starts does not sound
promising either.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/parse-packet.c (can_handle_critical): Check content length
before calling can_handle_critical_notation.
--
The problem was found by Jan Bee and gniibe proposed the used fix.
Thanks.
This bug can't be exploited: Only if the announced length of the
notation is 21 or 32 a memcmp against fixed strings using that length
would be done. The compared data is followed by the actual signature
and thus it is highly likely that not even read of unallocated memory
will happen. Nevertheless such a bug needs to be fixed.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* m4/intl.m4: s/AM_PROG_MKDIR_P/AC_PROG_MKDIR_P/
* m4/po.m4: Ditto.
--
In preparation of moving to automake 1.14.
GnuPG-bug-id: 1776
|
| |
|
|
|
| |
* dirmngr/ks-engine-hkp.c (handle_send_request_error): Mark host dead
also for 2 other error messages.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* common/http.c (send_request): Print TLS alert info
(connect_server): Detect bogus DNS entry.
--
1. Prints the TLS alert description.
2. Detect case where the DNS returns an IP address but the server is
not reachable at this address. This may happen for a server which
is reachable only at IPv6 but but the local machine has no full
IPv6 configuration.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/options.h (opt): Remove keyserver_options.other.
* g10/gpg.c (main): Obsolete option --honor-http-proxt.
* g10/keyserver.c (add_canonical_option): Replace by ...
(warn_kshelper_option): New.
(parse_keyserver_uri): Obsolete "x-broken-http".
--
Some of these options are deprecated for 10 years and they do not make
any sense without the keyserver helpers. For one we print a hint on
how to replace it:
gpg: keyserver option 'ca-cert-file' is obsolete; \
please use 'hkp-cacert' in dirmngr.conf
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (map_host): Change to return an gpg_error_t.
Return an error code for all dead hosts.
(make_host_part): Change to return an gpg_error_t. Change all
callers.
--
The functions used to return an error code via ERRNO. However, this
does not allow to return extra error codes in a portable way. Thus we
change the function to directly return a gpg_error_t.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
* g10/keyserver.c (keyserver_put): Write an status error.
|
| |
|
|
|
| |
* scd/app-openpgp.c (get_algo_byte): It catches 22.
(store_fpr): It's MPI usually, but it's opaque bytes for EdDSA.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
doc: Document no-allow-mark-trusted for gpg-agent
* doc/gpg-agent.texi: Change allow-mark-trusted doc to
no-allow-mark-trusted.
--
Since rev. 78a56b14 allow-mark-trusted is the default option
and was replaced by no-allow-mark-trusted to disable the
interactive prompt.
Signed-off-by: Andre Heinecke <[email protected]>
|
| |
|
|
|
|
| |
* g10/card-util.c (card_store_subkey): Error check.
* scd/app-opengpg.c (ecc_writekey): Support NIST P-256.
(do_writekey): Error check.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (import): Skip too large keys.
* kbx/keybox-file.c (IMAGELEN_LIMIT): Change limit from 2MB to 5MB.
--
The key which triggered the problem was 0x57930DAB0B86B067. With this
patch it can be imported. Keys larger than the now increased limit of
5MB will are skipped and the already existing not_imported counter is
bumped up.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
| |
* g10/gpg.c (opts): Remove them.
* g10/options.h (opt): s/throw_keyid/throw_keyids/ and change users.
--
See mails starting
http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029128.html
|
| |
|
|
|
|
|
|
|
| |
* agent/call-scd.c (agent_card_pksign): Replace sprintf by bin2hex.
* agent/command-ssh.c (ssh_identity_register): Ditto.
* agent/pkdecrypt.c (agent_pkdecrypt): Replace sprintf by
put_membuf_printf.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* configure.ac (AC_CHECK_HEADERS): Check for sys.select.h
* tools/watchgnupg.c: Include it.
--
It seems http://www.musl-libc.org/ is quite limited and requires
the use sys/select.h instead of unistd.h et al.
|
