From c6e2ee020784de63edfa83c76095e086eae49eef Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 4 Dec 2018 15:43:19 +0100 Subject: gpg: Prepare revocation keys for use with v5 keys. * g10/packet.h (struct revocation_key): Add field 'fprlen'. * g10/parse-packet.c (parse_revkeys): Set fprlen and allow for v5 keys. Also fix reading of unitialized data at place where MAX_FINGERPRINT_LEN is used. * g10/revoke.c (gen_desig_revoke): Allow for v5 keys and use fprlen. Do an explicit compare to avoid reading unitialized data. * g10/sig-check.c (check_revocation_keys): Use the fprlen. * g10/getkey.c (merge_selfsigs_main): Do an explicit copy to avoid reading unitialized data. * g10/import.c (revocation_present): Use fprlen. * g10/keyedit.c (show_key_with_all_names): Use fprlen. (menu_addrevoker): Use fprlen. Allow for v5 keys. * g10/keygen.c (keygen_add_revkey): Use fprlen. (parse_revocation_key): Allow for v5 keys. * g10/keyid.c (keyid_from_fingerprint): Allow for v5 keys. Print a better error message in case of bogus fingerprints. * g10/keylist.c (print_revokers): Use fprlen. -- The reading of uninitialized data is harmless but we better fix it to make valgrind happy. More serious was that we always passed MAX_FINGERPRINT_LEN but we will need to support 20 and 32 octet fingerprints and MAX_FINGERPRINT_LEN would be too large for a v4. Signed-off-by: Werner Koch --- g10/parse-packet.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) (limited to 'g10/parse-packet.c') diff --git a/g10/parse-packet.c b/g10/parse-packet.c index c0f2ca12e..21a26c786 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1905,21 +1905,23 @@ parse_revkeys (PKT_signature * sig) while ((revkey = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REV_KEY, &len, &seq, NULL))) { - if (/* The only valid length is 22 bytes. See RFC 4880 - 5.2.3.15. */ - len == 22 - /* 0x80 bit must be set on the class. */ + /* Consider only valid packets. They must have a length of + * either 2+20 or 2+32 octets and bit 7 of the class octet must + * be set. */ + if ((len == 22 || len == 34) && (revkey[0] & 0x80)) { sig->revkey = xrealloc (sig->revkey, sizeof (struct revocation_key) * (sig->numrevkeys + 1)); - /* Copy the individual fields. */ sig->revkey[sig->numrevkeys].class = revkey[0]; sig->revkey[sig->numrevkeys].algid = revkey[1]; - memcpy (sig->revkey[sig->numrevkeys].fpr, &revkey[2], 20); - + len -= 2; + sig->revkey[sig->numrevkeys].fprlen = len; + memcpy (sig->revkey[sig->numrevkeys].fpr, revkey+2, len); + memset (sig->revkey[sig->numrevkeys].fpr+len, 0, + sizeof (sig->revkey[sig->numrevkeys].fpr) - len); sig->numrevkeys++; } } -- cgit v1.2.3