diff options
| author | Werner Koch <[email protected]> | 2018-12-04 14:43:19 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2018-12-04 14:43:19 +0000 |
| commit | c6e2ee020784de63edfa83c76095e086eae49eef (patch) | |
| tree | 54c84e99311f06dc18cf38dfea1794a2e984b87e /g10/keygen.c | |
| parent | wks: Allow reading of --install-key arguments from stdin. (diff) | |
| download | gnupg-c6e2ee020784de63edfa83c76095e086eae49eef.tar.gz gnupg-c6e2ee020784de63edfa83c76095e086eae49eef.zip | |
gpg: Prepare revocation keys for use with v5 keys.
* g10/packet.h (struct revocation_key): Add field 'fprlen'.
* g10/parse-packet.c (parse_revkeys): Set fprlen and allow for v5
keys. Also fix reading of unitialized data at place where
MAX_FINGERPRINT_LEN is used.
* g10/revoke.c (gen_desig_revoke): Allow for v5 keys and use fprlen.
Do an explicit compare to avoid reading unitialized data.
* g10/sig-check.c (check_revocation_keys): Use the fprlen.
* g10/getkey.c (merge_selfsigs_main): Do an explicit copy to avoid
reading unitialized data.
* g10/import.c (revocation_present): Use fprlen.
* g10/keyedit.c (show_key_with_all_names): Use fprlen.
(menu_addrevoker): Use fprlen. Allow for v5 keys.
* g10/keygen.c (keygen_add_revkey): Use fprlen.
(parse_revocation_key): Allow for v5 keys.
* g10/keyid.c (keyid_from_fingerprint): Allow for v5 keys. Print a
better error message in case of bogus fingerprints.
* g10/keylist.c (print_revokers): Use fprlen.
--
The reading of uninitialized data is harmless but we better fix it to
make valgrind happy. More serious was that we always passed
MAX_FINGERPRINT_LEN but we will need to support 20 and 32 octet
fingerprints and MAX_FINGERPRINT_LEN would be too large for a v4.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'g10/keygen.c')
| -rw-r--r-- | g10/keygen.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/g10/keygen.c b/g10/keygen.c index 145b871b0..61f839a9f 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -943,11 +943,13 @@ keygen_add_revkey (PKT_signature *sig, void *opaque) struct revocation_key *revkey = opaque; byte buf[2+MAX_FINGERPRINT_LEN]; + log_assert (revkey->fprlen <= MAX_FINGERPRINT_LEN); buf[0] = revkey->class; buf[1] = revkey->algid; - memcpy (&buf[2], revkey->fpr, MAX_FINGERPRINT_LEN); + memcpy (buf + 2, revkey->fpr, revkey->fprlen); + memset (buf + 2 + revkey->fprlen, 0, sizeof (revkey->fpr) - revkey->fprlen); - build_sig_subpkt (sig, SIGSUBPKT_REV_KEY, buf, 2+MAX_FINGERPRINT_LEN); + build_sig_subpkt (sig, SIGSUBPKT_REV_KEY, buf, 2+revkey->fprlen); /* All sigs with revocation keys set are nonrevocable. */ sig->flags.revocable = 0; @@ -3526,6 +3528,8 @@ parse_revocation_key (const char *fname, revkey.fpr[i]=c; } + if (i != 20 && i != 32) + goto fail; /* skip to the tag */ while(*pn && *pn!='s' && *pn!='S') @@ -3538,7 +3542,7 @@ parse_revocation_key (const char *fname, return 0; - fail: + fail: log_error("%s:%d: invalid revocation key\n", fname, r->lnr ); return -1; /* error */ } |