rpms/gnupg2
7
0
Fork 0
Code Issues Pull Requests Releases Activity

fix CVE-2012-6085 - skip invalid key packets (#891142)

Browse Source
This commit is contained in:
Tomas Mraz 2013-01-02 22:14:59 +01:00
parent 5eb4571a5e
commit 2af6509cf2
2 changed files with 67 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
gnupg-2.0.19-cve-2012-6085.patch Normal file
View File

@ -0,0 +1,61 @@
From: Werner Koch <wk@gnupg.org>
Date: Thu, 20 Dec 2012 08:43:41 +0000 (+0100)
Subject: gpg: Import only packets which are allowed in a keyblock.
X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=498882296ffac7987c644aaf2a0aa108a2925471
gpg: Import only packets which are allowed in a keyblock.
* g10/import.c (valid_keyblock_packet): New.
(read_block): Store only valid packets.
--
A corrupted key, which for example included a mangled public key
encrypted packet, used to corrupt the keyring. This change skips all
packets which are not allowed in a keyblock.
GnuPG-bug-id: 1455
(cherry-picked from commit 3a4b96e665fa639772854058737ee3d54ba0694e)
---
diff --git a/g10/import.c b/g10/import.c
index ba2439d..ad112d6 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -347,6 +347,27 @@ import_print_stats (void *hd)
}
+/* Return true if PKTTYPE is valid in a keyblock. */
+static int
+valid_keyblock_packet (int pkttype)
+{
+ switch (pkttype)
+ {
+ case PKT_PUBLIC_KEY:
+ case PKT_PUBLIC_SUBKEY:
+ case PKT_SECRET_KEY:
+ case PKT_SECRET_SUBKEY:
+ case PKT_SIGNATURE:
+ case PKT_USER_ID:
+ case PKT_ATTRIBUTE:
+ case PKT_RING_TRUST:
+ return 1;
+ default:
+ return 0;
+ }
+}
+
+
/****************
* Read the next keyblock from stream A.
* PENDING_PKT should be initialzed to NULL
@@ -424,7 +445,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root )
}
in_cert = 1;
default:
- if( in_cert ) {
+ if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
if( !root )
root = new_kbnode( pkt );
else

7
gnupg2.spec
View File

@ -1,7 +1,7 @@
Summary: Utility for secure communication and data storage Summary: Utility for secure communication and data storage
Name: gnupg2 Name: gnupg2
Version: 2.0.19 Version: 2.0.19
Release: 6%{?dist} Release: 7%{?dist}
License: GPLv3+ License: GPLv3+
Group: Applications/System Group: Applications/System
@ -15,6 +15,7 @@ Patch3: gnupg-2.0.18-secmem.patch
Patch4: gnupg-2.0.18-protect-tool-env.patch Patch4: gnupg-2.0.18-protect-tool-env.patch
Patch5: gnupg-2.0.16-ocsp-keyusage.patch Patch5: gnupg-2.0.16-ocsp-keyusage.patch
Patch6: gnupg-2.0.19-fips-algo.patch Patch6: gnupg-2.0.19-fips-algo.patch
Patch7: gnupg-2.0.19-cve-2012-6085.patch
URL: http://www.gnupg.org/ URL: http://www.gnupg.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -81,6 +82,7 @@ to the base GnuPG package
%patch4 -p1 -b .ptool-env %patch4 -p1 -b .ptool-env
%patch5 -p1 -b .keyusage %patch5 -p1 -b .keyusage
%patch6 -p1 -b .fips %patch6 -p1 -b .fips
%patch7 -p1 -b .valid-packet
# pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper) # pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper)
# Note: this is just the name of the default shared lib to load in scdaemon, # Note: this is just the name of the default shared lib to load in scdaemon,
@ -198,6 +200,9 @@ rm -rf %{buildroot}
%changelog %changelog
* Wed Jan 2 2013 Tomas Mraz <tmraz@redhat.com> - 2.0.19-7
- fix CVE-2012-6085 - skip invalid key packets (#891142)
* Thu Nov 22 2012 Tomas Mraz <tmraz@redhat.com> - 2.0.19-6 * Thu Nov 22 2012 Tomas Mraz <tmraz@redhat.com> - 2.0.19-6
- use AES as default crypto algorithm in FIPS mode (#879047) - use AES as default crypto algorithm in FIPS mode (#879047)