blob: 4717174c24b62e63e2fc831cd2f0e31abbc005f7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
From 3f142b210ae0c01e1b21c2c057b12db574386e7a Mon Sep 17 00:00:00 2001
From: Justus Winter <justus@sequoia-pgp.org>
Date: Wed, 27 Oct 2021 09:51:13 +0200
Subject: [PATCH] Fix hashlen overflow
struct pgpDigParams_s keeps a copy of the verbatim key material for
hashing. The length of this data is kept in 'hashlen' which
previously was a uint8_t. However, the size of the signature's hashed
subpacket area can be up to 2^16 bytes, and one needs to hash some of
the signature packet's fields on top of that.
Hence, 'hashlen' must be at least a uint32_t.
This overflow happens in practice as soon as the signature's hashed
subpacket area contains an embedded signature. See section 11.1 of
RFC4880:
Each Subkey packet MUST be followed by one Signature packet, which
should be a subkey binding signature issued by the top-level key.
For subkeys that can issue signatures, the subkey binding signature
MUST contain an Embedded Signature subpacket with a primary key
binding signature (0x19) issued by the subkey on the top-level key.
While the embedded signature may be in the unhashed subpacket area
because it is self-authenticating, it is more robust to put it in the
hashed area.
---
rpmio/digest.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rpmio/digest.h b/rpmio/digest.h
index 690d176..3b72a28 100644
--- a/rpmio/digest.h
+++ b/rpmio/digest.h
@@ -33,7 +33,7 @@ struct pgpDigParams_s {
uint8_t hash_algo;
uint8_t sigtype;
- uint8_t hashlen;
+ uint32_t hashlen;
uint8_t signhash16[2];
pgpKeyID_t signid;
uint8_t saved;
--
1.8.3.1
|
