~ubuntu-branches/ubuntu/hardy/gnupg2/hardy-security

Committer: Bazaar Package Importer
Author(s): Michael Bienia, Michael Bienia, Kees Cook
Date: 2006-12-07 00:28:23 UTC
mfrom: (1.1.5 upstream)
Revision ID: james.westby@ubuntu.com-20061207002823-0i7ittrpmsm1nv0i

Tags: 2.0.1-0ubuntu1

[ Michael Bienia ]
* New upstream version.
* Remaining changes:
  - Remove libpcsclite-dev, libopensc2-dev build dependencies (they are in
    universe).
* g10/encr-data.c: remotely controllable function pointer (CVE-2006-6235)
* debian/control: add libcurl3-gnutls-dev to build-depends
  (Closes Ubuntu: #62864)

[ Kees Cook ]
* debian/rules: include doc/ files as done with gnupg

files added:
intl/export.h

intl/hash-string.c

intl/intl-exports.c

intl/langprefs.c

intl/lock.c

intl/lock.h

intl/version.c

m4/glibc2.m4

m4/inttypes-h.m4

m4/lock.m4

m4/visibility.m4

files removed:
gl/m4/inttypes_h.m4

gl/m4/longlong.m4

gl/m4/stdint_h.m4

gl/m4/uintmax_t.m4

gl/m4/ulonglong.m4

files modified:
ABOUT-NLS

ChangeLog

Makefile.am

Makefile.in

NEWS

THANKS

TODO

VERSION

aclocal.m4

agent/ChangeLog

agent/Makefile.in

agent/agent.h

agent/call-pinentry.c

agent/call-scd.c

agent/command-ssh.c

agent/command.c

agent/findkey.c

agent/gpg-agent.c

agent/minip12.c

agent/protect.c

agent/trustlist.c

autogen.sh

common/ChangeLog

common/Makefile.in

common/estream.c

common/http.c

common/iobuf.c

common/util.h

config.guess

config.h.in

config.sub

configure

configure.ac

debian/changelog

debian/control

debian/gpgsm.install

debian/rules

doc/ChangeLog

doc/DETAILS

doc/Makefile.in

doc/gnupg.info

doc/gnupg.info-1

doc/gpg-agent.texi

doc/gpgsm.texi

doc/stamp-vti

doc/version.texi

g10/ChangeLog

g10/Makefile.am

g10/Makefile.in

g10/encr-data.c

g10/keygen.c

g10/keyid.c

g10/misc.c

g10/openfile.c

g10/pubkey-enc.c

g10/seckey-cert.c

g10/seskey.c

gl/Makefile.in

include/Makefile.in

intl/ChangeLog

intl/Makefile.in

intl/VERSION

intl/bindtextdom.c

intl/config.charset

intl/dcgettext.c

intl/dcigettext.c

intl/dcngettext.c

intl/dgettext.c

intl/dngettext.c

intl/eval-plural.h

intl/explodename.c

intl/finddomain.c

intl/gettext.c

intl/gettextP.h

intl/gmo.h

intl/hash-string.h

intl/intl-compat.c

intl/l10nflist.c

intl/libgnuintl.h.in

intl/loadinfo.h

intl/loadmsgcat.c

intl/localcharset.c

intl/localcharset.h

intl/locale.alias

intl/localealias.c

intl/localename.c

intl/log.c

intl/ngettext.c

intl/os2compat.c

intl/os2compat.h

intl/osdep.c

intl/plural-exp.c

intl/plural-exp.h

intl/plural.c

intl/plural.y

intl/printf-args.c

intl/printf-args.h

intl/printf-parse.c

intl/printf-parse.h

intl/printf.c

intl/ref-add.sin

intl/ref-del.sin

intl/relocatable.c

intl/relocatable.h

intl/textdomain.c

intl/vasnprintf.c

intl/vasnprintf.h

intl/vasnwprintf.h

intl/wprintf-parse.h

intl/xsize.h

jnlib/ChangeLog

jnlib/Makefile.in

jnlib/logging.c

kbx/ChangeLog

kbx/Makefile.in

kbx/kbxutil.c

keyserver/ChangeLog

keyserver/Makefile.am

keyserver/Makefile.in

keyserver/curl-shim.c

m4/ChangeLog

m4/Makefile.am

m4/Makefile.in

m4/codeset.m4

m4/gettext.m4

m4/glibc21.m4

m4/gnupg-pth.m4

m4/iconv.m4

m4/intdiv0.m4

m4/intmax.m4

m4/inttypes-pri.m4

m4/inttypes_h.m4

m4/lcmessage.m4

m4/lib-ld.m4

m4/lib-link.m4

m4/lib-prefix.m4

m4/libassuan.m4

m4/longdouble.m4

m4/longlong.m4

m4/nls.m4

m4/po.m4

m4/printf-posix.m4

m4/progtest.m4

m4/signed.m4

m4/size_max.m4

m4/stdint_h.m4

m4/uintmax_t.m4

m4/ulonglong.m4

m4/wchar_t.m4

m4/wint_t.m4

m4/xsize.m4

po/ChangeLog

po/Makefile.in.in

po/be.gmo

po/be.po

po/ca.gmo

po/ca.po

po/cs.gmo

po/cs.po

po/da.gmo

po/da.po

po/de.gmo

po/de.po

po/el.gmo

po/el.po

po/en@boldquot.gmo

po/en@boldquot.po

po/en@quot.gmo

po/en@quot.po

po/eo.gmo

po/eo.po

po/es.gmo

po/es.po

po/et.gmo

po/et.po

po/fi.gmo

po/fi.po

po/fr.gmo

po/fr.po

po/gl.gmo

po/gl.po

po/gnupg2.pot

po/hu.gmo

po/hu.po

po/id.gmo

po/id.po

po/it.gmo

po/it.po

po/ja.gmo

po/ja.po

po/nb.gmo

po/nb.po

po/pl.gmo

po/pl.po

po/pt.gmo

po/pt.po

po/pt_BR.gmo

po/pt_BR.po

po/ro.gmo

po/ro.po

po/ru.gmo

po/ru.po

po/sk.gmo

po/sk.po

po/sv.gmo

po/sv.po

po/tr.gmo

po/tr.po

po/zh_CN.gmo

po/zh_CN.po

po/zh_TW.gmo

po/zh_TW.po

scd/ChangeLog

scd/Makefile.am

scd/Makefile.in

scd/apdu.c

scd/app-openpgp.c

scd/app-p15.c

scd/ccid-driver.c

scd/command.c

scd/iso7816.c

scd/pcsc-wrapper.c

scd/scdaemon.c

scd/scdaemon.h

scripts/config.rpath

sm/ChangeLog

sm/Makefile.in

sm/certdump.c

sm/certreqgen.c

sm/gpgsm.h

sm/server.c

sm/verify.c

tests/Makefile.in

tests/openpgp/ChangeLog

tests/openpgp/Makefile.am

tests/openpgp/Makefile.in

tools/ChangeLog

tools/Makefile.am

tools/Makefile.in

tools/gpgconf-comp.c

version

Show diffs side-by-side

added added

removed removed

g10/encr-data.c

static int decode_filter ( void *opaque, int control, IOBUF a,

byte *buf, size_t *ret_len);

typedef struct

typedef struct decode_filter_context_s

{

gcry_cipher_hd_t cipher_hd;

gcry_md_hd_t mdc_hash;

char defer[22];

int defer_filled;

int eof_seen;

} decode_filter_ctx_t;

int refcount;

} *decode_filter_ctx_t;

/* Helper to release the decode context. */

static void

release_dfx_context (decode_filter_ctx_t dfx)

{

if (!dfx)

return;

assert (dfx->refcount);

if ( !--dfx->refcount )

{

gcry_cipher_close (dfx->cipher_hd);

dfx->cipher_hd = NULL;

gcry_md_close (dfx->mdc_hash);

dfx->mdc_hash = NULL;

xfree (dfx);

}

/****************

unsigned blocksize;

unsigned nprefix;

memset( &dfx, 0, sizeof dfx );

dfx = xtrycalloc (1, sizeof *dfx);

if (!dfx)

return gpg_error_from_syserror ();

dfx->refcount = 1;

if ( opt.verbose && !dek->algo_info_printed )

{

const char *s = gcry_cipher_algo_name (dek->algo);

102

goto leave;

103

blocksize = gcry_cipher_get_algo_blklen (dek->algo);

104

if ( !blocksize || blocksize > 16 )

log_fatal("unsupported blocksize %u\n", blocksize );

105

log_fatal ("unsupported blocksize %u\n", blocksize );

106

nprefix = blocksize;

107

if ( ed->len && ed->len < (nprefix+2) )

108

BUG();

109

110

if ( ed->mdc_method )

111

{

if (gcry_md_open (&dfx.mdc_hash, ed->mdc_method, 0 ))

112

if (gcry_md_open (&dfx->mdc_hash, ed->mdc_method, 0 ))

113

BUG ();

114

if ( DBG_HASHING )

gcry_md_start_debug (dfx.mdc_hash, "checkmdc");

115

gcry_md_start_debug (dfx->mdc_hash, "checkmdc");

116

}

117

rc = gcry_cipher_open (&dfx.cipher_hd, dek->algo,

118

rc = gcry_cipher_open (&dfx->cipher_hd, dek->algo,

119

GCRY_CIPHER_MODE_CFB,

120

(GCRY_CIPHER_SECURE

121

| ((ed->mdc_method || dek->algo >= 100)?

104

129

105

130

106

131

/* log_hexdump( "thekey", dek->key, dek->keylen );*/

107

rc = gcry_cipher_setkey (dfx.cipher_hd, dek->key, dek->keylen);

132

rc = gcry_cipher_setkey (dfx->cipher_hd, dek->key, dek->keylen);

108

133

if ( gpg_err_code (rc) == GPG_ERR_WEAK_KEY )

109

134

{

110

135

log_info(_("WARNING: message was encrypted with"

123

148

goto leave;

124

149

}

125

150

126

gcry_cipher_setiv (dfx.cipher_hd, NULL, 0);

151

gcry_cipher_setiv (dfx->cipher_hd, NULL, 0);

127

152

128

153

if ( ed->len )

129

154

{

144

169

temp[i] = c;

145

170

}

146

171

147

gcry_cipher_decrypt (dfx.cipher_hd, temp, nprefix+2, NULL, 0);

148

gcry_cipher_sync (dfx.cipher_hd);

172

gcry_cipher_decrypt (dfx->cipher_hd, temp, nprefix+2, NULL, 0);

173

gcry_cipher_sync (dfx->cipher_hd);

149

174

p = temp;

150

175

/* log_hexdump( "prefix", temp, nprefix+2 ); */

151

176

if (dek->symmetric

155

180

goto leave;

156

181

}

157

182

158

if ( dfx.mdc_hash )

159

gcry_md_write (dfx.mdc_hash, temp, nprefix+2);

160

183

if ( dfx->mdc_hash )

184

gcry_md_write (dfx->mdc_hash, temp, nprefix+2);

185

186

dfx->refcount++;

161

187

if ( ed->mdc_method )

162

iobuf_push_filter( ed->buf, mdc_decode_filter, &dfx );

188

iobuf_push_filter ( ed->buf, mdc_decode_filter, dfx );

163

189

else

164

iobuf_push_filter( ed->buf, decode_filter, &dfx );

190

iobuf_push_filter ( ed->buf, decode_filter, dfx );

165

191

166

192

proc_packets ( procctx, ed->buf );

167

193

ed->buf = NULL;

168

if ( ed->mdc_method && dfx.eof_seen == 2 )

194

if ( ed->mdc_method && dfx->eof_seen == 2 )

169

195

rc = gpg_error (GPG_ERR_INV_PACKET);

170

196

else if ( ed->mdc_method )

171

197

{

184

210

bytes are appended. */

185

211

int datalen = gcry_md_get_algo_dlen (ed->mdc_method);

186

212

187

gcry_cipher_decrypt (dfx.cipher_hd, dfx.defer, 22, NULL, 0);

188

gcry_md_write (dfx.mdc_hash, dfx.defer, 2);

189

gcry_md_final (dfx.mdc_hash);

213

assert (dfx->cipher_hd);

214

assert (dfx->mdc_hash);

215

gcry_cipher_decrypt (dfx->cipher_hd, dfx->defer, 22, NULL, 0);

216

gcry_md_write (dfx->mdc_hash, dfx->defer, 2);

217

gcry_md_final (dfx->mdc_hash);

190

218

191

if (dfx.defer[0] != '\xd3' || dfx.defer[1] != '\x14' )

219

if (dfx->defer[0] != '\xd3' || dfx->defer[1] != '\x14' )

192

220

{

193

221

log_error("mdc_packet with invalid encoding\n");

194

222

rc = gpg_error (GPG_ERR_INV_PACKET);

195

223

}

196

224

else if (datalen != 20

197

|| memcmp (gcry_md_read (dfx.mdc_hash, 0),dfx.defer+2,datalen))

225

|| memcmp (gcry_md_read (dfx->mdc_hash, 0),

226

dfx->defer+2,datalen ))

198

227

rc = gpg_error (GPG_ERR_BAD_SIGNATURE);

199

/* log_printhex("MDC message:", dfx.defer, 22); */

200

/* log_printhex("MDC calc:", gcry_md_read (dfx.mdc_hash,0), datalen); */

228

/* log_printhex("MDC message:", dfx->defer, 22); */

229

/* log_printhex("MDC calc:", gcry_md_read (dfx->mdc_hash,0), datalen); */

201

230

}

202

231

203

232

204

233

leave:

205

gcry_cipher_close (dfx.cipher_hd);

206

gcry_md_close (dfx.mdc_hash);

234

release_dfx_context (dfx);

207

235

return rc;

208

236

}

209

237

214

242

mdc_decode_filter (void *opaque, int control, IOBUF a,

215

243

byte *buf, size_t *ret_len)

216

244

{

217

decode_filter_ctx_t *dfx = opaque;

245

decode_filter_ctx_t dfx = opaque;

218

246

size_t n, size = *ret_len;

219

247

int rc = 0;

220

248

int c;

226

254

}

227

255

else if( control == IOBUFCTRL_UNDERFLOW )

228

256

{

229

assert(a);

230

assert( size > 44 );

257

assert (a);

258

assert ( size > 44 );

231

259

232

260

/* Get at least 22 bytes and put it somewhere ahead in the buffer. */

233

for(n=22; n < 44 ; n++ )

261

for (n=22; n < 44 ; n++ )

234

262

{

235

263

if( (c = iobuf_get(a)) == -1 )

236

264

break;

279

307

280

308

if ( n )

281

309

{

282

gcry_cipher_decrypt (dfx->cipher_hd, buf, n, NULL, 0);

283

gcry_md_write (dfx->mdc_hash, buf, n);

310

if ( dfx->cipher_hd )

311

gcry_cipher_decrypt (dfx->cipher_hd, buf, n, NULL, 0);

312

if ( dfx->mdc_hash )

313

gcry_md_write (dfx->mdc_hash, buf, n);

284

314

}

285

315

else

286

316

{

289

319

}

290

320

*ret_len = n;

291

321

}

322

else if ( control == IOBUFCTRL_FREE )

323

{

324

release_dfx_context (dfx);

325

}

292

326

else if ( control == IOBUFCTRL_DESC )

293

327

{

294

328

*(char**)buf = "mdc_decode_filter";

300

334

static int

301

335

decode_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len)

302

336

{

303

decode_filter_ctx_t *fc = opaque;

337

decode_filter_ctx_t fc = opaque;

304

338

size_t n, size = *ret_len;

305

339

int rc = 0;

306

340

311

345

if ( n == -1 )

312

346

n = 0;

313

347

if ( n )

314

gcry_cipher_decrypt (fc->cipher_hd, buf, n, NULL, 0);

348

{

349

if (fc->cipher_hd)

350

gcry_cipher_decrypt (fc->cipher_hd, buf, n, NULL, 0);

351

}

315

352

else

316

353

rc = -1; /* EOF */

317

354

*ret_len = n;

318

355

}

356

else if ( control == IOBUFCTRL_FREE )

357

{

358

release_dfx_context (fc);

359

}

319

360

else if ( control == IOBUFCTRL_DESC )

320

361

{

321

362

*(char**)buf = "decode_filter";

Older »