From 3f142b210ae0c01e1b21c2c057b12db574386e7a Mon Sep 17 00:00:00 2001 From: Justus Winter Date: Wed, 27 Oct 2021 09:51:13 +0200 Subject: [PATCH] Fix hashlen overflow struct pgpDigParams_s keeps a copy of the verbatim key material for hashing. The length of this data is kept in 'hashlen' which previously was a uint8_t. However, the size of the signature's hashed subpacket area can be up to 2^16 bytes, and one needs to hash some of the signature packet's fields on top of that. Hence, 'hashlen' must be at least a uint32_t. This overflow happens in practice as soon as the signature's hashed subpacket area contains an embedded signature. See section 11.1 of RFC4880: Each Subkey packet MUST be followed by one Signature packet, which should be a subkey binding signature issued by the top-level key. For subkeys that can issue signatures, the subkey binding signature MUST contain an Embedded Signature subpacket with a primary key binding signature (0x19) issued by the subkey on the top-level key. While the embedded signature may be in the unhashed subpacket area because it is self-authenticating, it is more robust to put it in the hashed area. --- rpmio/digest.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rpmio/digest.h b/rpmio/digest.h index 690d176..3b72a28 100644 --- a/rpmio/digest.h +++ b/rpmio/digest.h @@ -33,7 +33,7 @@ struct pgpDigParams_s { uint8_t hash_algo; uint8_t sigtype; - uint8_t hashlen; + uint32_t hashlen; uint8_t signhash16[2]; pgpKeyID_t signid; uint8_t saved; -- 1.8.3.1