47 lines
1.6 KiB
Diff
47 lines
1.6 KiB
Diff
From 3f142b210ae0c01e1b21c2c057b12db574386e7a Mon Sep 17 00:00:00 2001
|
|
From: Justus Winter <justus@sequoia-pgp.org>
|
|
Date: Wed, 27 Oct 2021 09:51:13 +0200
|
|
Subject: [PATCH] Fix hashlen overflow
|
|
|
|
struct pgpDigParams_s keeps a copy of the verbatim key material for
|
|
hashing. The length of this data is kept in 'hashlen' which
|
|
previously was a uint8_t. However, the size of the signature's hashed
|
|
subpacket area can be up to 2^16 bytes, and one needs to hash some of
|
|
the signature packet's fields on top of that.
|
|
|
|
Hence, 'hashlen' must be at least a uint32_t.
|
|
|
|
This overflow happens in practice as soon as the signature's hashed
|
|
subpacket area contains an embedded signature. See section 11.1 of
|
|
RFC4880:
|
|
|
|
Each Subkey packet MUST be followed by one Signature packet, which
|
|
should be a subkey binding signature issued by the top-level key.
|
|
For subkeys that can issue signatures, the subkey binding signature
|
|
MUST contain an Embedded Signature subpacket with a primary key
|
|
binding signature (0x19) issued by the subkey on the top-level key.
|
|
|
|
While the embedded signature may be in the unhashed subpacket area
|
|
because it is self-authenticating, it is more robust to put it in the
|
|
hashed area.
|
|
---
|
|
rpmio/digest.h | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/rpmio/digest.h b/rpmio/digest.h
|
|
index 690d176..3b72a28 100644
|
|
--- a/rpmio/digest.h
|
|
+++ b/rpmio/digest.h
|
|
@@ -33,7 +33,7 @@ struct pgpDigParams_s {
|
|
|
|
uint8_t hash_algo;
|
|
uint8_t sigtype;
|
|
- uint8_t hashlen;
|
|
+ uint32_t hashlen;
|
|
uint8_t signhash16[2];
|
|
pgpKeyID_t signid;
|
|
uint8_t saved;
|
|
--
|
|
1.8.3.1
|
|
|