diff options
| author | DongHun Kwak <dh0128.kwak@samsung.com> | 2021-02-09 16:00:04 +0900 |
|---|---|---|
| committer | DongHun Kwak <dh0128.kwak@samsung.com> | 2021-02-09 16:00:04 +0900 |
| commit | a96eb3d6fb24d0f4430469d6f7224345df4d5570 (patch) | |
| tree | 245128281599d185257e1edf0bc2fde60604107e /kbx | |
| parent | 7f297dd64af2a4fe4397d5bdaba00fe68f49390d (diff) | |
| download | gpg2-a96eb3d6fb24d0f4430469d6f7224345df4d5570.tar.gz gpg2-a96eb3d6fb24d0f4430469d6f7224345df4d5570.tar.bz2 gpg2-a96eb3d6fb24d0f4430469d6f7224345df4d5570.zip | |
Imported Upstream version 2.1.8upstream/2.1.8
Diffstat (limited to 'kbx')
| -rw-r--r-- | kbx/Makefile.am | 8 | ||||
| -rw-r--r-- | kbx/keybox-openpgp.c | 9 | ||||
| -rw-r--r-- | kbx/keybox-search.c | 3 | ||||
| -rw-r--r-- | kbx/keybox.h | 3 |
4 files changed, 18 insertions, 5 deletions
diff --git a/kbx/Makefile.am b/kbx/Makefile.am index 5df2bba..95138e0 100644 --- a/kbx/Makefile.am +++ b/kbx/Makefile.am @@ -26,7 +26,7 @@ include $(top_srcdir)/am/cmacros.am AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) -noinst_LIBRARIES = libkeybox.a +noinst_LIBRARIES = libkeybox.a libkeybox509.a bin_PROGRAMS = kbxutil if HAVE_W32CE_SYSTEM @@ -48,11 +48,17 @@ common_sources = \ libkeybox_a_SOURCES = $(common_sources) +libkeybox509_a_SOURCES = $(common_sources) + +libkeybox_a_CFLAGS = $(AM_CFLAGS) +libkeybox509_a_CFLAGS = $(AM_CFLAGS) -DKEYBOX_WITH_X509=1 + # We need W32SOCKLIBS because the init subsystem code in libcommon # requires it - although we don't actually need it. It is easier # to do it this way. kbxutil_SOURCES = kbxutil.c $(common_sources) +kbxutil_CFLAGS = $(AM_CFLAGS) -DKEYBOX_WITH_X509=1 kbxutil_LDADD = ../common/libcommon.a \ $(KSBA_LIBS) $(LIBGCRYPT_LIBS) $(extra_libs) \ $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV) $(W32SOCKLIBS) diff --git a/kbx/keybox-openpgp.c b/kbx/keybox-openpgp.c index 2cac242..a5f602b 100644 --- a/kbx/keybox-openpgp.c +++ b/kbx/keybox-openpgp.c @@ -139,7 +139,14 @@ next_packet (unsigned char const **bufptr, size_t *buflen, return gpg_error (GPG_ERR_UNEXPECTED); } - if (pktlen == (unsigned long)(-1)) + if (pkttype == 63 && pktlen == 0xFFFFFFFF) + /* Sometimes the decompressing layer enters an error state in + which it simply outputs 0xff for every byte read. If we have a + stream of 0xff bytes, then it will be detected as a new format + packet with type 63 and a 4-byte encoded length that is 4G-1. + Since packets with type 63 are private and we use them as a + control packet, which won't be 4 GB, we reject such packets as + invalid. */ return gpg_error (GPG_ERR_INV_PACKET); if (pktlen > len) diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c index 1433591..05b6859 100644 --- a/kbx/keybox-search.c +++ b/kbx/keybox-search.c @@ -611,6 +611,9 @@ has_keygrip (KEYBOXBLOB blob, const unsigned char *grip) #ifdef KEYBOX_WITH_X509 if (blob_get_type (blob) == KEYBOX_BLOBTYPE_X509) return blob_x509_has_grip (blob, grip); +#else + (void)blob; + (void)grip; #endif return 0; } diff --git a/kbx/keybox.h b/kbx/keybox.h index 386fff1..8c31141 100644 --- a/kbx/keybox.h +++ b/kbx/keybox.h @@ -29,9 +29,6 @@ extern "C" { #include "../common/iobuf.h" #include "keybox-search-desc.h" -#define KEYBOX_WITH_X509 1 - - #ifdef KEYBOX_WITH_X509 # include <ksba.h> #endif |