Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Alexander_Naumov:SLE-12:Update
gpg2.11996
gnupg-CVE-2019-13050_1_of_5.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File gnupg-CVE-2019-13050_1_of_5.patch of Package gpg2.11996
commit 2e349bb6173789e0e9e42c32873d89c7bc36cea4 Author: Werner Koch <wk@gnupg.org> Date: Mon Jul 1 15:14:59 2019 +0200 gpg: New import and keyserver option "self-sigs-only" * g10/options.h (IMPORT_SELF_SIGS_ONLY): New. * g10/import.c (parse_import_options): Add option "self-sigs-only". (read_block): Handle that option. -- This option is intended to help against importing keys with many bogus key-signatures. It has obvious drawbacks and is not a bullet-proof solution because a self-signature can also be faked and would be detected only later. GnuPG-bug-id: 4591 Signed-off-by: Werner Koch <wk@gnupg.org> Index: gnupg-2.0.24/doc/gpg.texi =================================================================== --- gnupg-2.0.24.orig/doc/gpg.texi +++ gnupg-2.0.24/doc/gpg.texi @@ -2068,6 +2068,14 @@ opposite meaning. The options are: on the keyring. This option is the same as running the @option{--edit-key} command "clean" after import. Defaults to no. + @item self-sigs-only + Accept only self-signatures while importing a key. All other + key-signatures are skipped at an early import stage. This option + can be used with @code{keyserver-options} to mitigate attempts to + flood a key with bogus signatures from a keyserver. The drawback is + that all other valid key-signatures, as required by the Web of Trust + are also not imported. + @item import-minimal Import the smallest key possible. This removes all signatures except the most recent self-signature on each user ID. This option is the Index: gnupg-2.0.24/g10/import.c =================================================================== --- gnupg-2.0.24.orig/g10/import.c +++ gnupg-2.0.24/g10/import.c @@ -96,6 +96,8 @@ parse_import_options(char *str,unsigned { {"import-local-sigs",IMPORT_LOCAL_SIGS,NULL, N_("import signatures that are marked as local-only")}, + {"self-sigs-only", IMPORT_SELF_SIGS_ONLY,NULL, + N_("ignore key-signatures which are not self-signatures")}, {"repair-pks-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL, N_("repair damage from the pks keyserver during import")}, {"fast-import",IMPORT_FAST,NULL, @@ -395,6 +397,8 @@ read_block( IOBUF a, unsigned int option PACKET *pkt; KBNODE root = NULL; int in_cert; + u32 keyid[2]; + unsigned int dropped_nonselfsigs = 0; if( *pending_pkt ) { root = new_kbnode( *pending_pkt ); @@ -450,6 +454,31 @@ read_block( IOBUF a, unsigned int option init_packet(pkt); break; + case PKT_SIGNATURE: + if (!in_cert) + goto x_default; + if (!(options & IMPORT_SELF_SIGS_ONLY)) + goto x_default; + if (pkt->pkt.signature->keyid[0] == keyid[0] + && pkt->pkt.signature->keyid[1] == keyid[1]) + { /* This is likely a self-signature. We import this one. + * Eventually we should use the ISSUER_FPR to compare + * self-signatures, but that will work only for v5 keys + * which are currently not even deployed. + * Note that we do not do any crypto verify here because + * that would defeat this very mitigation of DoS by + * importing a key with a huge amount of faked + * key-signatures. A verification will be done later in + * the processing anyway. Here we want a cheap an early + * way to drop non-self-signatures. */ + goto x_default; + } + /* Skip this signature. */ + dropped_nonselfsigs++; + free_packet (pkt); + init_packet(pkt); + break; + case PKT_PUBLIC_KEY: case PKT_SECRET_KEY: if( in_cert ) { /* store this packet */ @@ -458,7 +487,11 @@ read_block( IOBUF a, unsigned int option goto ready; } in_cert = 1; + keyid_from_pk (pkt->pkt.public_key, keyid); + goto x_default; + default: + x_default: if (in_cert && valid_keyblock_packet (pkt->pkttype)) { if( !root ) root = new_kbnode( pkt ); @@ -480,6 +513,10 @@ read_block( IOBUF a, unsigned int option *ret_root = root; free_packet( pkt ); xfree( pkt ); + if (!rc && dropped_nonselfsigs && opt.verbose) + log_info ("key %s: number of dropped non-self-signatures: %u\n", + keystr (keyid), dropped_nonselfsigs); + return rc; } Index: gnupg-2.0.24/g10/options.h =================================================================== --- gnupg-2.0.24.orig/g10/options.h +++ gnupg-2.0.24/g10/options.h @@ -324,6 +324,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_sta #define IMPORT_MINIMAL (1<<5) #define IMPORT_CLEAN (1<<6) #define IMPORT_NO_SECKEY (1<<7) +#define IMPORT_SELF_SIGS_ONLY (1<<14) #define EXPORT_LOCAL_SIGS (1<<0) #define EXPORT_ATTRIBUTES (1<<1)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor