gpg: Prevent an invalid memory read using a garbled keyring.
authorWerner Koch <wk@gnupg.org>
Thu, 12 Feb 2015 17:58:36 +0000 (18:58 +0100)
committerWerner Koch <wk@gnupg.org>
Thu, 12 Feb 2015 17:58:36 +0000 (18:58 +0100)
commit824d88ac51b4d680f06e68f0879a7c1ec03cb2ba
tree22bd36f80953581787ce0da561efafe7d0bba213
parent8da836e76f1349f4587d1bb74864b11dde7b8a39
gpg: Prevent an invalid memory read using a garbled keyring.

* g10/keyring.c (keyring_get_keyblock): Whitelist allowed packet
types.
--

The keyring DB code did not reject packets which don't belong into a
keyring.  If for example the keyblock contains a literal data packet
it is expected that the processing code stops at the data packet and
reads from the input stream which is referenced from the data packets.
Obviously the keyring processing code does not and cannot do that.
However, when exporting this messes up the IOBUF and leads to an
invalid read of sizeof (int).

We now skip all packets which are not allowed in a keyring.

Reported-by: Hanno Böck <hanno@hboeck.de>
(back ported from commit f0f71a721ccd7ab9e40b8b6b028b59632c0cc648)
g10/keyring.c