Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2024-10-01 02:35:48 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

added check over recursive compression depth. Fixes CVE-2013-4402

Browse Source 
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@6880 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
csoler 2013-10-29 20:56:40 +00:00
parent 5304865fc4
commit 261d9102d4
2 changed files with 20 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
openpgpsdk/src/openpgpsdk/packet-parse.c
View File

@ -53,6 +53,7 @@
#include <openpgpsdk/final.h>
static int debug=0;
static const size_t MAX_RECURSIVE_COMPRESSION_DEPTH = 32 ;
/**
* limited_read_data reads the specified amount of the subregion's data
@ -1955,9 +1956,17 @@ static int parse_compressed(ops_region_t *region,ops_parse_info_t *pinfo)
unsigned char c[1]="";
ops_parser_content_t content;
if(pinfo->recursive_compression_depth > MAX_RECURSIVE_COMPRESSION_DEPTH)
{
fprintf(stderr,"Recursive compression down to depth 32. This is weird. Probably a packet crafted to crash PGP. Will be dropped!\n") ;
return 0 ;
}
if(!limited_read(c,1,region,pinfo))
return 0;
pinfo->recursive_compression_depth++ ;
C.compressed.type=c[0];
CBP(pinfo,OPS_PTAG_CT_COMPRESSED,&content);
@ -1965,7 +1974,11 @@ static int parse_compressed(ops_region_t *region,ops_parse_info_t *pinfo)
/* The content of a compressed data packet is more OpenPGP packets
once decompressed, so recursively handle them */
return ops_decompress(region,pinfo,C.compressed.type);
int res = ops_decompress(region,pinfo,C.compressed.type);
pinfo->recursive_compression_depth-- ;
return res ;
}
/**
@ -3122,11 +3135,11 @@ int ops_parse(ops_parse_info_t *pinfo)
*/
int ops_parse_and_print_errors(ops_parse_info_t *pinfo)
{
ops_parse(pinfo);
ops_print_errors(pinfo->errors);
return pinfo->errors ? 0 : 1;
}
{
ops_parse(pinfo);
ops_print_errors(pinfo->errors);
return pinfo->errors ? 0 : 1;
}
/**
* \ingroup Core_ReadPackets

1
openpgpsdk/src/openpgpsdk/parse_local.h
View File

@ -111,6 +111,7 @@ struct ops_parse_info
ops_crypt_t decrypt;
ops_crypt_info_t cryptinfo;
size_t nhashes;
size_t recursive_compression_depth ;
ops_parse_hash_info_t *hashes;
ops_boolean_t reading_v3_secret:1;
ops_boolean_t reading_mpi_length:1;