[gnupg2/f18] fix CVE-2012-6085 - skip invalid key packets (#891142)
Tomáš Mráz
tmraz at fedoraproject.org
Wed Jan 2 21:15:06 UTC 2013
commit 2af6509cf284b9f46c0bb204551478215ae1c398
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Wed Jan 2 22:14:59 2013 +0100
fix CVE-2012-6085 - skip invalid key packets (#891142)
gnupg-2.0.19-cve-2012-6085.patch | 61 ++++++++++++++++++++++++++++++++++++++
gnupg2.spec | 7 ++++-
2 files changed, 67 insertions(+), 1 deletions(-)
---
diff --git a/gnupg-2.0.19-cve-2012-6085.patch b/gnupg-2.0.19-cve-2012-6085.patch
new file mode 100644
index 0000000..938543f
--- /dev/null
+++ b/gnupg-2.0.19-cve-2012-6085.patch
@@ -0,0 +1,61 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Thu, 20 Dec 2012 08:43:41 +0000 (+0100)
+Subject: gpg: Import only packets which are allowed in a keyblock.
+X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=498882296ffac7987c644aaf2a0aa108a2925471
+
+gpg: Import only packets which are allowed in a keyblock.
+
+* g10/import.c (valid_keyblock_packet): New.
+(read_block): Store only valid packets.
+--
+
+A corrupted key, which for example included a mangled public key
+encrypted packet, used to corrupt the keyring. This change skips all
+packets which are not allowed in a keyblock.
+
+GnuPG-bug-id: 1455
+
+(cherry-picked from commit 3a4b96e665fa639772854058737ee3d54ba0694e)
+---
+
+diff --git a/g10/import.c b/g10/import.c
+index ba2439d..ad112d6 100644
+--- a/g10/import.c
++++ b/g10/import.c
+@@ -347,6 +347,27 @@ import_print_stats (void *hd)
+ }
+
+
++/* Return true if PKTTYPE is valid in a keyblock. */
++static int
++valid_keyblock_packet (int pkttype)
++{
++ switch (pkttype)
++ {
++ case PKT_PUBLIC_KEY:
++ case PKT_PUBLIC_SUBKEY:
++ case PKT_SECRET_KEY:
++ case PKT_SECRET_SUBKEY:
++ case PKT_SIGNATURE:
++ case PKT_USER_ID:
++ case PKT_ATTRIBUTE:
++ case PKT_RING_TRUST:
++ return 1;
++ default:
++ return 0;
++ }
++}
++
++
+ /****************
+ * Read the next keyblock from stream A.
+ * PENDING_PKT should be initialzed to NULL
+@@ -424,7 +445,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root )
+ }
+ in_cert = 1;
+ default:
+- if( in_cert ) {
++ if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
+ if( !root )
+ root = new_kbnode( pkt );
+ else
diff --git a/gnupg2.spec b/gnupg2.spec
index f68ef4c..953e9d4 100644
--- a/gnupg2.spec
+++ b/gnupg2.spec
@@ -1,7 +1,7 @@
Summary: Utility for secure communication and data storage
Name: gnupg2
Version: 2.0.19
-Release: 6%{?dist}
+Release: 7%{?dist}
License: GPLv3+
Group: Applications/System
@@ -15,6 +15,7 @@ Patch3: gnupg-2.0.18-secmem.patch
Patch4: gnupg-2.0.18-protect-tool-env.patch
Patch5: gnupg-2.0.16-ocsp-keyusage.patch
Patch6: gnupg-2.0.19-fips-algo.patch
+Patch7: gnupg-2.0.19-cve-2012-6085.patch
URL: http://www.gnupg.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -81,6 +82,7 @@ to the base GnuPG package
%patch4 -p1 -b .ptool-env
%patch5 -p1 -b .keyusage
%patch6 -p1 -b .fips
+%patch7 -p1 -b .valid-packet
# pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper)
# Note: this is just the name of the default shared lib to load in scdaemon,
@@ -198,6 +200,9 @@ rm -rf %{buildroot}
%changelog
+* Wed Jan 2 2013 Tomas Mraz <tmraz at redhat.com> - 2.0.19-7
+- fix CVE-2012-6085 - skip invalid key packets (#891142)
+
* Thu Nov 22 2012 Tomas Mraz <tmraz at redhat.com> - 2.0.19-6
- use AES as default crypto algorithm in FIPS mode (#879047)
More information about the scm-commits
mailing list