zero-length MPIs (was: Re: mpi error with check-trustdb in 1.4.2 - resolved)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

zero-length MPIs (was: Re: mpi error with check-trustdb in 1.4.2 - resolved)

Jason Harris
On Thu, Aug 11, 2005 at 12:02:17PM -0400, Jason Harris wrote:
> On Wed, Aug 10, 2005 at 10:30:09PM -0500, John Clizbe wrote:
 
> > Tracked down the two offending keys and deleted them with 1.4.1. They both
> > failed to import from a keyserver with 1.4.2 with the same mpi error, so I'm
> > marking it off to key cruft.

Here are some more offending keys:

  0xA0B3E88B
  0xFC05DA69
  0x0FCF6738
  0xCC78C893
  0x98FDE37C
  0x74C9DE33
  0x57023F00 - corrupt subkey

Fetching them from keyserver.kjsl.com is now possible with gnupg-1.4.2.
To patch pks, add this to the middle of decode_mpi() (in pgputil.c):

  /* skip packets with 0-length MPIs for GPG's benefit (gnupg-1.4.2) */
  if (mpi->nbits == 0) {
    return (0);
  }

--
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
[hidden email] _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

attachment0 (322 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: zero-length MPIs (was: Re: mpi error with check-trustdb in 1.4.2 - resolved)

Peter Palfrader-2
On Thu, 11 Aug 2005, Jason Harris wrote:

> On Thu, Aug 11, 2005 at 12:02:17PM -0400, Jason Harris wrote:
> > On Wed, Aug 10, 2005 at 10:30:09PM -0500, John Clizbe wrote:
>  
> > > Tracked down the two offending keys and deleted them with 1.4.1. They both
> > > failed to import from a keyserver with 1.4.2 with the same mpi error, so I'm
> > > marking it off to key cruft.
>
> Here are some more offending keys:
>
>   0xA0B3E88B
>   0xFC05DA69
>   0x0FCF6738
>   0xCC78C893
>   0x98FDE37C
>   0x74C9DE33
>   0x57023F00 - corrupt subkey
>
> Fetching them from keyserver.kjsl.com is now possible with gnupg-1.4.2.
> To patch pks, add this to the middle of decode_mpi() (in pgputil.c):
>
>   /* skip packets with 0-length MPIs for GPG's benefit (gnupg-1.4.2) */
>   if (mpi->nbits == 0) {
>     return (0);
>   }

can we do that in SKS too?  please!

--
 PGP signed and encrypted  |  .''`.  ** Debian GNU/Linux **
    messages preferred.    | : :' :      The  universal
                           | `. `'      Operating System
 http://www.palfrader.org/ |   `-    http://www.debian.org/


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Re: zero-length MPIs (was: Re: mpi error with check-trustdb in 1.4.2 - resolved)

Jason Harris
On Thu, Aug 11, 2005 at 09:54:59PM +0200, Peter Palfrader wrote:
> On Thu, 11 Aug 2005, Jason Harris wrote:

> > Fetching them from keyserver.kjsl.com is now possible with gnupg-1.4.2.
> > To patch pks, add this to the middle of decode_mpi() (in pgputil.c):
> >
> >   /* skip packets with 0-length MPIs for GPG's benefit (gnupg-1.4.2) */
> >   if (mpi->nbits == 0) {
> >     return (0);
> >   }
>
> can we do that in SKS too?  please!

Try the patch below.  0x1A9537E7 is another offending key, and all eight
work now:

  %gpg --recv 0xA0B3E88B 0xFC05DA69 0x0FCF6738 0xCC78C893 0x98FDE37C 0x74C9DE33 0x57023F00 0x1A9537E7
  ...
  gpg: Total number processed: 8
  gpg:              unchanged: 8

===================================================================
RCS file: parsePGP.ml,v
retrieving revision 1.1
diff -u -r1.1 parsePGP.ml
--- parsePGP.ml 2005/08/12 00:03:16 1.1
+++ parsePGP.ml 2005/08/12 00:03:54
@@ -23,6 +23,7 @@
 open Printf
 
 exception Overlong_mpi
+exception Zerolen_mpi
 exception Partial_body_length of int
 
 (********************************************************)
@@ -109,6 +110,7 @@
   try
     let byte2 = cin#read_byte in
     let length = (byte1 lsl 8) + byte2 in
+    if length <= 0 then raise Zerolen_mpi;
     let data = cin#read_string
  ((length + 7)/8)
     in

--
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
[hidden email] _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

attachment0 (322 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Re: zero-length MPIs (was: Re: mpi error with check-trustdb in 1.4.2 - resolved)

Peter Palfrader-2
On Thu, 11 Aug 2005, Jason Harris wrote:

> On Thu, Aug 11, 2005 at 09:54:59PM +0200, Peter Palfrader wrote:
> > On Thu, 11 Aug 2005, Jason Harris wrote:
> > > Fetching them from keyserver.kjsl.com is now possible with gnupg-1.4.2.
> > > To patch pks, add this to the middle of decode_mpi() (in pgputil.c):
> > >
> > >   /* skip packets with 0-length MPIs for GPG's benefit (gnupg-1.4.2) */
> > >   if (mpi->nbits == 0) {
> > >     return (0);
> > >   }
> >
> > can we do that in SKS too?  please!
>
> Try the patch below.

Ok, that seems to work great.

Yaron, will you accept this patch?   I wonder what the effects on
syncing is.

Can we also have one that filters most 'buffer shorter than subpacket'
problems?  Such keys have become a real problem since also popular keys
are affected,  For instance CA57AD7C (PGP Global Directory Verification
Key).

> ===================================================================
> RCS file: parsePGP.ml,v
> retrieving revision 1.1
> diff -u -r1.1 parsePGP.ml
> --- parsePGP.ml 2005/08/12 00:03:16 1.1
> +++ parsePGP.ml 2005/08/12 00:03:54
> @@ -23,6 +23,7 @@
>  open Printf
>  
>  exception Overlong_mpi
> +exception Zerolen_mpi
>  exception Partial_body_length of int
>  
>  (********************************************************)
> @@ -109,6 +110,7 @@
>    try
>      let byte2 = cin#read_byte in
>      let length = (byte1 lsl 8) + byte2 in
> +    if length <= 0 then raise Zerolen_mpi;
>      let data = cin#read_string
>   ((length + 7)/8)
>      in
>


--
 PGP signed and encrypted  |  .''`.  ** Debian GNU/Linux **
    messages preferred.    | : :' :      The  universal
                           | `. `'      Operating System
 http://www.palfrader.org/ |   `-    http://www.debian.org/


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Re: zero-length MPIs (was: Re: mpi error with check-trustdb in 1.4.2 - resolved)

Jason Harris
On Thu, Aug 18, 2005 at 03:18:29AM +0200, Peter Palfrader wrote:
> On Thu, 11 Aug 2005, Jason Harris wrote:

> > Try the patch below.
>
> Ok, that seems to work great.
>
> Yaron, will you accept this patch?   I wonder what the effects on
> syncing is.

It was introduced into patch-43 (without being logged or attributed):

  %tla delta --diffs [hidden email]--2004/sks--mainline--1.0--patch-42 [hidden email]--2004/sks--mainline--1.0--patch-43

I saw no side effects when syncing.  keyserver.linux.it and pks.aaiedu.hr
appear to be running with patch-43 too.

--
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
[hidden email] _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

attachment0 (322 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Re: zero-length MPIs (was: Re: mpi error with check-trustdb in 1.4.2 - resolved)

Klaus Singvogel
In reply to this post by Jason Harris
Hi.

Jason Harris wrote:

> On Thu, Aug 11, 2005 at 09:54:59PM +0200, Peter Palfrader wrote:
> > On Thu, 11 Aug 2005, Jason Harris wrote:
>
> > > Fetching them from keyserver.kjsl.com is now possible with gnupg-1.4.2.
> > > To patch pks, add this to the middle of decode_mpi() (in pgputil.c):
> > >
> > >   /* skip packets with 0-length MPIs for GPG's benefit (gnupg-1.4.2) */
> > >   if (mpi->nbits == 0) {
> > >     return (0);
> > >   }
> >
> > can we do that in SKS too?  please!
>
> Try the patch below.  0x1A9537E7 is another offending key, and all eight
> work now:
>
[...]

I don't see those files in my copy of gnupg-1.4.2. where your patch
applies. Therefore I looked myself closer at the code, as this problem
araises unter "gpg --trustdb" at some of our users.

I noticed that these messages are coming from
mpi/mpicoder.c:mpi_read() and had a closer look at it. :-)

The second if check, for "goto overflow;" seems a bit doubtful (maybe
a copy&paste without to much thinking whats coming next ? :-) As
there are no mandatory reads from the iobuf coming, only optional
reads, I changed the code to "if (++nread > nmax)" and the problem
was gone (see attached patch).

Please confirm me, that my thinking is correct here.

Thanks in advance.

Regards,
        Klaus.
--
Klaus Singvogel
SUSE LINUX Products GmbH
Maxfeldstr. 5                     E-Mail: [hidden email]
90409 Nuernberg                   Phone: +49 (0) 911 740530
Germany                           GnuPG-Key-ID: 1024R/5068792D  1994-06-27

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

gnupg-1.4.2-size_check.patch (374 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Re: zero-length MPIs (was: Re: mpi error with check-trustdb in 1.4.2 - resolved)

Peter Palfrader-2
In reply to this post by Jason Harris
On Thu, 11 Aug 2005, Jason Harris wrote:

> On Thu, Aug 11, 2005 at 09:54:59PM +0200, Peter Palfrader wrote:
> > On Thu, 11 Aug 2005, Jason Harris wrote:
>
> > > Fetching them from keyserver.kjsl.com is now possible with gnupg-1.4.2.
> > > To patch pks, add this to the middle of decode_mpi() (in pgputil.c):
> > >
> > >   /* skip packets with 0-length MPIs for GPG's benefit (gnupg-1.4.2) */
> > >   if (mpi->nbits == 0) {
> > >     return (0);
> > >   }
> >
> > can we do that in SKS too?  please!
>
> Try the patch below.  0x1A9537E7 is another offending key, and all eight
> work now:

Do we also have a patch that cleans up keys like CD15A883 and CA57AD7C?

--
 PGP signed and encrypted  |  .''`.  ** Debian GNU/Linux **
    messages preferred.    | : :' :      The  universal
                           | `. `'      Operating System
 http://www.palfrader.org/ |   `-    http://www.debian.org/


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Re: zero-length MPIs

Adam Schreiber
In reply to this post by Klaus Singvogel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Klaus Singvogel wrote:
> Please confirm me, that my thinking is correct here.

I'm not sure if Klaus' thinking is correct, but his patch clears up the
MPI errors I was receiving.

Adam Schreiber

- --
Why isn't all of your email protected?
http://gnupg.org
http://enigmail.mozdev.org
http://seahorse.sourceforge.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDFgCEjU1oaHEI4wgRAnQdAKDJfzhnHslrWKd7CCz0j2NiA1TM8QCglrwF
S4UcEMVOzn+TRmQvHkh25Ks=
=f736
-----END PGP SIGNATURE-----


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Re: zero-length MPIs (was: Re: mpi error with check-trustdb in 1.4.2 - resolved)

David Shaw
In reply to this post by Klaus Singvogel
On Wed, Aug 24, 2005 at 03:07:17PM +0200, Klaus Singvogel wrote:

> I noticed that these messages are coming from
> mpi/mpicoder.c:mpi_read() and had a closer look at it. :-)
>
> The second if check, for "goto overflow;" seems a bit doubtful (maybe
> a copy&paste without to much thinking whats coming next ? :-) As
> there are no mandatory reads from the iobuf coming, only optional
> reads, I changed the code to "if (++nread > nmax)" and the problem
> was gone (see attached patch).

I think this is very close, but not perfect.  You must also protect
against accidentally reading too many bytes, as then you can't parse
the rest of the stream.

Try this patch.

David

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

mpi.patch (972 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Re: zero-length MPIs

Adam Schreiber
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Shaw wrote:
> Try this patch.

I get an MPI error with this patch I didn't get with Klaus'.

*snip*
gpg: mpi larger than indicated length (2 bytes)
gpg: keyring_get_keyblock: read error: invalid packet
gpg: keydb_get_keyblock failed: invalid keyring
*snip*

Adam Schreiber

- --
Why isn't all of your email protected?
http://gnupg.org
http://enigmail.mozdev.org
http://seahorse.sourceforge.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD4DBQFDFnvqjU1oaHEI4wgRAv/MAKCltzlrWdWElPm4Gis173DWKeHKvACYyJdW
xXcd3RTxVp7/8OF7TeezrA==
=bdKw
-----END PGP SIGNATURE-----


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Re: zero-length MPIs

Adam Schreiber
In reply to this post by David Shaw
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Please ignore my previous email.  The patch works for me.


Adam Schreiber

- --
Why isn't all of your email protected?
http://gnupg.org
http://enigmail.mozdev.org
http://seahorse.sourceforge.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDFnx3jU1oaHEI4wgRAihPAJkB2BpJW+fej/HfvStxYCQTdCvETQCg4jA4
DA7CvncNxh2hDubCGbIoO2A=
=Can1
-----END PGP SIGNATURE-----


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Re: zero-length MPIs

Klaus Singvogel
-----BEGIN PGP SIGNED MESSAGE-----

I can confirm too that the patch of David Shaw is working fine.

Thanks.

Regards,
        Klaus.

Adam Schreiber wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Please ignore my previous email.  The patch works for me.
>
>
> Adam Schreiber
>
> - --
> Why isn't all of your email protected?
> http://gnupg.org
> http://enigmail.mozdev.org
> http://seahorse.sourceforge.net
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFDFnx3jU1oaHEI4wgRAihPAJkB2BpJW+fej/HfvStxYCQTdCvETQCg4jA4
> DA7CvncNxh2hDubCGbIoO2A=
> =Can1
> -----END PGP SIGNATURE-----

- --
Klaus Singvogel
SUSE LINUX Products GmbH
Maxfeldstr. 5                     E-Mail: [hidden email]
90409 Nuernberg                   Phone: +49 (0) 911 740530
Germany                           GnuPG-Key-ID: 1024R/5068792D  1994-06-27
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iQCVAwUBQxbl7rbjw8ZQaHktAQF9PgP/Z0Xs81u0SjC98iCK9mmQEKI/c/5Q54CO
/fj/LkkunLQ7r+5ywwxJ/5htLEHKz4iY5QCvYCGc72H8S0IqX1KN3ThTTTsWiDy6
FWVb/svpOfQks9Zu6MJegxiphX+oHwieza6SVB3Y5/r2pC/gzQF3syiC/YOoI6r1
DbMPEtF0FSE=
=ran3
-----END PGP SIGNATURE-----


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Re: zero-length MPIs (was: Re: mpi error with check-trustdb in 1.4.2 - resolved)

David Shaw
In reply to this post by Peter Palfrader-2
On Wed, Aug 31, 2005 at 04:07:38AM +0200, Peter Palfrader wrote:

> On Thu, 11 Aug 2005, Jason Harris wrote:
>
> > On Thu, Aug 11, 2005 at 09:54:59PM +0200, Peter Palfrader wrote:
> > > On Thu, 11 Aug 2005, Jason Harris wrote:
> >
> > > > Fetching them from keyserver.kjsl.com is now possible with gnupg-1.4.2.
> > > > To patch pks, add this to the middle of decode_mpi() (in pgputil.c):
> > > >
> > > >   /* skip packets with 0-length MPIs for GPG's benefit (gnupg-1.4.2) */
> > > >   if (mpi->nbits == 0) {
> > > >     return (0);
> > > >   }
> > >
> > > can we do that in SKS too?  please!
> >
> > Try the patch below.  0x1A9537E7 is another offending key, and all eight
> > work now:
>
> Do we also have a patch that cleans up keys like CD15A883 and CA57AD7C?

You could probably do this in SKS (or pksd) but it would be fairly
expensive to check all the subpackets of all signatures.

GnuPG 1.4.3 will handle these keys without warning (as well as the
zero-length MPI problem).

David


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel