diff options
author | Werner Koch <wk@gnupg.org> | 2016-04-01 13:42:01 +0200 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2016-04-01 13:49:01 +0200 |
commit | 862cf19a119427dd7ee7959a36c72d905f5ea5ca (patch) | |
tree | 1b1dfe4e823e4faf11639e5aa06d90d0c0e1a02a /doc | |
parent | fcce0cb6e8af70b134c6ecc3f56afa07a7d31f27 (diff) | |
download | libgcrypt-862cf19a119427dd7ee7959a36c72d905f5ea5ca.tar.gz |
mpi: Explicitly limit the allowed input length for gcry_mpi_scan.
* mpi/mpicoder.c (MAX_EXTERN_SCAN_BYTES): New.
(mpi_fromstr): Check against this limit.
(_gcry_mpi_scan): Ditto.
* tests/mpitests.c (test_maxsize): New.
(main): Cal that test.
--
A too large buffer length may lead to an unsigned integer overflow on
systems where size_t > unsigned int (ie. 64 bit systems). The
computation of the required number of nlimbs may also be affected by
this. However this is not a real world case because any processing
which has allocated such a long buffer from an external source would
be prone to other DoS attacks: The required buffer length to exhibit
this overflow is at least 2^32 - 8 bytes.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/gcrypt.texi | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 437dddb7..c710765b 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -4526,7 +4526,8 @@ representation of an MPI and the internal one of Libgcrypt. Convert the external representation of an integer stored in @var{buffer} with a length of @var{buflen} into a newly created MPI returned which will be stored at the address of @var{r_mpi}. For certain formats the -length argument is not required and should be passed as @code{0}. After a +length argument is not required and should be passed as @code{0}. A +@var{buflen} larger than 16 MiByte will be rejected. After a successful operation the variable @var{nscanned} receives the number of bytes actually scanned unless @var{nscanned} was given as @code{NULL}. @var{format} describes the format of the MPI as stored in @@ -4540,6 +4541,7 @@ bytes actually scanned unless @var{nscanned} was given as @item GCRYMPI_FMT_PGP As used by OpenPGP (only defined as unsigned). This is basically @code{GCRYMPI_FMT_STD} with a 2 byte big endian length header. +A length header indicating a length of more than 16384 is not allowed. @item GCRYMPI_FMT_SSH As used in the Secure Shell protocol. This is @code{GCRYMPI_FMT_STD} |