On Tue, 19 Apr 2005 10:55:07 +0200, folkert said: > Hi, > I have a keyring with quiet a few keys (thousands) and now something > is wrong with it: > gpg --list-keys gives > gpg: Ohhhh jeeee: mpi crosses packet border
It is unfurtune that gpg bails out immediately in this caase. In fact it is not a bug (this is what the "Ohhh jeeee" shall indicate) but currupt input data. I have not created a test case yet but changed the code to fail mopre gracefully. This won't help too much I fear but it is a first step to a recovery mode. Please apply the attached patch against 1.4.1 or CVS. Salam-Shalom, Werner
2005-04-21 Werner Koch <[EMAIL PROTECTED]> * mpicoder.c (mpi_read): Changed error detection to always return an error while maintaining the actual number of bytes read. --- mpi/mpicoder.c 20 Dec 2004 10:05:20 -0000 1.33 +++ mpi/mpicoder.c 21 Apr 2005 13:21:15 -0000 @@ -1,5 +1,5 @@ /* mpicoder.c - Coder for the external representation of MPIs - * Copyright (C) 1998, 1999 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2005 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -74,20 +74,23 @@ mpi_read(IOBUF inp, unsigned *ret_nread, #endif { int c, i, j; + unsigned int nmax = *ret_nread; unsigned nbits, nbytes, nlimbs, nread=0; mpi_limb_t a; MPI val = MPI_NULL; if( (c = iobuf_get(inp)) == -1 ) goto leave; - nread++; + if (++nread >= nmax) + goto overflow; nbits = c << 8; if( (c = iobuf_get(inp)) == -1 ) goto leave; - nread++; + if (++nread >= nmax) + goto overflow; nbits |= c; if( nbits > MAX_EXTERN_MPI_BITS ) { - log_error("mpi too large (%u bits)\n", nbits); + log_error("mpi too large for this implementation (%u bits)\n", nbits); goto leave; } @@ -108,6 +111,15 @@ mpi_read(IOBUF inp, unsigned *ret_nread, for( ; j > 0; j-- ) { a = 0; for(; i < BYTES_PER_MPI_LIMB; i++ ) { + if (nread >= nmax) { +#ifdef M_DEBUG + mpi_debug_free (val); +#else + mpi_free (val); +#endif + val = NULL; + goto overflow; + } a <<= 8; a |= iobuf_get(inp) & 0xff; nread++; } @@ -116,10 +128,11 @@ mpi_read(IOBUF inp, unsigned *ret_nread, } leave: - if( nread > *ret_nread ) - log_bug("mpi crosses packet border\n"); - else - *ret_nread = nread; + *ret_nread = nread; + return val; + overflow: + log_error ("mpi larger than indicated length (%u bytes)\n", nmax); + *ret_nread = nread; return val; }
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users