bin/57041: netpgp does not handle allocation failure correctly

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: bin/57041: netpgp does not handle allocation failure correctly
From: roland.illig%gmx.de@localhost
Date: Sat, 1 Oct 2022 22:20:00 +0000 (UTC)

>Number:         57041
>Category:       bin
>Synopsis:       netpgp does not handle allocation failure correctly
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Oct 01 22:20:00 +0000 2022
>Originator:     Roland Illig
>Release:        9.99.100
>Organization:
>Environment:
NetBSD nbcurr.roland-illig.de 9.99.100 NetBSD 9.99.100 (GENERIC) #0: Fri Sep 30 14:32:45 UTC 2022  mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/amd64/compile/GENERIC amd64
>Description:
When pgp_memory_pad runs into an allocation failure, it prints a message on stderr but continues as if nothing bad had happened.

This can result in incomplete output, access to uninitialized memory, or anything worse.

$ MALLOC_CONF=junk:true netpgpkeys \
    --export-key \
    --keyring=/usr/pkg/etc/gnupg/pkgsrc.gpg \
    b5952cabdd765a20 \
| less

The above command outputs "<A5><A5><A5>..." because in pgp_export_key, the string is not properly terminated before calling netpgp_strdup. But even if that bug is fixed by calling pgp_memory_add(mem, "", 1), there is no guarantee that this '\0' is actually appended to the memory.

The error handling of netpgp probably needs to be rewritten completely.
>How-To-Repeat:

>Fix:

Prev by Date: NetBSD Nightly Trouble Ticket Report
Next by Date: PR/57035 CVS commit: src/sys/dev/pci
Previous by Thread: Re: kern/57035 (On UEFI-booted NetBSD/amd64, genfb(4) freezes when WSDISPLAYIO_MODE_EMUL is set)
Next by Thread: Re: install/57025 (landisk sysinst should not installboot against RAWPART)
Indexes:

Home | Main Index | Thread Index | Old Index