pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/netpgpverify/files Update netpgpverify and li...
details: https://anonhg.NetBSD.org/pkgsrc/rev/1b2b278b9755
branches: trunk
changeset: 349457:1b2b278b9755
user: agc <agc%pkgsrc.org@localhost>
date: Fri Jul 08 15:56:46 2016 +0000
description:
Update netpgpverify and libnetpgpverify to 20160705
External API changes
====================
+ add a pgpv_cursor_close() function to free resources associated with
a cursor
Better memory management
========================
+ restructure the way dynamic arrays are used, to avoid memory
corruption issues and memory leaks - keep all dynamic arrays in the global
data structure, and use indices in the other data structures to index them.
Means lack of data localisation, but avoids stale pointers, and leaks.
+ make signer field of signature a uint8_t array, rather than a pointer
+ use our own version of strdup(3) - don't depend on it being
available in standard library
+ keep track of whether litdata filenames and userid were allocated or not,
and free memory in pgpv_close() if it was allocated
+ free up allocated resources which were allocated in pgpv_close()
diffstat:
security/netpgpverify/files/libverify.c | 345 +++++++++++++++++++++----------
security/netpgpverify/files/verify.h | 5 +-
2 files changed, 236 insertions(+), 114 deletions(-)
diffs (truncated from 710 to 300 lines):
diff -r b20675a1c8d6 -r 1b2b278b9755 security/netpgpverify/files/libverify.c
--- a/security/netpgpverify/files/libverify.c Fri Jul 08 15:55:24 2016 +0000
+++ b/security/netpgpverify/files/libverify.c Fri Jul 08 15:56:46 2016 +0000
@@ -82,7 +82,7 @@
uint8_t keyid[PGPV_KEYID_LEN]; /* last 8 bytes of v4 keys */
int64_t birth; /* creation time */
int64_t expiry; /* expiry time */
- pgpv_bignum_t bn[PGPV_MAX_PUBKEY_BN]; /* bignums */
+ pgpv_bignum_t bn[PGPV_MAX_PUBKEY_BN]; /* bignums */
uint8_t keyalg; /* key algorithm */
uint8_t hashalg; /* hash algorithm */
uint8_t version; /* key version */
@@ -94,6 +94,7 @@
typedef struct pgpv_string_t {
size_t size;
uint8_t *data;
+ uint8_t allocated;
} pgpv_string_t;
typedef struct pgpv_ref_t {
@@ -125,7 +126,7 @@
#define PGPV_MAX_SIG_BN 2
typedef struct pgpv_signature_t {
- uint8_t *signer; /* key id of signer */
+ uint8_t signer[PGPV_KEYID_LEN]; /* key id of signer */
pgpv_ref_t hashstart;
uint8_t *hash2;
uint8_t *mpi;
@@ -165,7 +166,7 @@
pgpv_signature_t sig;
uint16_t subslen;
uint16_t unhashlen;
- PGPV_ARRAY(pgpv_sigsubpkt_t, subpkts);
+ PGPV_ARRAY(uint64_t, subpackets);
} pgpv_sigpkt_t;
/* a one-pass signature packet */
@@ -180,7 +181,7 @@
/* a literal data packet */
typedef struct pgpv_litdata_t {
- uint8_t *filename;
+ pgpv_string_t filename;
pgpv_string_t s;
uint32_t secs;
uint8_t namelen;
@@ -230,30 +231,30 @@
typedef struct pgpv_signed_userid_t {
pgpv_string_t userid;
- PGPV_ARRAY(pgpv_signature_t, sigs);
+ PGPV_ARRAY(uint64_t, signatures);
uint8_t primary_userid;
uint8_t revoked;
} pgpv_signed_userid_t;
typedef struct pgpv_signed_userattr_t {
pgpv_userattr_t userattr;
- PGPV_ARRAY(pgpv_signature_t, sigs);
+ PGPV_ARRAY(uint64_t, signatures);
uint8_t revoked;
} pgpv_signed_userattr_t;
typedef struct pgpv_signed_subkey_t {
pgpv_pubkey_t subkey;
pgpv_signature_t revoc_self_sig;
- PGPV_ARRAY(pgpv_signature_t, sigs);
+ PGPV_ARRAY(uint64_t, signatures);
} pgpv_signed_subkey_t;
typedef struct pgpv_primarykey_t {
pgpv_pubkey_t primary;
pgpv_signature_t revoc_self_sig;
- PGPV_ARRAY(pgpv_signature_t, direct_sigs);
- PGPV_ARRAY(pgpv_signed_userid_t, signed_userids);
- PGPV_ARRAY(pgpv_signed_userattr_t, signed_userattrs);
- PGPV_ARRAY(pgpv_signed_subkey_t, signed_subkeys);
+ PGPV_ARRAY(uint64_t, signatures);
+ PGPV_ARRAY(uint64_t, signed_userids);
+ PGPV_ARRAY(uint64_t, signed_userattrs);
+ PGPV_ARRAY(uint64_t, signed_subkeys);
size_t fmtsize;
uint8_t primary_userid;
} pgpv_primarykey_t;
@@ -261,9 +262,14 @@
/* everything stems from this structure */
typedef struct pgpv_t {
PGPV_ARRAY(pgpv_pkt_t, pkts); /* packet array */
- PGPV_ARRAY(pgpv_primarykey_t, primaries); /* array of primary keys */
+ PGPV_ARRAY(pgpv_primarykey_t, primaries); /* array of primary keys */
PGPV_ARRAY(pgpv_mem_t, areas); /* areas we read packets from */
PGPV_ARRAY(size_t, datastarts); /* starts of data packets */
+ PGPV_ARRAY(pgpv_signature_t, signatures); /* all signatures */
+ PGPV_ARRAY(pgpv_signed_userid_t, signed_userids); /* all signed userids */
+ PGPV_ARRAY(pgpv_signed_userattr_t, signed_userattrs); /* all signed user attrs */
+ PGPV_ARRAY(pgpv_signed_subkey_t, signed_subkeys); /* all signed subkeys */
+ PGPV_ARRAY(pgpv_sigsubpkt_t, subpkts); /* all sub packets */
size_t pkt; /* when parsing, current pkt number */
const char *op; /* the operation we're doing */
unsigned ssh; /* using ssh keys */
@@ -283,6 +289,7 @@
int64_t sigtime; /* time of signature */
char why[PGPV_REASON_LEN]; /* reason for bad signature */
} pgpv_cursor_t;
+
#ifndef USE_ARG
#define USE_ARG(x) /*LINTED*/(void)&(x)
#endif
@@ -1064,7 +1071,7 @@
/* add the signature sub packet to the signature packet */
static int
-add_subpacket(pgpv_sigpkt_t *sigpkt, uint8_t tag, uint8_t *p, uint16_t len)
+add_subpacket(pgpv_t *pgp, pgpv_sigpkt_t *sigpkt, uint8_t tag, uint8_t *p, uint16_t len)
{
pgpv_sigsubpkt_t subpkt;
@@ -1073,13 +1080,14 @@
subpkt.critical = 0;
subpkt.tag = tag;
subpkt.s.data = p;
- ARRAY_APPEND(sigpkt->subpkts, subpkt);
+ ARRAY_APPEND(sigpkt->subpackets, ARRAY_COUNT(pgp->subpkts));
+ ARRAY_APPEND(pgp->subpkts, subpkt);
return 1;
}
/* read the subpackets in the signature */
static int
-read_sig_subpackets(pgpv_sigpkt_t *sigpkt, uint8_t *p, size_t pktlen)
+read_sig_subpackets(pgpv_t *pgp, pgpv_sigpkt_t *sigpkt, uint8_t *p, size_t pktlen)
{
pgpv_sigsubpkt_t subpkt;
const int is_subpkt = 0;
@@ -1111,10 +1119,10 @@
sigpkt->sig.keyexpiry = (int64_t)get_32(p);
break;
case SUBPKT_ISSUER:
- sigpkt->sig.signer = p;
+ memcpy(sigpkt->sig.signer, p, sizeof(sigpkt->sig.signer));
break;
case SUBPKT_SIGNER_ID:
- sigpkt->sig.signer = p;
+ memcpy(sigpkt->sig.signer, p, sizeof(sigpkt->sig.signer));
break;
case SUBPKT_TRUST_SIG:
sigpkt->sig.trustsig = *p;
@@ -1170,7 +1178,8 @@
}
subpkt.s.data = p;
p += subpkt.s.size - 1;
- ARRAY_APPEND(sigpkt->subpkts, subpkt);
+ ARRAY_APPEND(sigpkt->subpackets, ARRAY_COUNT(pgp->subpkts));
+ ARRAY_APPEND(pgp->subpkts, subpkt);
}
return 1;
}
@@ -1194,11 +1203,11 @@
sigpkt->sig.hashlen = lenlen;
/* put birthtime into a subpacket */
sigpkt->sig.type = *p++;
- add_subpacket(sigpkt, SUBPKT_SIG_BIRTH, p, sizeof(uint32_t));
+ add_subpacket(pgp, sigpkt, SUBPKT_SIG_BIRTH, p, sizeof(uint32_t));
sigpkt->sig.birth = (int64_t)get_32(p);
p += sizeof(uint32_t);
- sigpkt->sig.signer = p;
- add_subpacket(sigpkt, SUBPKT_SIGNER_ID, p, PGPV_KEYID_LEN);
+ memcpy(sigpkt->sig.signer, p, sizeof(sigpkt->sig.signer));
+ add_subpacket(pgp, sigpkt, SUBPKT_SIGNER_ID, p, PGPV_KEYID_LEN);
p += PGPV_KEYID_LEN;
sigpkt->sig.keyalg = *p++;
sigpkt->sig.hashalg = *p++;
@@ -1214,12 +1223,14 @@
sigpkt->sig.hashalg = *p++;
sigpkt->subslen = get_16(p);
p += sizeof(sigpkt->subslen);
- if (!read_sig_subpackets(sigpkt, p, pktlen)) {
+ if (!read_sig_subpackets(pgp, sigpkt, p, pktlen)) {
printf("read_sigpkt: can't read sig subpackets, v4\n");
return 0;
}
- if (!sigpkt->sig.signer) {
- sigpkt->sig.signer = get_ref(&sigpkt->sig.hashstart) + 16;
+ if (sigpkt->sig.signer[0] == 0x0) {
+ memcpy(sigpkt->sig.signer,
+ get_ref(&sigpkt->sig.hashstart) + 16,
+ sizeof(sigpkt->sig.signer));
}
p += sigpkt->subslen;
sigpkt->sig.hashlen = (unsigned)(p - base);
@@ -1443,8 +1454,9 @@
printf("weird litdata format %u\n", litdata->format);
break;
}
- litdata->namelen = p[cc++];
- litdata->filename = &p[cc];
+ litdata->filename.size = litdata->namelen = p[cc++];
+ litdata->filename.data = &p[cc];
+ litdata->filename.allocated = 0;
cc += litdata->namelen;
litdata->secs = get_32(&p[cc]);
cc += 4;
@@ -1516,6 +1528,7 @@
case USERID_PKT:
pkt.u.userid.size = pkt.s.size;
pkt.u.userid.data = pkt.s.data;
+ pkt.u.userid.allocated = 0;
break;
case COMPRESSED_DATA_PKT:
read_compressed(pgp, &pkt.u.compressed, pkt.s.data, pkt.s.size);
@@ -1599,13 +1612,15 @@
pkt = &ARRAY_ELEMENT(pgp->pkts, pgp->pkt);
userid->userid.size = pkt->s.size;
userid->userid.data = pkt->s.data;
+ userid->userid.allocated = 0;
pgp->pkt += 1;
while (pkt_is(pgp, SIGNATURE_PKT)) {
if (!recog_signature(pgp, &signature)) {
printf("recog_userid: can't recognise signature/trust\n");
return 0;
}
- ARRAY_APPEND(userid->sigs, signature);
+ ARRAY_APPEND(userid->signatures, ARRAY_COUNT(pgp->signatures));
+ ARRAY_APPEND(pgp->signatures, signature);
if (signature.primary_userid) {
userid->primary_userid = signature.primary_userid;
}
@@ -1634,7 +1649,8 @@
printf("recog_userattr: can't recognise signature/trust\n");
return 0;
}
- ARRAY_APPEND(userattr->sigs, signature);
+ ARRAY_APPEND(userattr->signatures, ARRAY_COUNT(pgp->signatures));
+ ARRAY_APPEND(pgp->signatures, signature);
if (signature.revoked) {
userattr->revoked = signature.revoked;
}
@@ -1668,7 +1684,8 @@
printf("recog_subkey: bad signature/trust at %zu\n", pgp->pkt);
return 0;
}
- ARRAY_APPEND(subkey->sigs, signature);
+ ARRAY_APPEND(subkey->signatures, ARRAY_COUNT(pgp->signatures));
+ ARRAY_APPEND(pgp->signatures, signature);
if (signature.keyexpiry) {
/* XXX - check it's a good key expiry */
subkey->subkey.expiry = signature.keyexpiry;
@@ -1757,12 +1774,14 @@
/* format a userid - used to order the userids when formatting */
static int
-fmt_userid(obuf_t *obuf, pgpv_primarykey_t *primary, uint8_t u)
+fmt_userid(obuf_t *obuf, pgpv_t *pgp, pgpv_primarykey_t *primary, uint8_t u)
{
pgpv_signed_userid_t *userid;
const char *s;
+ uint64_t id;
- userid = &ARRAY_ELEMENT(primary->signed_userids, u);
+ id = ARRAY_ELEMENT(primary->signed_userids, u);
+ userid = &ARRAY_ELEMENT(pgp->signed_userids, id);
s = (userid->revoked == COMPROMISED) ? " [COMPROMISED AND REVOKED]\n" :
(userid->revoked) ? " [REVOKED]\n" : "\n";
return obuf_add_mem(obuf, "uid ", 14) &&
@@ -1772,13 +1791,10 @@
/* format a trust sig - used to order the userids when formatting */
static int
-fmt_trust(obuf_t *obuf, pgpv_signed_userid_t *userid, uint32_t u)
+fmt_trust(obuf_t *obuf, pgpv_signature_t *sig)
{
- pgpv_signature_t *sig;
-
- sig = &ARRAY_ELEMENT(userid->sigs, u);
if (!obuf_add_mem(obuf, "trust ", 15) ||
- !fmt_binary(obuf, sig->signer, 8)) {
+ !fmt_binary(obuf, sig->signer, PGPV_KEYID_LEN)) {
return 0;
}
return obuf_add_mem(obuf, "\n", 1);
@@ -1786,29 +1802,38 @@
/* print a primary key, per RFC 4880 */
static int
-fmt_primary(obuf_t *obuf, pgpv_primarykey_t *primary, unsigned subkey, const char *modifiers)
+fmt_primary(obuf_t *obuf, pgpv_t *pgp, pgpv_primarykey_t *primary, unsigned subkey, const char *modifiers)
{
pgpv_signed_userid_t *userid;
+ pgpv_signed_subkey_t *signed_subkey;
pgpv_pubkey_t *pubkey;
unsigned i;
unsigned j;
+ uint64_t id;
- pubkey = (subkey == 0) ? &primary->primary : &ARRAY_ELEMENT(primary->signed_subkeys, subkey - 1).subkey;
+ if (subkey == 0) {
+ pubkey = &primary->primary;
+ } else {
+ id = ARRAY_ELEMENT(primary->signed_subkeys, subkey);
Home |
Main Index |
Thread Index |
Old Index