Re: CVS commit: [agc-netpgp-standalone] src/crypto/external/bsd/netpgp/dist/src

[Alistair Crooks <agc%pkgsrc.org@localhost>]

On Fri, Oct 26, 2012 at 07:45:14AM +0100, David Laight wrote:
> On Fri, Oct 26, 2012 at 08:47:39AM +0200, Alistair Crooks wrote:
> > > 
> > > What happens if $HOME is undefined ?
> > 
> > If $HOME is undefined, then the default public keyring will not be
> > found.  If the default public keyring is not found, then the
> > verification will fail.
> 
> I thought the code would probably call
>       snprintf(buf, sizeof buf, "%s/%s", NULL, "string");
> 
> Which is allowed to core dump (and will on Solaris).

True, maybe a check should be added for those operating systems which
aren't as lenient as NetBSD.  And that will be done when I start
looking at porting it to other operating systems (the compression and
digest headers will be problematic when this happens, too), since openssl
is no longer in the mix.
 
> > > What happens if $HOME is very long ?
> > 
> > If $HOME is very long, then the snprintf will truncate the MAXPATHLEN
> > buffer further down the call tree.  If the buffer is truncated, the
> > correct default public keyring will not be found.  If the default
> > public keyring is not found, the verification will fail.
> 
> Silent truncation seems a bad thing to do in security code.

Silent truncation of a filename that is > MAXPATHLEN is bad? I wonder
what else will fail when that happens.

And this is security code? Cool. No-one told me.

It has absolutely no crypto in there.  It has some digests, some large
MPIs and BIGNUMs it calculates and matches, and some public keys
(which are all available on the key servers).

Which security code are you talking about?

Regards,
Alistair