From patchwork Sat Oct 30 17:04:56 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ren=C3=A9_Scharfe?= X-Patchwork-Id: 12594455 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 77323C433FE for ; Sat, 30 Oct 2021 17:05:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 50E1760F21 for ; Sat, 30 Oct 2021 17:05:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230123AbhJ3RHe (ORCPT ); Sat, 30 Oct 2021 13:07:34 -0400 Received: from mout.web.de ([217.72.192.78]:54073 "EHLO mout.web.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229694AbhJ3RHe (ORCPT ); Sat, 30 Oct 2021 13:07:34 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=dbaedf251592; t=1635613497; bh=hRSL3WoA7H+nfAwkGo4/SeHJpXqeZYBMNx3tert1vA4=; h=X-UI-Sender-Class:To:Cc:From:Subject:Date; b=AZC3g7P72KmyqzLn7ZR2mtq0RF1V36wMTHJtO9PETfwvhum2iI/xFxAdZkYVvSnZO Vfj0468jZDa5CNjI9x/y9XjkTEFAmmT1wRxhcr42noiznuQtZFoieI+hzgnomLu13Z j5fSLGVtCZ8O9Uu34BNVeQx1VQiQPMysxwguEcR8= X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9 Received: from Mini-von-Rene.fritz.box ([79.203.20.171]) by smtp.web.de (mrweb105 [213.165.67.124]) with ESMTPSA (Nemesis) id 1MVJRl-1mFXd00nuJ-00SBdL; Sat, 30 Oct 2021 19:04:57 +0200 To: Git List Cc: Fabian Stelzer , Junio C Hamano From: =?utf-8?q?Ren=C3=A9_Scharfe?= Subject: [PATCH 1/2] gpg-interface: handle missing " with " gracefully in parse_ssh_output() Message-ID: Date: Sat, 30 Oct 2021 19:04:56 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.14.0 MIME-Version: 1.0 Content-Language: en-US X-Provags-ID: V03:K1:02va4aza+D3dBwfcPVpdUwQdDvXK9courBnpPEd4HpFblEP3p7z U+dgunzfm7fiFXuztt7Cto8W+g+7mcN4wFxrCZD8SfcOkxMQRgR3WLNr2+GximCSpcTYKPJ sPbkgEkkNm6nDXVdZOc9DrMDbx6nYr6kk4HZ1DgVyClD+20loq6lXe2So1uQdgf6+DnvqgE uay4a757DT346AZZOYrpQ== X-UI-Out-Filterresults: notjunk:1;V03:K0:uBDsiJqqVD0=:urzHvhPyoIOSuwYg8sQtLe lHnFj2e1NwXDGPRTv00jk+sj5Cz1htl8cXqw9O/bpaPZM9kmc6Xi2irKsNBm2aemtIRR2HXCb fdXn1vPM1gIKZbo3UzHj/2q81yLPj+InsUIt6yV8tASyDpiIo+MQ0Yq6WG4KsTreWWnOdjFPa szxgBGojy/FDSyiDT2Z3xyWyN0ebzvV0ql6Z464uXReBuh9pY8h5RO9/c5Rr4NqVO9eKM7KS6 gS+whf9GxYnlaFGlx2WY8+D7XXv1tlIdBwajGHc1U6YvpV0Vl+O7gpmBgaBPr6XAw5SHGZG3V p3h6iCZ18/pMozuR8BCUpcGMmGJn3AYAzSDQAkpzJd3I31qQ/FUVNSzfzGQwSrADu5slPLLkP 5cn9DtaI+3vyD6njKThidHiiSGePlEjkQdszixP3ABEdCXeiHFjWsWdYovajuQLntjVWOJB0g lZoQe2YmrvMyh01CZJRe5gpsF1ZgYL280rSyHUJpmDcmq1uoMSX4mWKKi2kZ/hiByBW0EvITQ jpWn1hHk5Azyt4QWQU3BaUkepkHQ1IdRGBWUbtqr5HA21Tq89OjDCBhnWizJhHz0kuzHkovwR ngY9snhk45lpMhsh7mfQIvvTydIMr2lhrRGlCFHMLQMYwB4kXmQ/lLoIBKCUFoMVncwIa1ELF QmH5Tld1PgRQbqfq2pPvR4MBFH0fZZaELxvFFVNEdNN5nEiGBDyWoUMz8XjiKk9MKg8AIYnti 8LcBA+iVCi7fX4pFy7VMKLWiZnfxD9RE+beEcb1PnKo9DpY0f0ic+D7j3AzmTouMB1FAzrvq6 flA+akVUvXttI5Ez106fTB1gjHHxWocpJ6ELy2QTAIMvZ2cnrLcmnUElBTG3OQCRsdMxH9SN0 XE0Mmif/5tfboSQmfcs1XIrXoWy/RIv4WuX8YBbOF+AsqEtQ92Fk1/EG3elfhZ4uh9ZY+rENY uLYoyuwvRyHHGla8VoBS3WmGqHGXgxlHroZ142+0pGKTLMcKec4l+t/31N218ucC7ANxMnH5d gI1DcFFHPVEYIxbBxVnjyvlBIrwTydncOpoOOQcyqW9SmjQwHVyxuWV1gnWm4GcT4w== Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org If the output of ssh-keygen starts with "Good \"git\" signature for ", but is not followed by " with " for some reason, then parse_ssh_output() uses -1 as the len parameter of xmemdupz(), which in turn will end the program. Reject the signature and carry on instead in that case. Signed-off-by: René Scharfe --- This code was added after v2.33.0. Patch formatted with --inter-hunk-context=2 for easier review. Silly bonus question: What's the purpose of the "+ 1" and "- 1", which seem to cancel each other out? gpg-interface.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) -- 2.33.1 diff --git a/gpg-interface.c b/gpg-interface.c index 800d8caa67..62d340e78a 100644 --- a/gpg-interface.c +++ b/gpg-interface.c @@ -387,17 +387,19 @@ static void parse_ssh_output(struct signature_check *sigc) line = to_free = xmemdupz(sigc->output, strcspn(sigc->output, "\n")); if (skip_prefix(line, "Good \"git\" signature for ", &line)) { - /* Valid signature and known principal */ - sigc->result = 'G'; - sigc->trust_level = TRUST_FULLY; - /* Search for the last "with" to get the full principal */ principal = line; do { search = strstr(line, " with "); if (search) line = search + 1; } while (search != NULL); + if (line == principal) + goto cleanup; + + /* Valid signature and known principal */ + sigc->result = 'G'; + sigc->trust_level = TRUST_FULLY; sigc->signer = xmemdupz(principal, line - principal - 1); } else if (skip_prefix(line, "Good \"git\" signature with ", &line)) { /* Valid signature, but key unknown */ From patchwork Sat Oct 30 17:07:38 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ren=C3=A9_Scharfe?= X-Patchwork-Id: 12594457 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1D99EC433F5 for ; Sat, 30 Oct 2021 17:07:49 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E242360FE7 for ; Sat, 30 Oct 2021 17:07:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229863AbhJ3RKS (ORCPT ); Sat, 30 Oct 2021 13:10:18 -0400 Received: from mout.web.de ([212.227.17.12]:46215 "EHLO mout.web.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229474AbhJ3RKR (ORCPT ); Sat, 30 Oct 2021 13:10:17 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=dbaedf251592; t=1635613660; bh=Np2Wrcg5Z+XzxDqWLSBj+AYsG5N1kNcgQkU8HZmbBZM=; h=X-UI-Sender-Class:Subject:From:To:Cc:References:Date:In-Reply-To; b=JXmlwF5AjQ9eZyQQIjOBddtPlqJe0lkQ1OgwrWkmJy5N1rIymPSTrkSwLAcs2Qux9 ladkEJfcGO99OmG0NxEXRL46rSINseRokoG/yGWAJWVzPB3vJDLqnefacvAw+LV1i1 vR2ozTxoFe7Vy01hxK+tLmhIpZvf6417JGyLXa7A= X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9 Received: from Mini-von-Rene.fritz.box ([79.203.20.171]) by smtp.web.de (mrweb102 [213.165.67.124]) with ESMTPSA (Nemesis) id 0LiCsx-1n3DtA3sax-00nO3h; Sat, 30 Oct 2021 19:07:39 +0200 Subject: [PATCH 2/2] gpg-interface: avoid buffer overrun in parse_ssh_output() From: =?utf-8?q?Ren=C3=A9_Scharfe?= To: Git List Cc: Fabian Stelzer , Junio C Hamano References: Message-ID: Date: Sat, 30 Oct 2021 19:07:38 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.14.0 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-Provags-ID: V03:K1:xfeEqzIov5pk//2+uhAxvAz+CbrnbbAFuLEjYbWwURqVCdA1hq9 ld+R0SB601C7XZ9/NaPVWexCnpT+ofJ//4Xqq04rwG2kE/QYqCLy40DUqcxsopBa88Xvn2o ql2GMxpysCfoaG/pLZh1G8MH+puZYxxU7vcj0bC5AqFmskznkg6UJG7bZWSgmZp7Hf/u8L3 5R68xrng6mVZSNQFOv6Og== X-UI-Out-Filterresults: notjunk:1;V03:K0:52t7ViZjIcI=:58nSOkshwfqHXvcQk/ma7F RvfmSzvJKvN1sntSUmg7JT9ECiee3WRgE7oVUxmMXw9jLtx3awky4owU2HD+y4F3FHrDNRJbm dIp36XExBkEqPy5ta20x0jzcVpVfvs2GS7dCCKG1AgBMNLTUyTE9fM/y2EZUwrHayPATR6Gd3 fpoANdQLc6qsvRv5hmD/lJnMYLwMuPgwC2voG7hRhxvyVUAHD94EIaSX4j0HGDcxt6DuqdDTh lRC3lY2iyrlTPXd367/E4Ioc8YTc+ywf5mXJmGivUFIIjFFMce7uQQ/D6unuzCV2G6swzQiGg 1nnZ73XRjL0uONuQz6RNKVZhad0zAcB0tQRjZ18g/he1dTmLH2RGxTxgK3WlZ301mDN/zyqq2 IpBKCZLlrs1InPsySPdUDhMCoisbrZXHNsIY1bpDL6bN4t2KAYWi0V7hmh17q/9wP1dEepsxE SvBBkspn+v66StBlG9nPfNvD0Ox2LuCmaqbSJpjv6jtoWB2uLWqW1YjdmWS15e+YM1PAY2eiv feCGYjVYg0T464YBxb3MVh8taVv3Fbzo+qHr6YvfjXbnfk7hSo+f5jAk6ItwTyA9Ecskf8Yt3 r96KZLNYwXIv+Nebq9b6MuIB9xT+RWNmiUaMGnNR4ydDALDY0A84rGGL/FcYoTqzj9+Sw2T9O dXZf+RDuGKbBgqgN2KcPQ5NgBRZRfA4o0L0XHPr1azZEbONj0nJtkRillbPQVaYnq6UH2gjcU IXQv93yeUY4KvBQkBzYKM74uMSRVh/ugH6mOKin3wNoVE9tE0wV129jL/0HHYzpuXohFXhbll cjOibxu+bf0c9SVfd/wngEYGHrppKNSsU9kQu1ZBCCdd3W3hb9zq9bsJ5K8mxGJ40R4bLlF12 K+Mu/VOasGNkQaJDPp/WJoGybig0o4ez2MMqExkWH8GeD23s1fHvvM5HvHehvvRegsPHb14JC ND0Q+PgbQWqGZVVyxrXztFKAxeKZTM3MvlwiMoabZh/KgQSUjc9KxKmht8gZor7t08pVFUg9E u7i6+Tql+Em3xqRM7z03qP4Cv8YPt/KssNwHdN0wMCi8DDBFE358aJRez7jOLw2yrg== Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org If the string "key" we found in the output of ssh-keygen happens to be located at the very end of the line, then going four characters further leaves us beyond the end of the string. Explicitly search for the space after "key" to handle a missing one gracefully. Signed-off-by: René Scharfe --- This code was added after v2.33.0. gpg-interface.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 2.33.1 diff --git a/gpg-interface.c b/gpg-interface.c index 62d340e78a..3838536f0a 100644 --- a/gpg-interface.c +++ b/gpg-interface.c @@ -409,9 +409,9 @@ static void parse_ssh_output(struct signature_check *sigc) goto cleanup; } - key = strstr(line, "key"); + key = strstr(line, "key "); if (key) { - sigc->fingerprint = xstrdup(strstr(line, "key") + 4); + sigc->fingerprint = xstrdup(strstr(line, "key ") + 4); sigc->key = xstrdup(sigc->fingerprint); } else { /*