Package: gnupg2 / 2.2.12-1+deb10u1

from-2.2.14/agent-Fix-for-suggested-Libgcrypt-use.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
From: Werner Koch <wk@gnupg.org>
Date: Fri, 22 Feb 2019 14:09:02 +0100
Subject: agent: Fix for suggested Libgcrypt use.

* agent/divert-scd.c (divert_pkdecrypt): Skip a flags parameter.
--

The libgcrypt docs say that a "flags" parameter should always be used
in the input of pkdecrypt.  Thus we should allow that parameter also
when parsing an s-expression to figure out the algorithm for use with
scdaemon.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit a12c3a566e2e4b10bc02976a2819070877ee895c)
(cherry picked from commit 0a95b153811f36739d1b20f23920bad0bb07c68b)
---
 agent/divert-scd.c | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/agent/divert-scd.c b/agent/divert-scd.c
index 88b35cd..aff5055 100644
--- a/agent/divert-scd.c
+++ b/agent/divert-scd.c
@@ -476,6 +476,7 @@ divert_pkdecrypt (ctrl_t ctrl, const char *desc_text,
   char *kid;
   const unsigned char *s;
   size_t n;
+  int depth;
   const unsigned char *ciphertext;
   size_t ciphertextlen;
   char *plaintext;
@@ -484,7 +485,6 @@ divert_pkdecrypt (ctrl_t ctrl, const char *desc_text,
   (void)desc_text;
 
   *r_padding = -1;
-
   s = cipher;
   if (*s != '(')
     return gpg_error (GPG_ERR_INV_SEXP);
@@ -500,6 +500,21 @@ divert_pkdecrypt (ctrl_t ctrl, const char *desc_text,
   n = snext (&s);
   if (!n)
     return gpg_error (GPG_ERR_INV_SEXP);
+
+  /* First check whether we have a flags parameter and skip it.  */
+  if (smatch (&s, n, "flags"))
+    {
+      depth = 1;
+      if (sskip (&s, &depth) || depth)
+        return gpg_error (GPG_ERR_INV_SEXP);
+      if (*s != '(')
+        return gpg_error (GPG_ERR_INV_SEXP);
+      s++;
+      n = snext (&s);
+      if (!n)
+        return gpg_error (GPG_ERR_INV_SEXP);
+    }
+
   if (smatch (&s, n, "rsa"))
     {
       if (*s != '(')