[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] another bounds problem in SKS
From: |
Yaron Minsky |
Subject: |
Re: [Sks-devel] another bounds problem in SKS |
Date: |
Wed, 29 Sep 2004 23:02:33 -0400 |
Hmm. I hadn't realized. Are you sure that that's the problem with
this key? Try grabbing the key from sks.dnsalias.net. I thought that
my modifications would drop all packets with mpis that extend beyond
the packet boundary. When I try to grab the key, GPG complains of an
overlarge mpi, not a premature packet end. Here's the error I get:
pendor: yminsky $ gpg --keyserver sks.dnsalias.net --search-keys 0xA0ED982D
gpg: searching for "0xA0ED982D" from HKP server sks.dnsalias.net
Keys 1-3 of 3 for "0xA0ED982D"
(1) Christian Brueffer <address@hidden>
1024 bit DSA key A0ED982D, created 2002-10-14
(2) Christian Brueffer <address@hidden>
1024 bit DSA key A0ED982D, created 2002-10-14
(3) Christian Brueffer <address@hidden>
1024 bit DSA key A0ED982D, created 2002-10-14
Enter number(s), N)ext, or Q)uit > 1 2 3
gpg: mpi too large (22867 bits)
gpg: read_block: read error: invalid packet
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: mpi too large (22867 bits)
gpg: read_block: read error: invalid packet
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: mpi too large (22867 bits)
gpg: read_block: read error: invalid packet
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
I'll check into this more tomorrow. For the moment, I need to head off to bed.
y
On Wed, 29 Sep 2004 22:58:00 -0400, David Shaw <address@hidden> wrote:
> On Wed, Sep 29, 2004 at 10:45:34PM -0400, Yaron Minsky wrote:
> > <RANT>Sigh. I just finished the first version of a patch (patch-16)
> > that fixes the "MPI is larger than packet length" problem, and various
> > others. But if I figure this one correctly, GPG is barfing on this
> > simply because one of the MPIs is too long, right? This is just
> > silly. Can't GPG filter out bad packets at all? The whole point of
> > having a forgiving keyserver is that the clients should sort it out
> > reasonably well in the end. How did anyone ever expect PKS to
> > work?</RANT>
>
> I'm the first person to complain about PKS, but this is one of the
> things that PKS got right. These packets are syntactically invalid
> according to RFC-2440. PKS quite appropriately drops them.
>
> Like I've been saying, it is very difficult to filter out bad packets
> since once you establish a packet is bad, the whole stream needs to be
> called into question. In this particular case, the packets are being
> corrupted in a very particular way. Sure, I could code something to
> detect this exact case, and may well do so in the future, but
> regardless, SKS should not accept things that are completely invalid
> according to the standard.
>
> > Ok, so how big of an MPI is over the limit that GPG is willing to
> > accept? Anyone?
>
> Just like before, it's not an oversize MPI. It's an insane MPI - an
> MPI that extends beyond the bounds of the enclosing packet.
>
> Packets that need to have this sanity checking are the public key
> packets, public subkey packets, and signatures. Basically, anything
> with MPIs in it.
>
> David
>
>
>
>
> _______________________________________________
> Sks-devel mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/sks-devel
>
- [Sks-devel] another bounds problem in SKS, Jason Harris, 2004/09/29
- Re: [Sks-devel] another bounds problem in SKS, Yaron Minsky, 2004/09/29
- Re: [Sks-devel] another bounds problem in SKS, David Shaw, 2004/09/29
- Re: [Sks-devel] another bounds problem in SKS, Matthew Wilcox, 2004/09/30
- Re: [Sks-devel] another bounds problem in SKS, David Shaw, 2004/09/30
- Re: [Sks-devel] another bounds problem in SKS, Matthew Wilcox, 2004/09/30
- Re: [Sks-devel] another bounds problem in SKS, Jason Harris, 2004/09/30
- Re: [Sks-devel] another bounds problem in SKS, David Shaw, 2004/09/30
- Re: [Sks-devel] another bounds problem in SKS, Yaron Minsky, 2004/09/30
- Re: [Sks-devel] another bounds problem in SKS, David Shaw, 2004/09/30
- Re: [Sks-devel] another bounds problem in SKS, Yaron Minsky, 2004/09/30