Re: [Sks-devel] another bounds problem in SKS

[Yaron Minsky]

On Wed, 29 Sep 2004 22:58:00 -0400, David Shaw <address@hidden> wrote:
>
> Like I've been saying, it is very difficult to filter out bad packets
> since once you establish a packet is bad, the whole stream needs to be
> called into question.  In this particular case, the packets are being
> corrupted in a very particular way.  Sure, I could code something to
> detect this exact case, and may well do so in the future, but
> regardless, SKS should not accept things that are completely invalid
> according to the standard.

Well, that's not quite true.  It's actually quite easy to filter out
the bad packets.  The packet-level structure is quite intact --- just
the inside of the packets is broken.  I do think GPG is wrong to drop
the whole stream, it should (and could) just drop the packet in
question.  But we've already beaten this argument to death, especially
considering the fact that the existence of an installed base of GPG
and PGP products pretty much dictates the way SKS should behave.

Anyway, I realized the problem is that I have some code for reading
multiple MPIs from the end of a packet that simply stops when it hits
an EOF, even if that EOF comes in the middle of an MPI.  I need to fix
that code so it notices when an MPI ends mid-packet and throws an
exception.  Once that is done, my presentation filter should do the
right thing, and the bad packets will be dropped from the display.

y

> > Ok, so how big of an MPI is over the limit that GPG is willing to
> > accept?  Anyone?
> 
> Just like before, it's not an oversize MPI.  It's an insane MPI - an
> MPI that extends beyond the bounds of the enclosing packet.
> 
> Packets that need to have this sanity checking are the public key
> packets, public subkey packets, and signatures.  Basically, anything
> with MPIs in it.
> 
> David
> 
> 
> 
> 
> _______________________________________________
> Sks-devel mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/sks-devel
>