Hello list,
I recently noticed a denial of service against the German eID
certification public key from Governikus (https://pgp.governikus.de) on
the keyserver hkps://keyserver.ubuntu.com: Trying to import it from the
keyserver with GnuPG 2.3.4 fails due to a too large signature packet,
which can be reproduced with:
gpg -vv --recv-keys 0x5E5CCCB4A4BF43D7
At the end of the output of this command you can see a signature packet
with a misused policy url field carrying a so called improvement
suggestion in German. This packet is followed by another one which
includes hashed data exceeding the arbitrary size limit of 10000 bytes
from g10/parse-packet.c line 2140, leading to the import error of:
gpg: signature packet: hashed data too long
gpg: read_block: read error: Invalid packet
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
A better behavior, instead of failing the public key import, would be to
just ignore too large signature packets. This can be achieved with the
attached trivial patch of g10/import.c. It allows the import to succeed
with the "signature packet: hashed data too long" warning.
I hope it does not introduce new problems in the code, like missing self
signatures when they are too large (will the import fail or lead to an
invalid imported public key?).
Maybe someone with more insight into the matter can also think of other
possible DoS scenarios, like other maliciously large packet types or
similar, which should additionally be handled at this point of the
code.
Please consider applying the patch upstream or making equivalent changes
to the code, to get GnuPG more DoS resistant in the future.
Thank you,
Robert
I recently noticed a denial of service against the German eID
certification public key from Governikus (https://pgp.governikus.de) on
the keyserver hkps://keyserver.ubuntu.com: Trying to import it from the
keyserver with GnuPG 2.3.4 fails due to a too large signature packet,
which can be reproduced with:
gpg -vv --recv-keys 0x5E5CCCB4A4BF43D7
At the end of the output of this command you can see a signature packet
with a misused policy url field carrying a so called improvement
suggestion in German. This packet is followed by another one which
includes hashed data exceeding the arbitrary size limit of 10000 bytes
from g10/parse-packet.c line 2140, leading to the import error of:
gpg: signature packet: hashed data too long
gpg: read_block: read error: Invalid packet
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
A better behavior, instead of failing the public key import, would be to
just ignore too large signature packets. This can be achieved with the
attached trivial patch of g10/import.c. It allows the import to succeed
with the "signature packet: hashed data too long" warning.
I hope it does not introduce new problems in the code, like missing self
signatures when they are too large (will the import fail or lead to an
invalid imported public key?).
Maybe someone with more insight into the matter can also think of other
possible DoS scenarios, like other maliciously large packet types or
similar, which should additionally be handled at this point of the
code.
Please consider applying the patch upstream or making equivalent changes
to the code, to get GnuPG more DoS resistant in the future.
Thank you,
Robert
Attached Files:
-
gnupg-2.3.4-ignore-too-large-sigs.patch (0.74 KB)
-
signature.asc (0.31 KB)