[STABLE-BRANCH-1-4 PATCH] g10: secmem leak

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

[STABLE-BRANCH-1-4 PATCH] g10: secmem leak

Ineiev
Hello,

I attach a patch for GnuPG-bug 1371. in short, secure memory
is leaked because proc_parameter_file() adds new entries
to the head of the list of parameters, and these entries
aren't accessible to the caller that releases the list.

When multiple keys are generated in a batch, the secure
memory is fragmented very soon, so more keys can't be generated.

The patch adds the new parameters next to the head
of the list instead, so they can be released in the caller.

BTW, the 2-0 branch is also affected and can be fixed
in a similar way; the 2-1 branch is not affected, because
the new parameters are appended to the tail of the list
with append_to_parameter().

Thank you!

_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

0001-g10-Fix-secmem-leak.patch (2K) Download Attachment
signature.asc (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [STABLE-BRANCH-1-4 PATCH] g10: secmem leak

Werner Koch
On Thu, 14 Apr 2016 18:18, [hidden email] said:

> I attach a patch for GnuPG-bug 1371. in short, secure memory
> is leaked because proc_parameter_file() adds new entries
> to the head of the list of parameters, and these entries
> aren't accessible to the caller that releases the list.

Thanks for the patch - I will look at it later.


Salam-Shalom,

   Werner


--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Reply | Threaded
Open this post in threaded view
|

Re: [STABLE-BRANCH-1-4 PATCH] g10: secmem leak

Ineiev
On Thu, Apr 14, 2016 at 07:43:22PM +0200, Werner Koch wrote:
> On Thu, 14 Apr 2016 18:18, [hidden email] said:
>
> > I attach a patch for GnuPG-bug 1371. in short, secure memory
> > is leaked because proc_parameter_file() adds new entries
> > to the head of the list of parameters, and these entries
> > aren't accessible to the caller that releases the list.
>
> Thanks for the patch - I will look at it later.

It still applies.

_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [STABLE-BRANCH-1-4 PATCH] g10: secmem leak

Daniel Kahn Gillmor-7
On Fri 2017-02-17 02:52:47 -0500, Ineiev wrote:

> On Thu, Apr 14, 2016 at 07:43:22PM +0200, Werner Koch wrote:
>> On Thu, 14 Apr 2016 18:18, [hidden email] said:
>>
>> > I attach a patch for GnuPG-bug 1371. in short, secure memory
>> > is leaked because proc_parameter_file() adds new entries
>> > to the head of the list of parameters, and these entries
>> > aren't accessible to the caller that releases the list.
>>
>> Thanks for the patch - I will look at it later.
>
> It still applies.
I've just pushed it to a git branch dkg/T1371, and linked to it from the
phabricator issue:

 https://dev.gnupg.org/T1371

     --dkg

_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

signature.asc (847 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [STABLE-BRANCH-1-4 PATCH] g10: secmem leak

Ineiev
On Tue, Apr 25, 2017 at 09:17:38PM -0400, Daniel Kahn Gillmor wrote:
>
> I've just pushed it to a git branch dkg/T1371, and linked to it from the
> phabricator issue:
>
>  https://dev.gnupg.org/T1371

Thank you!  I thought the 1-4 branch is not supported any more.

_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [STABLE-BRANCH-1-4 PATCH] g10: secmem leak

Daniel Kahn Gillmor-7
On Wed 2017-04-26 10:58:34 -0400, Ineiev wrote:
> On Tue, Apr 25, 2017 at 09:17:38PM -0400, Daniel Kahn Gillmor wrote:
>>
>> I've just pushed it to a git branch dkg/T1371, and linked to it from the
>> phabricator issue:
>>
>>  https://dev.gnupg.org/T1371
>
> Thank you!  I thought the 1-4 branch is not supported any more.

support on 1.4 is low priority for the upstream team, but i don't think
it's entirely EOL yet.  2.0 has an EOL at the end of this year, though.

    --dkg

_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Reply | Threaded
Open this post in threaded view
|

Re: [STABLE-BRANCH-1-4 PATCH] g10: secmem leak

NIIBE Yutaka
In reply to this post by Ineiev
Hello,

Ineiev <[hidden email]> wrote:
> Thank you!  I thought the 1-4 branch is not supported any more.

It is supported.  I'm going to apply your patch to the 1-4 branch.

May I ask you to send your DCO?  It is explained in the "License policy"
section in gnupg/doc/HACKING.  Please check it.
--

_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Reply | Threaded
Open this post in threaded view
|

DCO [was: Re: [STABLE-BRANCH-1-4 PATCH] g10: secmem leak]

Ineiev
GnuPG Developer's Certificate of Origin.  Version 1.0
=====================================================

By making a contribution to the GnuPG project, I certify that:

(a) The contribution was created in whole or in part by me and I
    have the right to submit it under the free software license
    indicated in the file; or

(b) The contribution is based upon previous work that, to the
    best of my knowledge, is covered under an appropriate free
    software license and I have the right under that license to
    submit that work with modifications, whether created in whole
    or in part by me, under the same free software license
    (unless I am permitted to submit under a different license),
    as indicated in the file; or

(c) The contribution was provided directly to me by some other
    person who certified (a), (b) or (c) and I have not modified
    it.

(d) I understand and agree that this project and the contribution
    are public and that a record of the contribution (including
    all personal information I submit with it, including my
    sign-off) is maintained indefinitely and may be redistributed
    consistent with this project or the free software license(s)
    involved.

Signed-off-by: Ineiev <[hidden email]>

_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: DCO [was: Re: [STABLE-BRANCH-1-4 PATCH] g10: secmem leak]

NIIBE Yutaka
Ineiev <[hidden email]> wrote:
> GnuPG Developer's Certificate of Origin.  Version 1.0

Thanks.  I put an entry to gnugp/AUTHORS and applied your change
to STABLE-BRANCH-1-4.
--

_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Reply | Threaded
Open this post in threaded view
|

Re: DCO [was: Re: [STABLE-BRANCH-1-4 PATCH] g10: secmem leak]

Ineiev
On Wed, May 10, 2017 at 02:25:35PM +0900, NIIBE Yutaka wrote:
> Ineiev <[hidden email]> wrote:
> > GnuPG Developer's Certificate of Origin.  Version 1.0
>
> Thanks.  I put an entry to gnugp/AUTHORS and applied your change
> to STABLE-BRANCH-1-4.

Thank you!

_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

signature.asc (499 bytes) Download Attachment