summaryrefslogtreecommitdiffstats
path: root/meta/files/common-licenses/Entessa
blob: d4dadd226a3846431f5b46372c7e29e34e41afc4 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

Entessa Public License Version. 1.0
Copyright (c) 2003 Entessa, LLC. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
The end-user documentation included with the redistribution, if any, must include the following acknowledgment: 
"This product includes open source software developed by openSEAL (http://www.openseal.org/)."

Alternately, this acknowledgment may appear in the software itself, if and wherever such third-party acknowledgments normally appear.

The names "openSEAL" and "Entessa" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact epl@entessa.com.
Products derived from this software may not be called "openSEAL", nor may "openSEAL" appear in their name, without prior written permission of Entessa.
THIS SOFTWARE IS PROVIDED ``AS IS`` AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ENTESSA, LLC, OPENSEAL OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
============================================================

This software consists of voluntary contributions made by many individuals on behalf of openSEAL and was originally based on software contributed by Entessa, LLC, http://www.entessa.com. For more information on the openSEAL, please see <http://www.openseal.org/>.
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-09-25 02:00:20 +0000
ion value='dengke/enable-help-man-pages-for-perf'>dengke/enable-help-man-pages-for-perf OpenEmbedded Core user contribution treesGrokmirror user
aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
blob: 362717636ba23d0b276291e1012517abbea95be0 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

commit f0b33b6fb8e0586e9584a7a409dcc31263776a67
Author: Werner Koch <wk@gnupg.org>
Date:   Thu Dec 20 09:43:41 2012 +0100

    gpg: Import only packets which are allowed in a keyblock.
    
    * g10/import.c (valid_keyblock_packet): New.
    (read_block): Store only valid packets.
    --
    
    A corrupted key, which for example included a mangled public key
    encrypted packet, used to corrupt the keyring.  This change skips all
    packets which are not allowed in a keyblock.
    
    GnuPG-bug-id: 1455
    
    (cherry-picked from commit f795a0d59e197455f8723c300eebf59e09853efa)

Upstream-Status: Backport
CVE: CVE-2012-6085

Signed-off-by: Saul Wold <sgw@linux.intel.com>

diff --git a/g10/import.c b/g10/import.c
index bfe02eb..a57b32e 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -384,6 +384,27 @@ import_print_stats (void *hd)
 }
 
 
+/* Return true if PKTTYPE is valid in a keyblock.  */
+static int
+valid_keyblock_packet (int pkttype)
+{
+  switch (pkttype)
+    {
+    case PKT_PUBLIC_KEY:
+    case PKT_PUBLIC_SUBKEY:
+    case PKT_SECRET_KEY:
+    case PKT_SECRET_SUBKEY:
+    case PKT_SIGNATURE:
+    case PKT_USER_ID:
+    case PKT_ATTRIBUTE:
+    case PKT_RING_TRUST:
+      return 1;
+    default:
+      return 0;
+    }
+}
+
+
 /****************
  * Read the next keyblock from stream A.
  * PENDING_PKT should be initialzed to NULL
@@ -461,7 +482,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root )
 	    }
 	    in_cert = 1;
 	  default:
-	    if( in_cert ) {
+	    if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
 		if( !root )
 		    root = new_kbnode( pkt );
 		else
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-09-25 02:00:20 +0000