Re: [Sks-devel] another bounds problem in SKS

[Yaron Minsky]

Hmm.  I hadn't realized.  Are you sure that that's the problem with
this key?  Try grabbing the key from sks.dnsalias.net.  I thought that
my modifications would drop all packets with mpis that extend beyond
the packet boundary.  When I try to grab the key, GPG complains of an
overlarge mpi, not a premature packet end.  Here's the error I get:

pendor: yminsky $ gpg --keyserver sks.dnsalias.net --search-keys 0xA0ED982D
gpg: searching for "0xA0ED982D" from HKP server sks.dnsalias.net
Keys 1-3 of 3 for "0xA0ED982D"
(1)     Christian Brueffer <address@hidden>
          1024 bit DSA key A0ED982D, created 2002-10-14
(2)     Christian Brueffer <address@hidden>
          1024 bit DSA key A0ED982D, created 2002-10-14
(3)     Christian Brueffer <address@hidden>
          1024 bit DSA key A0ED982D, created 2002-10-14
Enter number(s), N)ext, or Q)uit > 1 2 3
gpg: mpi too large (22867 bits)
gpg: read_block: read error: invalid packet
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: mpi too large (22867 bits)
gpg: read_block: read error: invalid packet
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: mpi too large (22867 bits)
gpg: read_block: read error: invalid packet
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

I'll check into this more tomorrow.  For the moment, I need to head off to bed.

y


On Wed, 29 Sep 2004 22:58:00 -0400, David Shaw <address@hidden> wrote:
> On Wed, Sep 29, 2004 at 10:45:34PM -0400, Yaron Minsky wrote:
> > <RANT>Sigh.  I just finished the first version of a patch (patch-16)
> > that fixes the "MPI is larger than packet length" problem, and various
> > others.  But if I figure this one correctly, GPG is barfing on this
> > simply because one of the MPIs is too long, right?  This is just
> > silly.  Can't GPG filter out bad packets at all?  The whole point of
> > having a forgiving keyserver is that the clients should sort it out
> > reasonably well in the end.  How did anyone ever expect PKS to
> > work?</RANT>
> 
> I'm the first person to complain about PKS, but this is one of the
> things that PKS got right.  These packets are syntactically invalid
> according to RFC-2440.  PKS quite appropriately drops them.
> 
> Like I've been saying, it is very difficult to filter out bad packets
> since once you establish a packet is bad, the whole stream needs to be
> called into question.  In this particular case, the packets are being
> corrupted in a very particular way.  Sure, I could code something to
> detect this exact case, and may well do so in the future, but
> regardless, SKS should not accept things that are completely invalid
> according to the standard.
> 
> > Ok, so how big of an MPI is over the limit that GPG is willing to
> > accept?  Anyone?
> 
> Just like before, it's not an oversize MPI.  It's an insane MPI - an
> MPI that extends beyond the bounds of the enclosing packet.
> 
> Packets that need to have this sanity checking are the public key
> packets, public subkey packets, and signatures.  Basically, anything
> with MPIs in it.
> 
> David
> 
> 
> 
> 
> _______________________________________________
> Sks-devel mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/sks-devel
>