NetBSD Problem Report #57041

From www@netbsd.org  Sat Oct  1 22:16:28 2022
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 3A2EE1A923C
	for <gnats-bugs@gnats.NetBSD.org>; Sat,  1 Oct 2022 22:16:28 +0000 (UTC)
Message-Id: <20221001221556.EA4001A923E@mollari.NetBSD.org>
Date: Sat,  1 Oct 2022 22:15:56 +0000 (UTC)
From: roland.illig@gmx.de
Reply-To: roland.illig@gmx.de
To: gnats-bugs@NetBSD.org
Subject: netpgp does not handle allocation failure correctly
X-Send-Pr-Version: www-1.0

>Number:         57041
>Category:       bin
>Synopsis:       netpgp does not handle allocation failure correctly
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Oct 01 22:20:00 +0000 2022
>Originator:     Roland Illig
>Release:        9.99.100
>Organization:
>Environment:
NetBSD nbcurr.roland-illig.de 9.99.100 NetBSD 9.99.100 (GENERIC) #0: Fri Sep 30 14:32:45 UTC 2022  mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/amd64/compile/GENERIC amd64
>Description:
When pgp_memory_pad runs into an allocation failure, it prints a message on stderr but continues as if nothing bad had happened.

This can result in incomplete output, access to uninitialized memory, or anything worse.

$ MALLOC_CONF=junk:true netpgpkeys \
    --export-key \
    --keyring=/usr/pkg/etc/gnupg/pkgsrc.gpg \
    b5952cabdd765a20 \
| less

The above command outputs "<A5><A5><A5>..." because in pgp_export_key, the string is not properly terminated before calling netpgp_strdup. But even if that bug is fixed by calling pgp_memory_add(mem, "", 1), there is no guarantee that this '\0' is actually appended to the memory.

The error handling of netpgp probably needs to be rewritten completely.
>How-To-Repeat:

>Fix:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2022 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.