Re: [Sks-devel] another bounds problem in SKS

[David Shaw]

On Wed, Sep 29, 2004 at 10:45:34PM -0400, Yaron Minsky wrote:
> <RANT>Sigh.  I just finished the first version of a patch (patch-16)
> that fixes the "MPI is larger than packet length" problem, and various
> others.  But if I figure this one correctly, GPG is barfing on this
> simply because one of the MPIs is too long, right?  This is just
> silly.  Can't GPG filter out bad packets at all?  The whole point of
> having a forgiving keyserver is that the clients should sort it out
> reasonably well in the end.  How did anyone ever expect PKS to
> work?</RANT>

I'm the first person to complain about PKS, but this is one of the
things that PKS got right.  These packets are syntactically invalid
according to RFC-2440.  PKS quite appropriately drops them.

Like I've been saying, it is very difficult to filter out bad packets
since once you establish a packet is bad, the whole stream needs to be
called into question.  In this particular case, the packets are being
corrupted in a very particular way.  Sure, I could code something to
detect this exact case, and may well do so in the future, but
regardless, SKS should not accept things that are completely invalid
according to the standard.

> Ok, so how big of an MPI is over the limit that GPG is willing to
> accept?  Anyone?

Just like before, it's not an oversize MPI.  It's an insane MPI - an
MPI that extends beyond the bounds of the enclosing packet.

Packets that need to have this sanity checking are the public key
packets, public subkey packets, and signatures.  Basically, anything
with MPIs in it.

David