Expand passphrase check to include NUL bytes.

vsajip · Jan 23, 2019 · 5cc9020 · 5cc9020
1 parent 55390b1
commit 5cc9020
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 2 deletions.
diff --git a/README.rst b/README.rst
@@ -91,7 +91,8 @@ Released: Not yet.
  mapping of signature_ids to fingerprint, keyid, username, creation date,
  creation timestamp and expiry timestamp is provided.
 
-* Added a check to disallow newline-type characters ('\r', '\n') in passphrases.
+* Added a check to disallow certain control characters ('\r', '\n', NUL) in
+ passphrases.
 
 
 0.4.3

diff --git a/gnupg.py b/gnupg.py
@@ -1043,7 +1043,8 @@ def is_valid_passphrase(self, passphrase):
  it is passed in a pipe to gpg, and so not checking could lead to
  spoofing attacks by passing arbitrary text after passphrase and newline.
  """
- return ('\n' not in passphrase and '\r' not in passphrase)
+ return ('\n' not in passphrase and '\r' not in passphrase and
+ '\x00' not in passphrase)
 
  def sign_file(self, file, keyid=None, passphrase=None, clearsign=True,
  detach=False, binary=False, output=None, extra_args=None):

diff --git a/test_gnupg.py b/test_gnupg.py
@@ -496,6 +496,8 @@ def test_encryption_and_decryption(self):
  data = data.encode(gpg.encoding)
  edata = str(gpg.encrypt(data, barbara))
  self.assertNotEqual(data, edata, "Data must have changed")
+ self.assertRaises(ValueError, gpg.decrypt, edata, passphrase="bbr\x00own")
+ self.assertRaises(ValueError, gpg.decrypt, edata, passphrase="bbr\rown")
  self.assertRaises(ValueError, gpg.decrypt, edata, passphrase="bbr\nown")
  ddata = gpg.decrypt(edata, passphrase="bbrown")
  if data != ddata.data: # pragma: no cover
@@ -511,6 +513,10 @@ def test_encryption_and_decryption(self):
  logger.debug("test_encryption_and_decryption ends")
  # Test symmetric encryption
  data = "chippy was here"
+ self.assertRaises(ValueError, gpg.encrypt, data, None,
+ passphrase='bbr\x00own', symmetric=True)
+ self.assertRaises(ValueError, gpg.encrypt, data, None,
+ passphrase='bbr\rown', symmetric=True)
  self.assertRaises(ValueError, gpg.encrypt, data, None,
  passphrase='bbr\nown', symmetric=True)
  edata = str(gpg.encrypt(data, None, passphrase='bbrown', symmetric=True))
@@ -613,6 +619,8 @@ def test_signature_verification(self):
  else:
  data = unicode('Hello, André', self.gpg.encoding)
  data = data.encode(self.gpg.encoding)
+ self.assertRaises(ValueError, self.gpg.sign, data, keyid=key.fingerprint, passphrase="bbr\x00own")
+ self.assertRaises(ValueError, self.gpg.sign, data, keyid=key.fingerprint, passphrase="bbr\rown")
  self.assertRaises(ValueError, self.gpg.sign, data, keyid=key.fingerprint, passphrase="bbr\nown")
  sig = self.gpg.sign(data, keyid=key.fingerprint, passphrase='bbrown')
  self.assertFalse(sig, "Bad passphrase should fail")