Closed Bug 1671737 Opened 4 years ago Closed 3 years ago

RNP-01-001 WP1 RNP: Integer overflow due to expiration time of PGP v3 keys (Low)

Categories

(MailNews Core :: Security: OpenPGP, defect)

Product:
MailNews Core
Component:
Security: OpenPGP
Type:
defect

Tracking

(thunderbird_esr78 fixed)

Status:
RESOLVED FIXED
Milestone:
82 Branch
Tracking Flags:
Tracking Status
thunderbird_esr78 --- fixed

People

(Reporter: wsmwk, Unassigned)

References

Details

(Keywords: sec-moderate, Whiteboard: [RNP][fixed-in-rnp])

While auditing the RNP source code, it was discovered that the function pgp_key_get_expiration() is potentially vulnerable against an Integer overflow for PGP key versions below v4. The referred function obtains the validity time in days and multiplies it by the value of 86400 in order to get the expiration time in seconds. The multiplication of key->pkt.v3_days * 86400 can overflow and, thus, potentially return an incorrect value.

Setting a validity time in days to, e.g., 49711, will result in an integer larger than MAX_INT (4294967295), translating to an overflow. This is demonstrated below:

49711 * 86400 = 4295030400
4295030400 - 4294967295 (MAX_INT) = 63105

key->pkt.v3_days is defined as uint16_t which means it can store an Integer value of up to 65,535. The native function rnp_key_get_expiration(), which in turn invokes pgp_key_get_expiration(), gets invoked through the JavaScript layer via several function calls, for example isKeyExpired() or addKeyAttributes().

Affected Files:
rnp/src/lib/pgp-key.cpp comm/mail/extensions/openpgp/content/modules/RNP.jsm

Affected Code:
pgp-key.cpp:

 uint32_t
 pgp_key_get_expiration(const pgp_key_t *key)
{ 
    return (key->pkt.version >= 4) ? key->expiration : key->pkt.v3_days * 86400;
}

RNP.jsm:

[...] 
if (RNPLib.rnp_key_get_expiration(handle, key_expiration.address()))  {
       throw new Error("rnp_key_get_expiration failed");
   }
   if (key_expiration.value > 0) {
      keyObj.expiryTime = keyObj.keyCreated + key_expiration.value;
   } else {
      keyObj.expiryTime = 0;
   }
   keyObj.expiry = EnigmailTime.getDateTime(keyObj.expiryTime, true, false);
[...]

As a result of this potential Integer overflow, it will set an incorrect value of keyObj.expiryTime. Cure53 wants to point out that fixing this vulnerability should ensure that the multiplication operation cannot overflow when the expiration time is calculated.

Group: mail-core-security
See Also: → https://github.com/rnpgp/rnp/pull/1270
Whiteboard: [RNP] → [RNP][fixed-in-rnp]

fixed by bug 1662481
in 78.2.2

Status: NEW → RESOLVED
Closed: 3 years ago
status-thunderbird_esr78: --- → fixed
Depends on: 1662481
Resolution: --- → FIXED
Target Milestone: --- → 82 Branch
Group: mail-core-security
You need to log in before you can comment on or make changes to this bug.