File gnupg-CVE-2026-24882.patch of Package gpg2.42496

From 93fa34d9a346020355cd51d54102d30d4f177323 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 26 Jan 2026 11:13:44 +0100
Subject: [PATCH 1996/2000] tpm: Fix possible buffer overflow in PKDECRYPT

* tpm2d/tpm2.c (tpm2_ecc_decrypt): Bail out on too long CIPHERTEXT.
(tpm2_rsa_decrypt): Ditto.
--

GnuPG-bug-id: 8045
Co-authored-by: NIIBE Yutaka <gniibe@fsij.org>
Reported-by: OpenAI Security Research

Index: gnupg-2.4.4/tpm2d/tpm2.c
===================================================================
--- gnupg-2.4.4.orig/tpm2d/tpm2.c
+++ gnupg-2.4.4/tpm2d/tpm2.c
@@ -917,10 +917,20 @@ tpm2_ecc_decrypt (ctrl_t ctrl, TSS_CONTE
   size_t len;
   int ret;
 
+#if defined(TPM2_MAX_ECC_KEY_BYTES) /* Intel stack */
+  if (ciphertext_len > 2*TPM2_MAX_ECC_KEY_BYTES + 1)
+    return GPG_ERR_TOO_LARGE;
+#elif defined(MAX_ECC_KEY_BYTES)    /* IBM stack */
+  if (ciphertext_len > 2*MAX_ECC_KEY_BYTES + 1)
+    return GPG_ERR_TOO_LARGE;
+#else
+# error TMP2 header are not correctly installed
+#endif
+
   /* This isn't really a decryption per se.  The ciphertext actually
    * contains an EC Point which we must multiply by the private key number.
    *
-   * The reason is to generate a diffe helman agreement on a shared
+   * The reason is to generate a diffie-hellman agreement on a shared
    * point.  This shared point is then used to generate the per
    * session encryption key.
    */
@@ -976,6 +986,16 @@ tpm2_rsa_decrypt (ctrl_t ctrl, TSS_CONTE
   TPM_HANDLE ah;
   char *auth;
 
+#if defined(TPM2_MAX_RSA_KEY_BYTES)  /* Intel stack */
+  if (ciphertext_len > TPM2_MAX_RSA_KEY_BYTES)
+    return GPG_ERR_TOO_LARGE;
+#elif defined(MAX_RSA_KEY_BYTES)     /* IBM stack */
+  if (ciphertext_len > MAX_RSA_KEY_BYTES)
+    return GPG_ERR_TOO_LARGE;
+#else
+# error TMP2 header are not correctly installed
+#endif
+
   inScheme.scheme = TPM_ALG_RSAES;
   /*
    * apparent gcrypt error: occasionally rsa ciphertext will