From a9168185ba97aa1d827315cd8017899bf904aded Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 10 Aug 2016 15:31:25 +0200
Subject: [PATCH] core: Do not identify PNG files as PGP signatures.

* src/data-identify.c (next_openpgp_packet): Blacklist PNG files.
--

GnuPG-bug-id: 2314
Signed-off-by: Werner Koch <wk@gnupg.org>
---
 src/data-identify.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/data-identify.c b/src/data-identify.c
index 88a472fb..1edfb9b2 100644
--- a/src/data-identify.c
+++ b/src/data-identify.c
@@ -95,6 +95,11 @@ next_openpgp_packet (unsigned char const **bufptr, size_t *buflen,
   if (!len)
     return gpg_error (GPG_ERR_NO_DATA);
 
+  /* First some blacklisting.  */
+  if (len >= 4 && !memcmp (buf, "\x89PNG", 4))
+    return gpg_error (GPG_ERR_INV_PACKET); /* This is a PNG file.  */
+
+  /* Start parsing.  */
   ctb = *buf++; len--;
   if ( !(ctb & 0x80) )
     return gpg_error (GPG_ERR_INV_PACKET); /* Invalid CTB. */