GpgFrontend/gpgme
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

core: Do not identify PNG files as PGP signatures.

Browse Source 
* src/data-identify.c (next_openpgp_packet): Blacklist PNG files.
--

GnuPG-bug-id: 2314
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2016-08-10 15:31:25 +02:00
parent 09667a6006
commit a9168185ba
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/data-identify.c
View File

@ -95,6 +95,11 @@ next_openpgp_packet (unsigned char const **bufptr, size_t *buflen,
if (!len) if (!len)
return gpg_error (GPG_ERR_NO_DATA); return gpg_error (GPG_ERR_NO_DATA);
/* First some blacklisting. */
if (len >= 4 && !memcmp (buf, "\x89PNG", 4))
return gpg_error (GPG_ERR_INV_PACKET); /* This is a PNG file. */
/* Start parsing. */
ctb = *buf++; len--; ctb = *buf++; len--;
if ( !(ctb & 0x80) ) if ( !(ctb & 0x80) )
return gpg_error (GPG_ERR_INV_PACKET); /* Invalid CTB. */ return gpg_error (GPG_ERR_INV_PACKET); /* Invalid CTB. */