GpgFrontend/gpgme
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

core: Detect compressed signed OpenPGP data.

Browse Source 
* src/data-identify.c (next_openpgp_packet): Allow partial encoding.
(pgp_binary_detection): Handle compressed packets.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2016-06-22 18:43:26 +02:00
parent 5905e8bbd8
commit bb8cf62365
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 18 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/data-identify.c
View File

@ -1,5 +1,5 @@
/* data-identify.c - Try to identify the data /* data-identify.c - Try to identify the data
Copyright (C) 2013 g10 Code GmbH Copyright (C) 2013, 2016 g10 Code GmbH
This file is part of GPGME. This file is part of GPGME.
@ -123,8 +123,10 @@ next_openpgp_packet (unsigned char const **bufptr, size_t *buflen,
buf += 4; buf += 4;
len -= 4; len -= 4;
} }
else /* Partial length encoding is not allowed for key packets. */ else /* Partial length encoding. */
return gpg_error (GPG_ERR_UNEXPECTED); {
pktlen = 0;
}
} }
else /* Old style CTB. */ else /* Old style CTB. */
{ {
@ -133,8 +135,6 @@ next_openpgp_packet (unsigned char const **bufptr, size_t *buflen,
pktlen = 0; pktlen = 0;
pkttype = (ctb>>2)&0xf; pkttype = (ctb>>2)&0xf;
lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3)); lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3));
if (!lenbytes) /* Not allowed in key packets. */
return gpg_error (GPG_ERR_UNEXPECTED);
if (len < lenbytes) if (len < lenbytes)
return gpg_error (GPG_ERR_INV_PACKET); /* Not enough length bytes. */ return gpg_error (GPG_ERR_INV_PACKET); /* Not enough length bytes. */
for (; lenbytes; lenbytes--) for (; lenbytes; lenbytes--)
@ -213,6 +213,10 @@ pgp_binary_detection (const void *image_arg, size_t imagelen)
else if (err) else if (err)
break; break;
/* Skip all leading marker packets. */
if (!anypacket && pkttype == PKT_MARKER)
continue;
if (pkttype == PKT_SIGNATURE) if (pkttype == PKT_SIGNATURE)
{ {
if (!anypacket) if (!anypacket)
@ -220,7 +224,6 @@ pgp_binary_detection (const void *image_arg, size_t imagelen)
} }
else else
allsignatures = 0; allsignatures = 0;
anypacket = 1;
switch (pkttype) switch (pkttype)
{ {
@ -247,12 +250,18 @@ pgp_binary_detection (const void *image_arg, size_t imagelen)
case PKT_SYMKEY_ENC: case PKT_SYMKEY_ENC:
return GPGME_DATA_TYPE_PGP_ENCRYPTED; return GPGME_DATA_TYPE_PGP_ENCRYPTED;
case PKT_MARKER: case PKT_COMPRESSED:
break; /* Skip this packet. */ /* If this is the first packet we assume that that a signed
* packet follows. We do not want to uncompress it here due
* to the need of a lot of code and the potentail DoS. */
if (!anypacket)
return GPGME_DATA_TYPE_PGP_SIGNED;
return GPGME_DATA_TYPE_PGP_OTHER;
default: default:
return GPGME_DATA_TYPE_PGP_OTHER; return GPGME_DATA_TYPE_PGP_OTHER;
} }
anypacket = 1;
} }
if (allsignatures) if (allsignatures)