diff options
| author | Neal H. Walfield <neal@g10code.com> | 2015-08-21 11:55:15 +0200 |
|---|---|---|
| committer | Neal H. Walfield <neal@g10code.com> | 2015-08-21 14:21:13 +0200 |
| commit | 09f2a7bca624d0492e1d7ab29ce19542249c13ff (patch) | |
| tree | 16d9f1d0ab6635f21ef8fa13b701e38a48a7cdff /kbx | |
| parent | common: Don't assume on-disk layout matches in-memory layout. (diff) | |
| download | gnupg2-09f2a7bca624d0492e1d7ab29ce19542249c13ff.tar.xz gnupg2-09f2a7bca624d0492e1d7ab29ce19542249c13ff.zip | |
common: Don't incorrectly reject 4 GB - 1 sized packets.
* g10/parse-packet.c (parse): Don't reject 4 GB - 1 sized packets.
Add the constraint that the type must be 63.
* kbx/keybox-openpgp.c (next_packet): Likewise.
* tests/openpgp/4gb-packet.asc: New file.
* tests/openpgp/4gb-packet.test: New file.
* tests/openpgp/Makefile.am (TESTS): Add 4gb-packet.test.
(TEST_FILES): Add 4gb-packet.asc.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
Diffstat (limited to 'kbx')
| -rw-r--r-- | kbx/keybox-openpgp.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/kbx/keybox-openpgp.c b/kbx/keybox-openpgp.c index 2cac242e9..a5f602b7b 100644 --- a/kbx/keybox-openpgp.c +++ b/kbx/keybox-openpgp.c @@ -139,7 +139,14 @@ next_packet (unsigned char const **bufptr, size_t *buflen, return gpg_error (GPG_ERR_UNEXPECTED); } - if (pktlen == (unsigned long)(-1)) + if (pkttype == 63 && pktlen == 0xFFFFFFFF) + /* Sometimes the decompressing layer enters an error state in + which it simply outputs 0xff for every byte read. If we have a + stream of 0xff bytes, then it will be detected as a new format + packet with type 63 and a 4-byte encoded length that is 4G-1. + Since packets with type 63 are private and we use them as a + control packet, which won't be 4 GB, we reject such packets as + invalid. */ return gpg_error (GPG_ERR_INV_PACKET); if (pktlen > len) |