Enforce the max packet length for OpenPGP subpackets as well

This addresses: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392 Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
author: Alex Gaynor <alex.gaynor@gmail.com> 2017-03-05 02:21:30 +0000
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2017-03-05 18:05:51 +0100
commit: efa1251cc197239a36eca48fd204afae41b05994 (patch)
tree: ac54621d221e67cff07e4ab600574fa8c504b364
parent: c8fdf14e59bfc4e1e85b12d489a0eb892c94b3b4 (diff)
download: gnutls-efa1251cc197239a36eca48fd204afae41b05994.tar.gz
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
index e202a10b04..56bbccc70e 100644
--- a/lib/opencdk/read-packet.c
+++ b/lib/opencdk/read-packet.c
@@ -571,6 +571,9 @@ read_user_id(cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t user_id)
 }
 
 
+#define MAX_PACKET_LEN (1<<24)
+
+
 static cdk_error_t
 read_subpkt(cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes)
 {
@@ -610,6 +613,10 @@ read_subpkt(cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes)
 	else
 		return CDK_Inv_Packet;
 
+	if (size >= MAX_PACKET_LEN) {
+		return CDK_Inv_Packet;
+	}
+
 	node = cdk_subpkt_new(size);
 	if (!node)
 		return CDK_Out_Of_Core;
@@ -951,8 +958,6 @@ static cdk_error_t skip_packet(cdk_stream_t inp, size_t pktlen)
 	return 0;
 }
 
-#define MAX_PACKET_LEN (1<<24)
-
 /**
  * cdk_pkt_read:
  * @inp: the input stream
author	Alex Gaynor <alex.gaynor@gmail.com>	2017-03-05 02:21:30 +0000
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-03-05 18:05:51 +0100
commit	efa1251cc197239a36eca48fd204afae41b05994 (patch)
tree	ac54621d221e67cff07e4ab600574fa8c504b364
parent	c8fdf14e59bfc4e1e85b12d489a0eb892c94b3b4 (diff)
download	gnutls-efa1251cc197239a36eca48fd204afae41b05994.tar.gz