opencdk: do not parse any secret keys in packet when reading a certificate

This reduces the attack surface on the parsers, and prevents any bugs in the secret key parser to be exploitable by inserting secret key sub-packets into an openpgp certificate. This addresses: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2017-03-01 07:54:04 +0100
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2017-03-01 07:55:39 +0100
commit: ae7d5433868b996e0a5f2750ec8daaedc5bd5444 (patch)
tree: 47ce07c06bb3887dc41043f729c6ed0aa273c392 /lib/openpgp/pgp.c
parent: 6bd962f6a3590169071e6c86aac2aceeb6ba097e (diff)
download: gnutls-ae7d5433868b996e0a5f2750ec8daaedc5bd5444.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c
index dd6957e247..03a507d4c4 100644
--- a/lib/openpgp/pgp.c
+++ b/lib/openpgp/pgp.c
@@ -99,7 +99,7 @@ gnutls_openpgp_crt_import(gnutls_openpgp_crt_t key,
 		armor = 1;
 
 	rc = cdk_kbnode_read_from_mem(&key->knode, armor, data->data,
-				      data->size);
+				      data->size, 1);
 	if (rc) {
 		rc = _gnutls_map_cdk_rc(rc);
 		gnutls_assert();
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-03-01 07:54:04 +0100
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-03-01 07:55:39 +0100
commit	ae7d5433868b996e0a5f2750ec8daaedc5bd5444 (patch)
tree	47ce07c06bb3887dc41043f729c6ed0aa273c392 /lib/openpgp/pgp.c
parent	6bd962f6a3590169071e6c86aac2aceeb6ba097e (diff)
download	gnutls-ae7d5433868b996e0a5f2750ec8daaedc5bd5444.tar.gz