Enforce the max packet length for OpenPGP subpackets as well

This addresses: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392 Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
author: Alex Gaynor <alex.gaynor@gmail.com> 2017-03-05 02:21:30 +0000
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2017-03-05 17:55:08 +0100
commit: ac59fb20faff9a267c05356bfc535fb279b2fbbd (patch)
tree: 0bb2dc7f3fc18ab49a20899992568f315bfab246 /lib
parent: 69bedfa254f3f5e01107e69edc96cbde00df340e (diff)
download: gnutls-ac59fb20faff9a267c05356bfc535fb279b2fbbd.tar.gz
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
index 3052dbfdf1..062974fe3e 100644
--- a/lib/opencdk/read-packet.c
+++ b/lib/opencdk/read-packet.c
@@ -570,6 +570,9 @@ read_user_id(cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t user_id)
 }
 
 
+#define MAX_PACKET_LEN (1<<24)
+
+
 static cdk_error_t
 read_subpkt(cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes)
 {
@@ -609,6 +612,10 @@ read_subpkt(cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes)
 	else
 		return CDK_Inv_Packet;
 
+	if (size >= MAX_PACKET_LEN) {
+		return CDK_Inv_Packet;
+	}
+
 	node = cdk_subpkt_new(size);
 	if (!node)
 		return CDK_Out_Of_Core;
@@ -950,8 +957,6 @@ static cdk_error_t skip_packet(cdk_stream_t inp, size_t pktlen)
 	return 0;
 }
 
-#define MAX_PACKET_LEN (1<<24)
-
 /**
  * cdk_pkt_read:
  * @inp: the input stream
author	Alex Gaynor <alex.gaynor@gmail.com>	2017-03-05 02:21:30 +0000
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-03-05 17:55:08 +0100
commit	ac59fb20faff9a267c05356bfc535fb279b2fbbd (patch)
tree	0bb2dc7f3fc18ab49a20899992568f315bfab246 /lib
parent	69bedfa254f3f5e01107e69edc96cbde00df340e (diff)
download	gnutls-ac59fb20faff9a267c05356bfc535fb279b2fbbd.tar.gz