diff options
-rw-r--r-- | lib/opencdk/read-packet.c | 9 | ||||
-rw-r--r-- | tests/cert-tests/data/openpgp-invalid9.pub | bin | 0 -> 16 bytes | |||
-rwxr-xr-x | tests/cert-tests/openpgp-cert-parser | 3 |
3 files changed, 9 insertions, 3 deletions
diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c index e7a1ceaac8..f86659a023 100644 --- a/lib/opencdk/read-packet.c +++ b/lib/opencdk/read-packet.c @@ -570,6 +570,9 @@ read_user_id(cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t user_id) } +#define MAX_PACKET_LEN (1<<24) + + static cdk_error_t read_subpkt(cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes) { @@ -609,6 +612,10 @@ read_subpkt(cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes) else return CDK_Inv_Packet; + if (size >= MAX_PACKET_LEN) { + return CDK_Inv_Packet; + } + node = cdk_subpkt_new(size); if (!node) return CDK_Out_Of_Core; @@ -951,8 +958,6 @@ static cdk_error_t skip_packet(cdk_stream_t inp, size_t pktlen) return 0; } -#define MAX_PACKET_LEN (1<<24) - /** * cdk_pkt_read: * @inp: the input stream diff --git a/tests/cert-tests/data/openpgp-invalid9.pub b/tests/cert-tests/data/openpgp-invalid9.pub Binary files differnew file mode 100644 index 0000000000..5fbab2a0b5 --- /dev/null +++ b/tests/cert-tests/data/openpgp-invalid9.pub diff --git a/tests/cert-tests/openpgp-cert-parser b/tests/cert-tests/openpgp-cert-parser index 7f22271077..4ac5a6f946 100755 --- a/tests/cert-tests/openpgp-cert-parser +++ b/tests/cert-tests/openpgp-cert-parser @@ -42,7 +42,8 @@ echo "Checking OpenPGP certificate parsing" for i in "truncated.pub" "attribute-leak-1.pub" "subpkt-leak.pub" "openpgp-invalid1.pub" \ "openpgp-invalid2.pub" "openpgp-invalid3.pub" "openpgp-invalid4.pub" "openpgp-invalid5.pub" \ - "openpgp-invalid6.pub" "openpgp-invalid7.pub" "openpgp-invalid8.pub";do + "openpgp-invalid6.pub" "openpgp-invalid7.pub" "openpgp-invalid8.pub" \ + "openpgp-invalid9.pub";do ${VALGRIND} "${CERTTOOL}" --inraw --pgp-certificate-info --infile "${srcdir}/data/${i}" rc=$? if test $rc != 1;then |