diff options
author | Demi Marie Obenour <demi@invisiblethingslab.com> | 2021-05-06 18:34:45 -0400 |
---|---|---|
committer | Panu Matilainen <pmatilai@redhat.com> | 2021-06-21 10:53:10 +0300 |
commit | 5ff86764b17f31535cb247543a90dd739076ec38 (patch) | |
tree | 53c3423d3f0e567a205de256ce3b0f67b5e09f10 | |
parent | f101c8cf8295796b378822d28cb8ef29a4e326bf (diff) | |
download | rpm-5ff86764b17f31535cb247543a90dd739076ec38.tar.gz |
Do not allow extra packets to follow a signature
According to RFC 4880 § 11.4, a detached signature is “simply a
Signature packet”. Therefore, extra packets following a detached
signature are not allowed.
-rw-r--r-- | rpmio/rpmpgp.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c index f1a99e716..5b346a825 100644 --- a/rpmio/rpmpgp.c +++ b/rpmio/rpmpgp.c @@ -1068,6 +1068,8 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, break; p += (pkt.body - pkt.head) + pkt.blen; + if (pkttype == PGPTAG_SIGNATURE) + break; } rc = (digp && (p == pend)) ? 0 : -1; |