diff options
author | Panu Matilainen <pmatilai@redhat.com> | 2021-06-15 11:19:54 +0300 |
---|---|---|
committer | Panu Matilainen <pmatilai@redhat.com> | 2021-06-15 13:06:02 +0300 |
commit | d07c6ce856354e2e744024dce49940460c3829e8 (patch) | |
tree | 34a2f7ff0b86b0fe93e2c58457113da30937d4cf | |
parent | f79781a2ab7d13b7322e1eea85a93ab1fbdad65b (diff) | |
download | rpm-d07c6ce856354e2e744024dce49940460c3829e8.tar.gz |
Fix bugs in new format PGP packet length decoding detection
Two-octet packets are recognized by first octet being in range 192-223,
not 192-255. Partial body lengths, which are not supported, use the
224-254 range. A valid five-octet length requires the first octet to
be 255, this was not checked.
Initial patch by Demi Marie Obenour.
-rw-r--r-- | rpmio/rpmpgp.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c index 3957a62bc..e9c1b9e30 100644 --- a/rpmio/rpmpgp.c +++ b/rpmio/rpmpgp.c @@ -286,6 +286,7 @@ int pgpValTok(pgpValTbl vs, const char * s, const char * se) /** \ingroup rpmpgp * Decode length from 1, 2, or 5 octet body length encoding, used in * new format packet headers and V4 signature subpackets. + * Partial body lengths are (intentionally) not supported. * @param s pointer to length encoding buffer * @param slen buffer size * @param[out] *lenp decoded length @@ -305,10 +306,10 @@ size_t pgpLen(const uint8_t *s, size_t slen, size_t * lenp) if (*s < 192) { lenlen = 1; dlen = *s; - } else if (*s < 255 && slen > 2) { + } else if (*s < 224 && slen > 2) { lenlen = 2; dlen = (((s[0]) - 192) << 8) + s[1] + 192; - } else if (slen > 5) { + } else if (*s == 255 && slen > 5) { lenlen = 5; dlen = pgpGrab(s+1, 4); } |