X-Git-Url: http://the.earth.li/gitweb/?a=blobdiff_plain;f=decodekey.c;h=0ff0625929849713a2597bf36769f009badab90c;hb=a799cc2909f47d918d1ec7171a9edba28a9f5136;hp=705b827d43ef7a7e69197a9a4dd9af537e81d542;hpb=23f086c85c5d2db35e9ce76cf0bbf72200b4dc42;p=onak.git
diff --git a/decodekey.c b/decodekey.c
index 705b827..0ff0625 100644
--- a/decodekey.c
+++ b/decodekey.c
@@ -13,11 +13,10 @@
* more details.
*
* You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 51
- * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * this program. If not, see .
*/
-#include
+#include
#include
#include
#include
@@ -28,12 +27,13 @@
#include "keyid.h"
#include "keystructs.h"
#include "ll.h"
-#include "log.h"
#include "openpgp.h"
/*
* parse_subpackets - Parse the subpackets of a Type 4 signature.
* @data: The subpacket data.
+ * @len: The amount of data available to read.
+ * @parselen: The amount of data that was actually parsed.
* @keyid: A pointer to where we should return the keyid.
* @creationtime: A pointer to where we should return the creation time.
*
@@ -42,16 +42,29 @@
* processed. If the value of any piece of data is not desired a NULL
* can be passed instead of a pointer to a storage area for that value.
*/
-int parse_subpackets(unsigned char *data, uint64_t *keyid, time_t *creation)
+onak_status_t parse_subpackets(unsigned char *data, size_t len,
+ size_t *parselen, uint64_t *keyid, time_t *creation)
{
int offset = 0;
int length = 0;
int packetlen = 0;
- log_assert(data != NULL);
+ assert(data != NULL);
+
+ /* Make sure we actually have the 2 byte length field */
+ if (len < 2) {
+ return ONAK_E_INVALID_PKT;
+ }
length = (data[0] << 8) + data[1] + 2;
+ /* If the length is off the end of the data available, it's bogus */
+ if (len < length) {
+ return ONAK_E_INVALID_PKT;
+ }
+
+ *parselen = length;
+
offset = 2;
while (offset < length) {
packetlen = data[offset++];
@@ -67,6 +80,10 @@ int parse_subpackets(unsigned char *data, uint64_t *keyid, time_t *creation)
packetlen <<= 8;
packetlen |= data[offset++];
}
+ /* Check the supplied length is within the remaining data */
+ if (packetlen == 0 || (packetlen + offset) > length) {
+ return ONAK_E_INVALID_PKT;
+ }
switch (data[offset] & 0x7F) {
case OPENPGP_SIGSUB_CREATION:
/*
@@ -109,15 +126,28 @@ int parse_subpackets(unsigned char *data, uint64_t *keyid, time_t *creation)
case OPENPGP_SIGSUB_EXPORTABLE:
case OPENPGP_SIGSUB_TRUSTSIG:
case OPENPGP_SIGSUB_REGEX:
+ case OPENPGP_SIGSUB_REVOCABLE:
+ case OPENPGP_SIGSUB_CAPABILITIES:
case OPENPGP_SIGSUB_KEYEXPIRY:
+ case OPENPGP_SIGSUB_ARR:
case OPENPGP_SIGSUB_PREFSYM:
+ case OPENPGP_SIGSUB_REVOCATION_KEY:
+ case OPENPGP_SIGSUB_ISSUER_UID:
+ case OPENPGP_SIGSUB_URL:
+ case OPENPGP_SIGSUB_ISSUER_FINGER:
case OPENPGP_SIGSUB_NOTATION:
case OPENPGP_SIGSUB_PREFHASH:
case OPENPGP_SIGSUB_PREFCOMPRESS:
case OPENPGP_SIGSUB_KEYSERVER:
+ case OPENPGP_SIGSUB_PREFKEYSERVER:
case OPENPGP_SIGSUB_PRIMARYUID:
case OPENPGP_SIGSUB_POLICYURI:
case OPENPGP_SIGSUB_KEYFLAGS:
+ case OPENPGP_SIGSUB_SIGNER_UID:
+ case OPENPGP_SIGSUB_REVOKE_REASON:
+ case OPENPGP_SIGSUB_FEATURES:
+ case OPENPGP_SIGSUB_SIGNATURE_TARGET:
+ case OPENPGP_SIGSUB_EMBEDDED_SIG:
/*
* Various subpacket types we know about, but don't
* currently handle. Some are candidates for being
@@ -130,38 +160,13 @@ int parse_subpackets(unsigned char *data, uint64_t *keyid, time_t *creation)
* 7 is set in which case we log a major error.
*/
if (data[offset] & 0x80) {
- logthing(LOGTHING_CRITICAL,
- "Critical subpacket type not parsed: 0x%X",
- data[offset]);
+ return ONAK_E_UNSUPPORTED_FEATURE;
}
-
}
offset += packetlen;
}
- return length;
-}
-
-/**
- * keysigs - Return the sigs on a given OpenPGP signature list.
- * @curll: The current linked list. Can be NULL to create a new list.
- * @sigs: The signature list we want the sigs on.
- *
- * Returns a linked list of stats_key elements containing the sigs on the
- * supplied OpenPGP packet list.
- */
-struct ll *keysigs(struct ll *curll,
- struct openpgp_packet_list *sigs)
-{
- uint64_t keyid = 0;
-
- while (sigs != NULL) {
- keyid = sig_keyid(sigs->packet);
- sigs = sigs->next;
- curll = lladd(curll, createandaddtohash(keyid));
- }
-
- return curll;
+ return ONAK_E_OK;
}
/**
@@ -174,10 +179,12 @@ struct ll *keysigs(struct ll *curll,
* key or pulls the data directly from v2/3. NULL can be passed for any
* values which aren't cared about.
*/
-void sig_info(struct openpgp_packet *packet, uint64_t *keyid, time_t *creation)
+onak_status_t sig_info(struct openpgp_packet *packet, uint64_t *keyid,
+ time_t *creation)
{
- int length = 0;
-
+ size_t length = 0;
+ onak_status_t res;
+
if (packet != NULL) {
switch (packet->data[0]) {
case 2:
@@ -210,20 +217,25 @@ void sig_info(struct openpgp_packet *packet, uint64_t *keyid, time_t *creation)
}
break;
case 4:
- length = parse_subpackets(&packet->data[4],
- keyid, creation);
- parse_subpackets(&packet->data[length + 4],
- keyid, creation);
- /*
- * Don't bother to look at the unsigned packets.
- */
+ res = parse_subpackets(&packet->data[4],
+ packet->length - 4,
+ &length, keyid, creation);
+ if (res != ONAK_E_OK) {
+ return res;
+ }
+ res = parse_subpackets(&packet->data[length + 4],
+ packet->length - (4 + length),
+ &length, keyid, creation);
+ if (res != ONAK_E_OK) {
+ return res;
+ }
break;
default:
break;
}
}
- return;
+ return ONAK_E_OK;
}
/**