X-Git-Url: http://the.earth.li/gitweb/?a=blobdiff_plain;f=parsekey.c;h=f9b1465b78dece1a18c2cde309cfb937d69bcab6;hb=7fd2267eca87bd9bcfe5e66e95e2e683bda1533b;hp=ed61e24d16be5e556a527cfbfa80bc4f10e6beaa;hpb=83ae316a7b14e55418349e87d1a1942a0627ae14;p=onak.git

diff --git a/parsekey.c b/parsekey.c
index ed61e24..f9b1465 100644
--- a/parsekey.c
+++ b/parsekey.c
@@ -308,7 +308,7 @@ onak_status_t read_openpgp_stream(int (*getchar_func)(void *ctx, size_t count,
 						break;
 					}
 					curpacket->packet->length = 
-						(curchar << 24);
+						((unsigned) curchar << 24);
 					if (getchar_func(ctx, 1, &curchar)) {
 						rc = ONAK_E_INVALID_PKT;
 						break;
@@ -354,12 +354,33 @@ onak_status_t read_openpgp_stream(int (*getchar_func)(void *ctx, size_t count,
 		} else {
 			rc = ONAK_E_INVALID_PKT;
 		}
+		if (rc == ONAK_E_OK) {
+			/* Make sure the packet version is sane */
+			if (curpacket->packet->data[0] > 4) {
+				rc = ONAK_E_INVALID_PKT;
+			}
+		}
 	}
 
-	/* Trim the last packet if it doesn't actually exist */
-	if (packetend != NULL && (*packetend)->packet == NULL) {
-		free(*packetend);
-		*packetend = NULL;
+	if (packetend != NULL) {
+		if ((*packetend)->packet != NULL) {
+			/* If we got an invalid final packet, discard it. */
+			if ((*packetend)->packet->data != NULL &&
+					rc != ONAK_E_OK) {
+				free((*packetend)->packet->data);
+				(*packetend)->packet->data = NULL;
+			}
+			/* If we didn't get any data, clean it up. */
+			if ((*packetend)->packet->data == NULL) {
+				free((*packetend)->packet);
+				(*packetend)->packet = NULL;
+			}
+		}
+		/* Trim the last packet if it doesn't actually exist */
+		if ((*packetend)->packet == NULL) {
+			free(*packetend);
+			*packetend = NULL;
+		}
 	}
 
 	return (rc);