From b301aa6579da21bf9a8efeef0776b718f74480c5 Mon Sep 17 00:00:00 2001
From: Jonathan McDowell <noodles@earth.li>
Date: Tue, 23 Aug 2016 11:54:30 +0100
Subject: [PATCH] Relax packet version check

The version check on packets was too strict - there are a bunch of
packets that don't have a version (such as the UID). Make these checks
more specific based on the definitions from RFC4800.

(Lesson learned: Do not commit without running the automated tests.)
---
 parsekey.c | 33 +++++++++++++++++++++++++++++++--
 1 file changed, 31 insertions(+), 2 deletions(-)

diff --git a/parsekey.c b/parsekey.c
index f9b1465..d152166 100644
--- a/parsekey.c
+++ b/parsekey.c
@@ -356,8 +356,37 @@ onak_status_t read_openpgp_stream(int (*getchar_func)(void *ctx, size_t count,
 		}
 		if (rc == ONAK_E_OK) {
 			/* Make sure the packet version is sane */
-			if (curpacket->packet->data[0] > 4) {
-				rc = ONAK_E_INVALID_PKT;
+			switch (curpacket->packet->tag) {
+			case OPENPGP_PACKET_ENCRYPTED_MDC:
+				/* These packets must be v1 */
+				if (curpacket->packet->data[0] != 1) {
+					rc = ONAK_E_INVALID_PKT;
+				}
+				break;
+			case OPENPGP_PACKET_PKSESSIONKEY:
+			case OPENPGP_PACKET_ONEPASSSIG:
+				/* These packets must be v3 */
+				if (curpacket->packet->data[0] != 3) {
+					rc = ONAK_E_INVALID_PKT;
+				}
+				break;
+			case OPENPGP_PACKET_SYMSESSIONKEY:
+				/* These packets must be v4 */
+				if (curpacket->packet->data[0] != 4) {
+					rc = ONAK_E_INVALID_PKT;
+				}
+				break;
+			case OPENPGP_PACKET_SIGNATURE:
+			case OPENPGP_PACKET_SECRETKEY:
+			case OPENPGP_PACKET_PUBLICKEY:
+				/* Must be v2 -> v4 */
+				if (curpacket->packet->data[0] < 2 ||
+					curpacket->packet->data[0] > 4) {
+					rc = ONAK_E_INVALID_PKT;
+				}
+				break;
+			default:
+				break;
 			}
 		}
 	}
-- 
2.39.2