]> the.earth.li Git - onak.git/blobdiff - sigcheck.c
projects / onak.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add ability to drop overly large packets
[onak.git] / sigcheck.c
diff --git a/sigcheck.c b/sigcheck.c
index 3ee8d3959e0e2db27e1c8c264d4b631cdec22896..7732229abf75579516ea56cae281f7526bede028 100644 (file)
--- a/sigcheck.c
+++ b/sigcheck.c
@@ -13,8 +13,7 @@
  * more details.
  *
  * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 51
- * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * this program.  If not, see <https://www.gnu.org/licenses/>.
  */
 
 #include <stdint.h>
@@ -70,6 +69,7 @@ int check_packet_sighash(struct openpgp_publickey *key,
        size_t hashlen[8];
        int chunks, i;
        uint64_t keyid;
+       onak_status_t res;
 
        keyheader[0] = 0x99;
        keyheader[1] = key->publickey->length >> 8;
@@ -114,7 +114,13 @@ int check_packet_sighash(struct openpgp_publickey *key,
                        size_t len;
 
                        keyid = 0;
-                       len = parse_subpackets(&sig->data[4], &keyid, NULL);
+                       res = parse_subpackets(&sig->data[4],
+                                               sig->length - 4, &len,
+                                               &keyid, NULL);
+                       if (res != ONAK_E_OK) {
+                               /* If it parses badly, reject it */
+                               return 0;
+                       }
                        if (keyid == 0 &&
                                        /* No unhashed data */
                                        sig->data[4 + len] == 0 &&
@@ -163,6 +169,10 @@ int check_packet_sighash(struct openpgp_publickey *key,
                hashdata[chunks] = sig->data;
                hashlen[chunks] = siglen = (sig->data[4] << 8) +
                        sig->data[5] + 6;;
+               if (siglen > sig->length) {
+                       /* Signature data exceed packet length, bogus */
+                       return 0;
+               }
                chunks++;
 
                v4trailer[0] = 4;
OpenPGP key server