X-Git-Url: https://the.earth.li/gitweb/?p=onak.git;a=blobdiff_plain;f=parsekey.c;h=49b91bfee2c5183cf0794ec187f4e451cf700621;hp=008248e005633f0563d9bdcd409c61130cfc1423;hb=58ed9a0076feb9604154b99da6ed1907ca7df089;hpb=5d859953e393a2539e67df3ce73798e7029cf5b9

diff --git a/parsekey.c b/parsekey.c
index 008248e..49b91bf 100644
--- a/parsekey.c
+++ b/parsekey.c
@@ -13,8 +13,7 @@
  * more details.
  *
  * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 51
- * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * this program.  If not, see <https://www.gnu.org/licenses/>.
  */
 
 #include <stdbool.h>
@@ -22,7 +21,6 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include "keyid.h"
 #include "keystructs.h"
 #include "ll.h"
 #include "mem.h"
@@ -354,6 +352,41 @@ onak_status_t read_openpgp_stream(int (*getchar_func)(void *ctx, size_t count,
 		} else {
 			rc = ONAK_E_INVALID_PKT;
 		}
+		if (rc == ONAK_E_OK) {
+			/* Make sure the packet version is sane */
+			switch (curpacket->packet->tag) {
+			case OPENPGP_PACKET_ENCRYPTED_MDC:
+				/* These packets must be v1 */
+				if (curpacket->packet->data[0] != 1) {
+					rc = ONAK_E_INVALID_PKT;
+				}
+				break;
+			case OPENPGP_PACKET_PKSESSIONKEY:
+			case OPENPGP_PACKET_ONEPASSSIG:
+				/* These packets must be v3 */
+				if (curpacket->packet->data[0] != 3) {
+					rc = ONAK_E_INVALID_PKT;
+				}
+				break;
+			case OPENPGP_PACKET_SYMSESSIONKEY:
+				/* These packets must be v4 */
+				if (curpacket->packet->data[0] != 4) {
+					rc = ONAK_E_INVALID_PKT;
+				}
+				break;
+			case OPENPGP_PACKET_SIGNATURE:
+			case OPENPGP_PACKET_SECRETKEY:
+			case OPENPGP_PACKET_PUBLICKEY:
+				/* Must be v2 -> v5 */
+				if (curpacket->packet->data[0] < 2 ||
+					curpacket->packet->data[0] > 5) {
+					rc = ONAK_E_INVALID_PKT;
+				}
+				break;
+			default:
+				break;
+			}
+		}
 	}
 
 	if (packetend != NULL) {