X-Git-Url: https://the.earth.li/gitweb/?p=onak.git;a=blobdiff_plain;f=parsekey.c;h=49b91bfee2c5183cf0794ec187f4e451cf700621;hp=aedbd14d8361a395b71d18abe7ee92eec4298c0d;hb=58ed9a0076feb9604154b99da6ed1907ca7df089;hpb=e0dd4d10f385cd19da389ec66622eea8aa66ae59

diff --git a/parsekey.c b/parsekey.c
index aedbd14..49b91bf 100644
--- a/parsekey.c
+++ b/parsekey.c
@@ -13,8 +13,7 @@
  * more details.
  *
  * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 51
- * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * this program.  If not, see <https://www.gnu.org/licenses/>.
  */
 
 #include <stdbool.h>
@@ -22,7 +21,6 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include "keyid.h"
 #include "keystructs.h"
 #include "ll.h"
 #include "mem.h"
@@ -137,7 +135,7 @@ int parse_keys(struct openpgp_packet_list *packets,
 				packet_dup(packets->packet));
 			break;
 		case OPENPGP_PACKET_TRUST:
-		case 61:
+		case OPENPGP_PACKET_COMMENT:
 			/*
 			 * One of:
 			 *
@@ -191,10 +189,9 @@ onak_status_t read_openpgp_stream(int (*getchar_func)(void *ctx, size_t count,
 				int maxnum)
 {
 	unsigned char			 curchar = 0;
-	struct openpgp_packet_list	*curpacket = NULL;
+	struct openpgp_packet_list	*curpacket = NULL, **packetend = NULL;
 	onak_status_t			 rc = ONAK_E_OK;
 	int				 keys = 0;
-	bool				 inpacket = false;
 
 	if (packets == NULL)
 		return ONAK_E_INVALID_PARAM;
@@ -206,20 +203,20 @@ onak_status_t read_openpgp_stream(int (*getchar_func)(void *ctx, size_t count,
 		}
 	}
 
-	while (!rc && (maxnum == 0 || keys < maxnum) &&
+	while (rc == ONAK_E_OK && (maxnum == 0 || keys < maxnum) &&
 			!getchar_func(ctx, 1, &curchar)) {
-		if (!inpacket && (curchar & 0x80)) {
+		if (curchar & 0x80) {
 			/*
-			 * New packet. Record the fact we're in a packet and
-			 * allocate memory for it.
+			 * New packet. Allocate memory for it.
 			 */
-			inpacket = true;
 			if (curpacket != NULL) {
 				curpacket->next = malloc(sizeof (*curpacket));
+				packetend = &curpacket->next;
 				curpacket = curpacket->next;
 			} else {
 				*packets = curpacket =
 					malloc(sizeof (*curpacket));
+				packetend = packets;
 			}
 			memset(curpacket, 0, sizeof(*curpacket));
 			curpacket->packet =
@@ -234,7 +231,10 @@ onak_status_t read_openpgp_stream(int (*getchar_func)(void *ctx, size_t count,
 			 */
 			if (curpacket->packet->newformat) {
 				curpacket->packet->tag = (curchar & 0x3F);
-				rc = getchar_func(ctx, 1, &curchar);
+				if (getchar_func(ctx, 1, &curchar)) {
+					rc = ONAK_E_INVALID_PKT;
+					break;
+				}
 				curpacket->packet->length = curchar;
 				if (curpacket->packet->length > 191 &&
 					curpacket->packet->length < 224) {
@@ -245,55 +245,90 @@ onak_status_t read_openpgp_stream(int (*getchar_func)(void *ctx, size_t count,
 					curpacket->packet->length += 192;
 				} else if (curpacket->packet->length > 223 &&
 					curpacket->packet->length < 255) {
-					return ONAK_E_UNSUPPORTED_FEATURE;
+					free(curpacket->packet);
+					curpacket->packet = NULL;
+					rc = ONAK_E_UNSUPPORTED_FEATURE;
 				} else if (curpacket->packet->length == 255) {
 					/*
 					 * 5 byte length; ie 255 followed by 3
 					 * bytes of MSB length.
 					 */
-					rc = getchar_func(ctx, 1, &curchar);
+					if (getchar_func(ctx, 1, &curchar)) {
+						rc = ONAK_E_INVALID_PKT;
+						break;
+					}
 					curpacket->packet->length = curchar;
 					curpacket->packet->length <<= 8;
-					rc = getchar_func(ctx, 1, &curchar);
+					if (getchar_func(ctx, 1, &curchar)) {
+						rc = ONAK_E_INVALID_PKT;
+						break;
+					}
 					curpacket->packet->length += curchar;
 					curpacket->packet->length <<= 8;
-					rc = getchar_func(ctx, 1, &curchar);
+					if (getchar_func(ctx, 1, &curchar)) {
+						rc = ONAK_E_INVALID_PKT;
+						break;
+					}
 					curpacket->packet->length += curchar;
 					curpacket->packet->length <<= 8;
-					rc = getchar_func(ctx, 1, &curchar);
+					if (getchar_func(ctx, 1, &curchar)) {
+						rc = ONAK_E_INVALID_PKT;
+						break;
+					}
 					curpacket->packet->length += curchar;
 				}
 			} else {
 				curpacket->packet->tag = (curchar & 0x3C) >> 2;
 				switch (curchar & 3) {
 				case 0:
-					rc = getchar_func(ctx, 1, &curchar);
+					if (getchar_func(ctx, 1, &curchar)) {
+						rc = ONAK_E_INVALID_PKT;
+						break;
+					}
 					curpacket->packet->length = curchar;
 					break;
 				case 1:
-					rc = getchar_func(ctx, 1, &curchar);
+					if (getchar_func(ctx, 1, &curchar)) {
+						rc = ONAK_E_INVALID_PKT;
+						break;
+					}
 					curpacket->packet->length = curchar;
 					curpacket->packet->length <<= 8;
-					rc = getchar_func(ctx, 1, &curchar);
+					if (getchar_func(ctx, 1, &curchar)) {
+						rc = ONAK_E_INVALID_PKT;
+						break;
+					}
 					curpacket->packet->length += curchar;
 					break;
 				case 2:
-					rc = getchar_func(ctx, 1, &curchar);
+					if (getchar_func(ctx, 1, &curchar)) {
+						rc = ONAK_E_INVALID_PKT;
+						break;
+					}
 					curpacket->packet->length = 
-						(curchar << 24);
-					rc = getchar_func(ctx, 1, &curchar);
+						((unsigned) curchar << 24);
+					if (getchar_func(ctx, 1, &curchar)) {
+						rc = ONAK_E_INVALID_PKT;
+						break;
+					}
 					curpacket->packet->length +=
 						(curchar << 16);
-					rc = getchar_func(ctx, 1, &curchar);
+					if (getchar_func(ctx, 1, &curchar)) {
+						rc = ONAK_E_INVALID_PKT;
+						break;
+					}
 					curpacket->packet->length +=
 						(curchar << 8);
-					rc = getchar_func(ctx, 1, &curchar);
+					if (getchar_func(ctx, 1, &curchar)) {
+						rc = ONAK_E_INVALID_PKT;
+						break;
+					}
 					curpacket->packet->length += curchar;
 					break;
 				case 3:
 					rc = ONAK_E_UNSUPPORTED_FEATURE;
-					curpacket->packet->length = 0;
-					curpacket->packet->data = NULL;
+					free(curpacket->packet);
+					curpacket->packet = NULL;
 					break;
 				}
 			}
@@ -314,10 +349,65 @@ onak_status_t read_openpgp_stream(int (*getchar_func)(void *ctx, size_t count,
 						curpacket->packet->data);
 				}
 			}
-			inpacket = false;
 		} else {
 			rc = ONAK_E_INVALID_PKT;
 		}
+		if (rc == ONAK_E_OK) {
+			/* Make sure the packet version is sane */
+			switch (curpacket->packet->tag) {
+			case OPENPGP_PACKET_ENCRYPTED_MDC:
+				/* These packets must be v1 */
+				if (curpacket->packet->data[0] != 1) {
+					rc = ONAK_E_INVALID_PKT;
+				}
+				break;
+			case OPENPGP_PACKET_PKSESSIONKEY:
+			case OPENPGP_PACKET_ONEPASSSIG:
+				/* These packets must be v3 */
+				if (curpacket->packet->data[0] != 3) {
+					rc = ONAK_E_INVALID_PKT;
+				}
+				break;
+			case OPENPGP_PACKET_SYMSESSIONKEY:
+				/* These packets must be v4 */
+				if (curpacket->packet->data[0] != 4) {
+					rc = ONAK_E_INVALID_PKT;
+				}
+				break;
+			case OPENPGP_PACKET_SIGNATURE:
+			case OPENPGP_PACKET_SECRETKEY:
+			case OPENPGP_PACKET_PUBLICKEY:
+				/* Must be v2 -> v5 */
+				if (curpacket->packet->data[0] < 2 ||
+					curpacket->packet->data[0] > 5) {
+					rc = ONAK_E_INVALID_PKT;
+				}
+				break;
+			default:
+				break;
+			}
+		}
+	}
+
+	if (packetend != NULL) {
+		if ((*packetend)->packet != NULL) {
+			/* If we got an invalid final packet, discard it. */
+			if ((*packetend)->packet->data != NULL &&
+					rc != ONAK_E_OK) {
+				free((*packetend)->packet->data);
+				(*packetend)->packet->data = NULL;
+			}
+			/* If we didn't get any data, clean it up. */
+			if ((*packetend)->packet->data == NULL) {
+				free((*packetend)->packet);
+				(*packetend)->packet = NULL;
+			}
+		}
+		/* Trim the last packet if it doesn't actually exist */
+		if ((*packetend)->packet == NULL) {
+			free(*packetend);
+			*packetend = NULL;
+		}
 	}
 
 	return (rc);