From: Jonathan McDowell <noodles@earth.li>
Date: Mon, 22 Aug 2016 22:14:24 +0000 (+0100)
Subject: Add sanity check for PGP packet version
X-Git-Tag: onak-0.5.0~3
X-Git-Url: https://the.earth.li/gitweb/?p=onak.git;a=commitdiff_plain;h=7fd2267eca87bd9bcfe5e66e95e2e683bda1533b

Add sanity check for PGP packet version

At present only PGP packet versions up to 4 are supported. There's no
indication version 5+ will be backwards compatible, so if we see
anything higher it indicates something unsupported. Fixes some issues
found using American Fuzzy Lop.
---

diff --git a/parsekey.c b/parsekey.c
index 008248e..f9b1465 100644
--- a/parsekey.c
+++ b/parsekey.c
@@ -354,6 +354,12 @@ onak_status_t read_openpgp_stream(int (*getchar_func)(void *ctx, size_t count,
 		} else {
 			rc = ONAK_E_INVALID_PKT;
 		}
+		if (rc == ONAK_E_OK) {
+			/* Make sure the packet version is sane */
+			if (curpacket->packet->data[0] > 4) {
+				rc = ONAK_E_INVALID_PKT;
+			}
+		}
 	}
 
 	if (packetend != NULL) {