New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check that old-format packet lengths are correct #1711
Check that old-format packet lengths are correct #1711
Conversation
FWIW, this is an example of a case where it's probably would've been better to just use a single PR for these two closely related changes, because now we just have a conflict instead. |
Good to know, thanks! |
df57538
to
5479157
Compare
I chose to make |
@pmatilai please let me know if you would prefer |
5479157
to
40afc89
Compare
40afc89
to
c2fa54b
Compare
a44f026 added additional bounds checks to pgpGet(). Use these checks to simplify the old-format packet parsing code by using pgpGet() instead of a manual bounds check.
This checks that old-format OpenPGP packets with excessive lengths are rejected.
c2fa54b
to
76c4d95
Compare
Rebased on master and added a regression test. |
If in some alternative reality time travel is understood by 2007, note to self back then: size_t is silly here 🙄 Anyway, having looked at it a bit more, while I'd prefer unsigned int, that'd need to be changed (back) consistently throughout the codebase and ... seems just too much trouble at the moment. Thanks for the patch. |
If an old-format subpacket claimed to have a length that is too large for the buffer, the code would not detect it and silently accept the packet. This adds a stricter check for that case, with a regression test.
An earlier version of this PR suggested that this is a security vulnerability. It is not, but it is still a bug and should be fixed.
Fixes #1777.