diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2023-01-19 13:49:33 +0100 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2023-05-12 10:29:41 +0200 |
| commit | 586bde682c0525175c03f9eb8470e761cee2c214 (patch) | |
| tree | 3913516260f974ea203a94b053b02b0e84d1345c | |
| parent | cce50ad4f3645011b5f8b473f6e83850105200eb (diff) | |
openpgp: Fix a crash in the Cleartext Signature Framework.
- See #977.
| -rw-r--r-- | openpgp/src/parse/hashed_reader.rs | 6 | ||||
| -rw-r--r-- | openpgp/src/parse/stream.rs | 17 |
2 files changed, 21 insertions, 2 deletions
diff --git a/openpgp/src/parse/hashed_reader.rs b/openpgp/src/parse/hashed_reader.rs index 1ec70d62..28ebe2a2 100644 --- a/openpgp/src/parse/hashed_reader.rs +++ b/openpgp/src/parse/hashed_reader.rs @@ -341,7 +341,8 @@ impl Cookie { t!("{:?}: {:?} hashing {} stashed bytes.", hashes_for, h.map(|ctx| ctx.algo()), stashed_data.len()); - assert!(matches!(h, HashingMode::Text(_)), + assert!(matches!(h, HashingMode::Text(_) + | HashingMode::TextLastWasCr(_)), "CSF transformation uses text signatures"); h.update(&stashed_data[..]); } @@ -366,7 +367,8 @@ impl Cookie { for h in self.sig_groups[0].hashes.iter_mut() { t!("{:?}: {:?} hashing {} bytes.", hashes_for, h.map(|ctx| ctx.algo()), l); - assert!(matches!(h, HashingMode::Text(_)), + assert!(matches!(h, HashingMode::Text(_) + | HashingMode::TextLastWasCr(_)), "CSF transformation uses text signatures"); h.update(&data[..l]); } diff --git a/openpgp/src/parse/stream.rs b/openpgp/src/parse/stream.rs index 730f515b..79022e8c 100644 --- a/openpgp/src/parse/stream.rs +++ b/openpgp/src/parse/stream.rs @@ -3924,4 +3924,21 @@ wgoEAAAAAAB6CkAAxADLBq8AAKurq8IKBCC/CAAAAAD0sA== .unwrap(); Ok(()) } + + /// Checks for a crash related to HashedReader's HashingMode. + #[test] + fn csf_hashing_mode_assertion_failure() -> Result<()> { + let p = P::new(); + let m = b"-----BEGIN PGP SIGNED MESSAGE----- +---BEGIN PGP SIGNATURE +0iHUEARYIAB0QCyUHMcArrZbte9msAndEO9clJG5wpCAEA2/"; + + let mut h = VHelper::new(0, 0, 0, 0, vec![ + Cert::from_bytes(crate::tests::key("testy.pgp"))?, + ]); + h.error_out = false; + let _ = VerifierBuilder::from_bytes(m)? + .with_policy(&p, None, h); + Ok(()) + } } |