openpgp: Fix a crash in the Cleartext Signature Framework.

  - Fixes #977.

2 files changed, 24 insertions, 2 deletions

diff --git a/openpgp/src/parse/hashed_reader.rs b/openpgp/src/parse/hashed_reader.rs
index 28ebe2a2..12be20ae 100644
--- a/openpgp/src/parse/hashed_reader.rs
+++ b/openpgp/src/parse/hashed_reader.rs
@@ -306,8 +306,12 @@ impl Cookie {
         let ngroups = self.sig_groups.len();
 
         assert_eq!(self.hashes_for, HashesFor::CleartextSignature);
-        // There is exactly one group.
-        assert_eq!(ngroups, 1);
+        // There is exactly one group.  However, this can momentarily
+        // be violated if there are One-Pass-Signature packets in the
+        // signature block.  This doesn't last long though: the
+        // message parser will reject the message because it doesn't
+        // adhere to the grammar.
+        assert!(ngroups == 1 || ngroups == /* momentarily */ 2);
 
         tracer!(TRACE, "Cookie::hash_update_csf", level);
         t!("Cleartext Signature Framework message");
diff --git a/openpgp/src/parse/stream.rs b/openpgp/src/parse/stream.rs
index 79022e8c..8661143d 100644
--- a/openpgp/src/parse/stream.rs
+++ b/openpgp/src/parse/stream.rs
@@ -3941,4 +3941,22 @@ wgoEAAAAAAB6CkAAxADLBq8AAKurq8IKBCC/CAAAAAD0sA==
             .with_policy(&p, None, h);
         Ok(())
     }
+
+    /// Checks for a crash related to HashedReader's assumptions about
+    /// the number of signature groups.
+    #[test]
+    fn csf_sig_group_count_assertion_failure() -> Result<()> {
+        let p = P::new();
+        let m = b"-----BEGIN PGP SIGNED MESSAGE-----
+-----BEGIN PGP SIGNATURE-----
+xHUDBRY0WIQ+50WENDPP";
+
+        let mut h = VHelper::new(0, 0, 0, 0, vec![
+            Cert::from_bytes(crate::tests::key("testy.pgp"))?,
+        ]);
+        h.error_out = false;
+        let _ = VerifierBuilder::from_bytes(m)?
+            .with_policy(&p, None, h);
+        Ok(())
+    }
 }