diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2023-01-19 15:22:08 +0100 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2023-05-12 10:29:41 +0200 |
commit | c82beb9b30ec77b6edc291516bb87b6cb3e20307 (patch) | |
tree | 5d31dc7fd1ed9d07a36ec7403961d5be21df2c92 | |
parent | 586bde682c0525175c03f9eb8470e761cee2c214 (diff) |
openpgp: Fix a crash in the Cleartext Signature Framework.
- Fixes #977.
-rw-r--r-- | openpgp/src/parse/hashed_reader.rs | 8 | ||||
-rw-r--r-- | openpgp/src/parse/stream.rs | 18 |
2 files changed, 24 insertions, 2 deletions
diff --git a/openpgp/src/parse/hashed_reader.rs b/openpgp/src/parse/hashed_reader.rs index 28ebe2a2..12be20ae 100644 --- a/openpgp/src/parse/hashed_reader.rs +++ b/openpgp/src/parse/hashed_reader.rs @@ -306,8 +306,12 @@ impl Cookie { let ngroups = self.sig_groups.len(); assert_eq!(self.hashes_for, HashesFor::CleartextSignature); - // There is exactly one group. - assert_eq!(ngroups, 1); + // There is exactly one group. However, this can momentarily + // be violated if there are One-Pass-Signature packets in the + // signature block. This doesn't last long though: the + // message parser will reject the message because it doesn't + // adhere to the grammar. + assert!(ngroups == 1 || ngroups == /* momentarily */ 2); tracer!(TRACE, "Cookie::hash_update_csf", level); t!("Cleartext Signature Framework message"); diff --git a/openpgp/src/parse/stream.rs b/openpgp/src/parse/stream.rs index 79022e8c..8661143d 100644 --- a/openpgp/src/parse/stream.rs +++ b/openpgp/src/parse/stream.rs @@ -3941,4 +3941,22 @@ wgoEAAAAAAB6CkAAxADLBq8AAKurq8IKBCC/CAAAAAD0sA== .with_policy(&p, None, h); Ok(()) } + + /// Checks for a crash related to HashedReader's assumptions about + /// the number of signature groups. + #[test] + fn csf_sig_group_count_assertion_failure() -> Result<()> { + let p = P::new(); + let m = b"-----BEGIN PGP SIGNED MESSAGE----- +-----BEGIN PGP SIGNATURE----- +xHUDBRY0WIQ+50WENDPP"; + + let mut h = VHelper::new(0, 0, 0, 0, vec![ + Cert::from_bytes(crate::tests::key("testy.pgp"))?, + ]); + h.error_out = false; + let _ = VerifierBuilder::from_bytes(m)? + .with_policy(&p, None, h); + Ok(()) + } } |