diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2022-11-18 11:09:14 +0100 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2022-11-18 11:16:10 +0100 |
| commit | 40aaa2dd2f7e825efb18b6869c5a7a1724ab60fb (patch) | |
| tree | 9c995394a287331a04195bc03673570edf250367 | |
| parent | 551381ee99c4d76825dc370c662c632913bd9393 (diff) | |
openpgp: Ignore marker packets when validating cert streams.
- While we correctly ignored marker packets in the CertParser, we
did not ignore them in the CertValidator. This made sq inspect
complain about marker packets in certrings.
| -rw-r--r-- | openpgp/src/cert/parser/mod.rs | 6 | ||||
| -rw-r--r-- | openpgp/src/parse.rs | 38 |
2 files changed, 39 insertions, 5 deletions
diff --git a/openpgp/src/cert/parser/mod.rs b/openpgp/src/cert/parser/mod.rs index f7b3289a..32270b48 100644 --- a/openpgp/src/cert/parser/mod.rs +++ b/openpgp/src/cert/parser/mod.rs @@ -157,6 +157,12 @@ impl KeyringValidator { Tag::UserAttribute => Token::UserAttribute(None), Tag::Signature => Token::Signature(None), Tag::Trust => Token::Trust(None), + Tag::Marker => { + // Ignore Marker Packet. RFC4880, section 5.8: + // + // Such a packet MUST be ignored when received. + return; + }, _ => { // Unknown token. self.error = Some(CertParserError::OpenPGP( diff --git a/openpgp/src/parse.rs b/openpgp/src/parse.rs index fe421c71..c7912584 100644 --- a/openpgp/src/parse.rs +++ b/openpgp/src/parse.rs @@ -5474,6 +5474,7 @@ impl<'a> PacketParser<'a> { #[cfg(test)] mod test { use super::*; + use crate::serialize::Serialize; enum Data<'a> { File(&'a str), @@ -5803,15 +5804,27 @@ mod test { #[test] fn keyring_validator() { - use std::io::Cursor; + for marker in 0..4 { + let marker_before = marker & 1 > 0; + let marker_after = marker & 2 > 0; + for test in &["testy.pgp", "lutz.gpg", "testy-new.pgp", "neal.pgp"] { - let mut ppr = PacketParserBuilder::from_reader( - Cursor::new(crate::tests::key("testy.pgp")).chain( - Cursor::new(crate::tests::key(test)))).unwrap() + let mut buf = Vec::new(); + if marker_before { + Packet::Marker(Default::default()).serialize(&mut buf).unwrap(); + } + buf.extend_from_slice(crate::tests::key("testy.pgp")); + buf.extend_from_slice(crate::tests::key(test)); + if marker_after { + Packet::Marker(Default::default()).serialize(&mut buf).unwrap(); + } + + let mut ppr = PacketParserBuilder::from_bytes(&buf) + .unwrap() .build() .expect(&format!("Error reading {:?}", test)); @@ -5826,16 +5839,30 @@ mod test { unreachable!(); } } + } } #[test] fn cert_validator() { + for marker in 0..4 { + let marker_before = marker & 1 > 0; + let marker_after = marker & 2 > 0; + for test in &["testy.pgp", "lutz.gpg", "testy-new.pgp", "neal.pgp"] { - let mut ppr = PacketParserBuilder::from_bytes(crate::tests::key(test)) + let mut buf = Vec::new(); + if marker_before { + Packet::Marker(Default::default()).serialize(&mut buf).unwrap(); + } + buf.extend_from_slice(crate::tests::key(test)); + if marker_after { + Packet::Marker(Default::default()).serialize(&mut buf).unwrap(); + } + + let mut ppr = PacketParserBuilder::from_bytes(&buf) .unwrap() .build() .expect(&format!("Error reading {:?}", test)); @@ -5852,6 +5879,7 @@ mod test { unreachable!(); } } + } } // If we don't decrypt the SEIP packet, it shows up as opaque |