openpgp: Fix crash in SKESK::parse.

- Fixes #588.
author: Justus Winter <justus@sequoia-pgp.org> 2020-10-16 12:38:30 +0200
committer: Justus Winter <justus@sequoia-pgp.org> 2020-10-16 12:38:30 +0200
commit: b2b62c830b757f0e5ab62ba9edbe7d184b4e1469 (patch)
tree: 20b5943bd54b3cc2e3452abd75e1f785358de282
parent: 1f3ec0784818bcbe0e73ea4743a19060163fd9b3 (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/openpgp/src/parse.rs b/openpgp/src/parse.rs
index 2d333705..1422f37b 100644
--- a/openpgp/src/parse.rs
+++ b/openpgp/src/parse.rs
@@ -2607,7 +2607,7 @@ impl SKESK {
                 // we don't know the size of the ESK.
                 let mut esk = php_try!(php.reader.steal_eof()
                                        .map_err(|e| anyhow::Error::from(e)));
-                let aead_iv = if s2k_supported {
+                let aead_iv = if s2k_supported && esk.len() >= iv_size {
                     // We know the S2K method, so the parameters have
                     // been parsed into the S2K object.  So, `esk`
                     // starts with iv_size bytes of IV.
@@ -6045,4 +6045,13 @@ mod test {
 
         Ok(())
     }
+
+    /// Tests for a panic in the SKESK parser.
+    #[test]
+    fn issue_588() -> Result<()> {
+        let data = vec![0x8c, 0x34, 0x05, 0x12, 0x02, 0x00, 0xaf, 0x0d,
+                        0xff, 0xff, 0x65];
+        let _ = PacketParser::from_bytes(&data);
+        Ok(())
+    }
 }
author	Justus Winter <justus@sequoia-pgp.org>	2020-10-16 12:38:30 +0200
committer	Justus Winter <justus@sequoia-pgp.org>	2020-10-16 12:38:30 +0200
commit	b2b62c830b757f0e5ab62ba9edbe7d184b4e1469 (patch)
tree	20b5943bd54b3cc2e3452abd75e1f785358de282
parent	1f3ec0784818bcbe0e73ea4743a19060163fd9b3 (diff)