openpgp: Fix crash.

  - If a signature using an unknown hash algorithm is encountered with
    a attested certifications subpacket of length zero, digest_size is
    zero.  This crashes when used as divisor and as argument to
    slice::chunks.

  - Fix by explicitly handling this case.

  - See https://gitlab.com/sequoia-pgp/sequoia/-/jobs/1298146054

1 files changed, 13 insertions, 7 deletions

diff --git a/openpgp/src/parse.rs b/openpgp/src/parse.rs
index ada5f7e8..bc129281 100644
--- a/openpgp/src/parse.rs
+++ b/openpgp/src/parse.rs
@@ -1773,14 +1773,20 @@ impl Subpacket {
                     hash_algo.context().map(|c| c.digest_size())
                     .unwrap_or(len);
 
-                if len % digest_size != 0 {
-                    return Err(Error::BadSignature(
-                        "Wrong number of bytes in certification subpacket".into())
-                               .into());
+                if digest_size == 0 {
+                    // Empty body with unknown hash algorithm.
+                    SubpacketValue::AttestedCertifications(
+                        Vec::with_capacity(0))
+                } else {
+                    if len % digest_size != 0 {
+                        return Err(Error::BadSignature(
+                            "Wrong number of bytes in certification subpacket"
+                                .into()).into());
+                    }
+                    let bytes = php.parse_bytes("attested crts", len)?;
+                    SubpacketValue::AttestedCertifications(
+                        bytes.chunks(digest_size).map(Into::into).collect())
                 }
-                let bytes = php.parse_bytes("attested crts", len)?;
-                SubpacketValue::AttestedCertifications(
-                    bytes.chunks(digest_size).map(Into::into).collect())
             },
             SubpacketTag::Reserved(_)
                 | SubpacketTag::PlaceholderForBackwardCompatibility