diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2021-02-09 13:47:15 +0100 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2021-02-09 14:33:07 +0100 |
commit | 21d14c8e9eff9ffe9090a8dffe9589186d306b1f (patch) | |
tree | 6881cbcf9981663ab793d4cb77d561eeab43dfb3 | |
parent | 280796ac92d25ada9d6fd79d03aea7676b83ded7 (diff) |
openpgp: Fix crash on malformed input.
- Fixes a crash in Decryptor::verify_detached when verifying
detached signatures by rejecting any non-signature packets when
parsing the alleged signatures.
-rw-r--r-- | openpgp/src/parse/stream.rs | 44 |
1 files changed, 23 insertions, 21 deletions
diff --git a/openpgp/src/parse/stream.rs b/openpgp/src/parse/stream.rs index e9d26205..b99e6f2d 100644 --- a/openpgp/src/parse/stream.rs +++ b/openpgp/src/parse/stream.rs @@ -1481,20 +1481,18 @@ impl<'a> DetachedVerifierBuilder<'a> { /// # } /// } /// - /// let message = + /// let signature = /// // ... - /// # &b"-----BEGIN PGP MESSAGE----- + /// # b"-----BEGIN PGP SIGNATURE----- /// # - /// # xA0DAAoW+zdR8Vh9rvEByxJiAAAAAABIZWxsbyBXb3JsZCHCdQQAFgoABgWCXrLl - /// # AQAhCRD7N1HxWH2u8RYhBDnRAKtn1b2MBAECBfs3UfFYfa7xRUsBAJaxkU/RCstf - /// # UD7TM30IorO1Mb9cDa/hPRxyzipulT55AQDN1m9LMqi9yJDjHNHwYYVwxDcg+pLY - /// # YmAFv/UfO0vYBw== - /// # =+l94 - /// # -----END PGP MESSAGE----- - /// # "[..]; + /// # wnUEABYKACcFglt+z/EWoQSOjDP6RiYzeXbZeXgGnAw0jdgsGQmQBpwMNI3YLBkA + /// # AHmUAP9mpj2wV0/ekDuzxZrPQ0bnobFVaxZGg7YzdlksSOERrwEA6v6czXQjKcv2 + /// # KOwGTamb+ajTLQ3YRG9lh+ZYIXynvwE= + /// # =IJ29 + /// # -----END PGP SIGNATURE-----"; /// /// let h = Helper {}; - /// let mut v = DetachedVerifierBuilder::from_bytes(message)? + /// let mut v = DetachedVerifierBuilder::from_bytes(&signature[..])? /// .mapping(true) /// .with_policy(p, None, h)?; /// # let _ = v; @@ -1541,20 +1539,18 @@ impl<'a> DetachedVerifierBuilder<'a> { /// # } /// } /// - /// let message = + /// let signature = /// // ... - /// # &b"-----BEGIN PGP MESSAGE----- + /// # b"-----BEGIN PGP SIGNATURE----- /// # - /// # xA0DAAoW+zdR8Vh9rvEByxJiAAAAAABIZWxsbyBXb3JsZCHCdQQAFgoABgWCXrLl - /// # AQAhCRD7N1HxWH2u8RYhBDnRAKtn1b2MBAECBfs3UfFYfa7xRUsBAJaxkU/RCstf - /// # UD7TM30IorO1Mb9cDa/hPRxyzipulT55AQDN1m9LMqi9yJDjHNHwYYVwxDcg+pLY - /// # YmAFv/UfO0vYBw== - /// # =+l94 - /// # -----END PGP MESSAGE----- - /// # "[..]; + /// # wnUEABYKACcFglt+z/EWoQSOjDP6RiYzeXbZeXgGnAw0jdgsGQmQBpwMNI3YLBkA + /// # AHmUAP9mpj2wV0/ekDuzxZrPQ0bnobFVaxZGg7YzdlksSOERrwEA6v6czXQjKcv2 + /// # KOwGTamb+ajTLQ3YRG9lh+ZYIXynvwE= + /// # =IJ29 + /// # -----END PGP SIGNATURE-----"; /// /// let h = Helper {}; - /// let mut v = DetachedVerifierBuilder::from_bytes(message)? + /// let mut v = DetachedVerifierBuilder::from_bytes(&signature[..])? /// // Customize the `DetachedVerifier` here. /// .with_policy(p, None, h)?; /// # let _ = v; @@ -2332,7 +2328,13 @@ impl<'a, H: VerificationHelper + DecryptionHelper> Decryptor<'a, H> { // When verifying detached signatures, we parse only the // signatures here, which on their own are not a valid // message. - if v.mode != Mode::VerifyDetached { + if v.mode == Mode::VerifyDetached { + if pp.packet.tag() != packet::Tag::Signature { + return Err(Error::MalformedMessage( + format!("Expected signature, got {}", pp.packet.tag())) + .into()); + } + } else { if let Err(err) = pp.possible_message() { t!("Malformed message: {}", err); return Err(err.context("Malformed OpenPGP message").into()); |