openpgp: Don't generate arbitrarily large S2K parameters.

- We have to stay well below 255 bytes so that packets including the S2K objects are representable.
author: Justus Winter <justus@sequoia-pgp.org> 2023-04-27 13:46:53 +0200
committer: Justus Winter <justus@sequoia-pgp.org> 2023-04-28 11:44:43 +0200
commit: 026eb8345ccfb1a5d248b9514b130b11d9f50e7d (patch)
tree: e712e3f42648425cc09841278d304bb00e78ab32
parent: 5fce65e4a8273b32c0986d9e805b0128e7478bd2 (diff)
2 files changed, 14 insertions, 4 deletions
diff --git a/openpgp/src/crypto/s2k.rs b/openpgp/src/crypto/s2k.rs
index d60d15e2..9b7c24d6 100644
--- a/openpgp/src/crypto/s2k.rs
+++ b/openpgp/src/crypto/s2k.rs
@@ -396,19 +396,19 @@ impl Arbitrary for S2K {
             },
             3 => S2K::Private {
                 tag: gen_arbitrary_from_range(100..111, g),
-                parameters: Option::<Vec<u8>>::arbitrary(g).map(|v| v.into()),
+                parameters: Some(arbitrary_bounded_vec(g, 200).into()),
             },
             4 => S2K::Unknown {
                 tag: 2,
-                parameters: Option::<Vec<u8>>::arbitrary(g).map(|v| v.into()),
+                parameters: Some(arbitrary_bounded_vec(g, 200).into()),
             },
             5 => S2K::Unknown {
                 tag: gen_arbitrary_from_range(4..100, g),
-                parameters: Option::<Vec<u8>>::arbitrary(g).map(|v| v.into()),
+                parameters: Some(arbitrary_bounded_vec(g, 200).into()),
             },
             6 => S2K::Unknown {
                 tag: gen_arbitrary_from_range(111..256, g) as u8,
-                parameters: Option::<Vec<u8>>::arbitrary(g).map(|v| v.into()),
+                parameters: Some(arbitrary_bounded_vec(g, 200).into()),
             },
             _ => unreachable!(),
         }
diff --git a/openpgp/src/lib.rs b/openpgp/src/lib.rs
index 38d2b9e4..a949403a 100644
--- a/openpgp/src/lib.rs
+++ b/openpgp/src/lib.rs
@@ -381,4 +381,14 @@ mod arbitrary_helper {
     {
         s.iter_mut().for_each(|p| *p = Arbitrary::arbitrary(g));
     }
+
+    pub(crate) fn arbitrary_bounded_vec<T>(g: &mut Gen, limit: usize) -> Vec<T>
+    where
+        T: Arbitrary + Default,
+    {
+        let mut v = vec![Default::default();
+                         gen_arbitrary_from_range(0..limit, g)];
+        arbitrary_slice(g, &mut v[..]);
+        v
+    }
 }
author	Justus Winter <justus@sequoia-pgp.org>	2023-04-27 13:46:53 +0200
committer	Justus Winter <justus@sequoia-pgp.org>	2023-04-28 11:44:43 +0200
commit	026eb8345ccfb1a5d248b9514b130b11d9f50e7d (patch)
tree	e712e3f42648425cc09841278d304bb00e78ab32
parent	5fce65e4a8273b32c0986d9e805b0128e7478bd2 (diff)