diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2020-04-01 16:10:10 +0200 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2020-04-01 16:15:00 +0200 |
| commit | c6de49b0f6c7e578d239e3e887ce1a0944f50458 (patch) | |
| tree | 211d6c003d568cedcec6518fb676a2572c8b4ebb /openpgp | |
| parent | 102fbab3d78639758b558daab307ee928c55838e (diff) | |
openpgp: Make Fingerprint parsing in subpackets stricter.
- If the version is not 4, return Fingerprint::Invalid even if it
consists of 20 octets.
Diffstat (limited to 'openpgp')
| -rw-r--r-- | openpgp/src/parse.rs | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/openpgp/src/parse.rs b/openpgp/src/parse.rs index bad956db..b1c0e410 100644 --- a/openpgp/src/parse.rs +++ b/openpgp/src/parse.rs @@ -1475,9 +1475,14 @@ impl Subpacket { expect_len, len)).into()); } } + let bytes = php.parse_bytes("issuer fp", len - 1)?; SubpacketValue::IssuerFingerprint( - Fingerprint::from_bytes( - &php.parse_bytes("issuer fp", len - 1)?)) + match version { + 4 => Fingerprint::from_bytes(&bytes), + // XXX: Fix once we dig V5. + 5 => Fingerprint::Invalid(bytes.into()), + _ => Fingerprint::Invalid(bytes.into()), + }) }, SubpacketTag::PreferredAEADAlgorithms => SubpacketValue::PreferredAEADAlgorithms( @@ -1501,9 +1506,14 @@ impl Subpacket { expect_len, len)).into()); } } + let bytes = php.parse_bytes("intended rcpt", len - 1)?; SubpacketValue::IntendedRecipient( - Fingerprint::from_bytes( - &php.parse_bytes("intended rcpt", len - 1)?)) + match version { + 4 => Fingerprint::from_bytes(&bytes), + // XXX: Fix once we dig V5. + 5 => Fingerprint::Invalid(bytes.into()), + _ => Fingerprint::Invalid(bytes.into()), + }) }, SubpacketTag::Reserved(_) | SubpacketTag::PlaceholderForBackwardCompatibility |