From c54ccf9d80a3e4e55474324bff9b116b66153e2f Mon Sep 17 00:00:00 2001
From: Justus Winter <justus@sequoia-pgp.org>
Date: Thu, 28 Jul 2022 14:56:25 +0200
Subject: openpgp: Fix subtraction with overflow.

  - When the decryptor returns a short session key without reporting
    an error, an overflow occurs.  Avoid this by using saturating
    subtraction.  Then, the resulting range is empty, and an error
    will be reported just a few lines down.

  - Fixes #913.
---
 openpgp/src/packet/pkesk.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'openpgp')

diff --git a/openpgp/src/packet/pkesk.rs b/openpgp/src/packet/pkesk.rs
index bf4464f9..ac0b7932 100644
--- a/openpgp/src/packet/pkesk.rs
+++ b/openpgp/src/packet/pkesk.rs
@@ -155,7 +155,7 @@ impl PKESK3 {
             None
         };
         let plain = decryptor.decrypt(&self.esk, plaintext_len)?;
-        let key_rgn = 1..(plain.len() - 2);
+        let key_rgn = 1..plain.len().saturating_sub(2);
         let sym_algo: SymmetricAlgorithm = plain[0].into();
         let mut key: SessionKey = vec![0u8; sym_algo.key_size()?].into();
 
-- 
cgit v1.2.3