Skip to content

Commit

Permalink
Don't panic on corrupt fingerprint subpacket (#66)
Browse files Browse the repository at this point in the history
  • Loading branch information
zugzwang authored Nov 12, 2020
1 parent 41db4ea commit b4bfec6
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 1 deletion.
13 changes: 13 additions & 0 deletions openpgp/keys_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1303,3 +1303,16 @@ func TestKeyValidateOnDecrypt(t *testing.T) {
t.Fatal("Failed to detect invalid ElGamal key")
}
}

// Should not panic (generated with go-fuzz)
func TestCorruptKeys(t *testing.T) {
data := `-----BEGIN PGP PUBLIC KEY BLOCK00000
mQ00BF00000BCAD0000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000ABE000G0Dn000000000000000000iQ00BB0BAgAGBCG00000`
ReadArmoredKeyRing(strings.NewReader(data))
}
2 changes: 1 addition & 1 deletion openpgp/packet/signature.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -418,7 +418,7 @@ func parseSignatureSubpacket(sig *Signature, subpacket []byte, isHashed bool) (r
}
case issuerFingerprintSubpacket:
v, l := subpacket[0], len(subpacket[1:])
if v < 5 && l != 20 || v == 5 && l != 32 {
if v == 5 && l != 32 || v != 5 && l != 20 {
return nil, errors.StructuralError("bad fingerprint length")
}
sig.IssuerFingerprint = make([]byte, l)
Expand Down

0 comments on commit b4bfec6

Please sign in to comment.