Valid PGP packets are always at least two bytes long

- Old format tags encode the number of body length bytes in the packet header, new format encodes it in the first body length byte. In both cases there must be at least two bytes worth of data for it to be a valid header. Sanity check before accessing.
author: Panu Matilainen <pmatilai@redhat.com> 2011-10-24 11:04:51 +0300
committer: Panu Matilainen <pmatilai@redhat.com> 2011-10-24 11:43:10 +0300
commit: b88b2178d40147be6c28dd9b97905ee1dc5366d5 (patch)
tree: 8f1a94cdb277dd7cd2b4b6bb7ac9d23180ffe608 /rpmio/rpmpgp.c
parent: ebf5a4e7c87e411fd0c436dff82737cfce77f20d (diff)
download: librpm-tizen-b88b2178d40147be6c28dd9b97905ee1dc5366d5.tar.gz
librpm-tizen-b88b2178d40147be6c28dd9b97905ee1dc5366d5.tar.bz2
librpm-tizen-b88b2178d40147be6c28dd9b97905ee1dc5366d5.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
index 14afc91e7..9f925156f 100644
--- a/rpmio/rpmpgp.c
+++ b/rpmio/rpmpgp.c
@@ -1090,7 +1090,7 @@ int pgpPubkeyFingerprint(const uint8_t * pkt, size_t pktlen, pgpKeyID_t keyid)
     DIGEST_CTX ctx;
     int rc = -1;	/* assume failure. */
 
-    if (!(val & 0x80))
+    if (!(val & 0x80) || pktlen < 2)
 	return rc;
 
     if (val & 0x40) {
@@ -1181,7 +1181,7 @@ static int pgpPrtPkt(const uint8_t *pkt, size_t pleft,
     int rc = 0;
 
     /* XXX can't deal with these. */
-    if (!(val & 0x80))
+    if (!(val & 0x80) || pleft < 2)
 	return -1;
 
     if (val & 0x40) {
author	Panu Matilainen <pmatilai@redhat.com>	2011-10-24 11:04:51 +0300
committer	Panu Matilainen <pmatilai@redhat.com>	2011-10-24 11:43:10 +0300
commit	b88b2178d40147be6c28dd9b97905ee1dc5366d5 (patch)
tree	8f1a94cdb277dd7cd2b4b6bb7ac9d23180ffe608 /rpmio/rpmpgp.c
parent	ebf5a4e7c87e411fd0c436dff82737cfce77f20d (diff)
download	librpm-tizen-b88b2178d40147be6c28dd9b97905ee1dc5366d5.tar.gz librpm-tizen-b88b2178d40147be6c28dd9b97905ee1dc5366d5.tar.bz2 librpm-tizen-b88b2178d40147be6c28dd9b97905ee1dc5366d5.zip