Improve parsing of data containing invalid signatures

partial workaround for https://github.com/bcgit/bc-java/pull/1006
2024-11-26 22:32:07 +01:00 · 2021-08-05 15:18:33 +02:00 · 2021-08-05 15:18:33 +02:00 · 089b81b070
commit 089b81b070
parent 245e4a380d
1 changed files with 13 additions and 4 deletions
--- a/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureUtils.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureUtils.java
@ -200,17 +200,17 @@ public class SignatureUtils {
        PGPObjectFactory objectFactory = new PGPObjectFactory(
                pgpIn, ImplementationFactory.getInstance().getKeyFingerprintCalculator());

-        Object nextObject = objectFactory.nextObject();
+        Object nextObject = tryNext(objectFactory);
        while (nextObject != null) {
            if (nextObject instanceof PGPMarker) {
-                nextObject = objectFactory.nextObject();
+                nextObject = tryNext(objectFactory);
                continue;
            }
            if (nextObject instanceof PGPCompressedData) {
                PGPCompressedData compressedData = (PGPCompressedData) nextObject;
                objectFactory = new PGPObjectFactory(compressedData.getDataStream(),
                        ImplementationFactory.getInstance().getKeyFingerprintCalculator());
-                nextObject = objectFactory.nextObject();
+                nextObject = tryNext(objectFactory);
                continue;
            }
            if (nextObject instanceof PGPSignatureList) {
@ -222,13 +222,22 @@ public class SignatureUtils {
            if (nextObject instanceof PGPSignature) {
                signatures.add((PGPSignature) nextObject);
            }
-            nextObject = objectFactory.nextObject();
+            nextObject = tryNext(objectFactory);
        }
        pgpIn.close();

        return signatures;
    }

+    private static Object tryNext(PGPObjectFactory factory) throws IOException {
+        try {
+            Object o = factory.nextObject();
+            return o;
+        } catch (RuntimeException e) {
+            return tryNext(factory);
+        }
+    }
+
    public static long determineIssuerKeyId(PGPSignature signature) {
        IssuerKeyID issuerKeyId = SignatureSubpacketsUtil.getIssuerKeyId(signature);
        OpenPgpV4Fingerprint fingerprint = SignatureSubpacketsUtil.getIssuerFingerprintAsOpenPgpV4Fingerprint(signature);