From 089b81b0706fb3523d3a5a02eb3526fe3537d936 Mon Sep 17 00:00:00 2001
From: Paul Schaub <vanitasvitae@fsfe.org>
Date: Thu, 5 Aug 2021 15:18:33 +0200
Subject: [PATCH] Improve parsing of data containing invalid signatures

partial workaround for https://github.com/bcgit/bc-java/pull/1006
---
 .../pgpainless/signature/SignatureUtils.java    | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureUtils.java b/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureUtils.java
index 85869c1c..428abfa2 100644
--- a/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureUtils.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureUtils.java
@@ -200,17 +200,17 @@ public class SignatureUtils {
         PGPObjectFactory objectFactory = new PGPObjectFactory(
                 pgpIn, ImplementationFactory.getInstance().getKeyFingerprintCalculator());
 
-        Object nextObject = objectFactory.nextObject();
+        Object nextObject = tryNext(objectFactory);
         while (nextObject != null) {
             if (nextObject instanceof PGPMarker) {
-                nextObject = objectFactory.nextObject();
+                nextObject = tryNext(objectFactory);
                 continue;
             }
             if (nextObject instanceof PGPCompressedData) {
                 PGPCompressedData compressedData = (PGPCompressedData) nextObject;
                 objectFactory = new PGPObjectFactory(compressedData.getDataStream(),
                         ImplementationFactory.getInstance().getKeyFingerprintCalculator());
-                nextObject = objectFactory.nextObject();
+                nextObject = tryNext(objectFactory);
                 continue;
             }
             if (nextObject instanceof PGPSignatureList) {
@@ -222,13 +222,22 @@ public class SignatureUtils {
             if (nextObject instanceof PGPSignature) {
                 signatures.add((PGPSignature) nextObject);
             }
-            nextObject = objectFactory.nextObject();
+            nextObject = tryNext(objectFactory);
         }
         pgpIn.close();
 
         return signatures;
     }
 
+    private static Object tryNext(PGPObjectFactory factory) throws IOException {
+        try {
+            Object o = factory.nextObject();
+            return o;
+        } catch (RuntimeException e) {
+            return tryNext(factory);
+        }
+    }
+
     public static long determineIssuerKeyId(PGPSignature signature) {
         IssuerKeyID issuerKeyId = SignatureSubpacketsUtil.getIssuerKeyId(signature);
         OpenPgpV4Fingerprint fingerprint = SignatureSubpacketsUtil.getIssuerFingerprintAsOpenPgpV4Fingerprint(signature);