1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2025-01-09 19:57:57 +01:00

Make readSignatures skip over compressed data packets without decompression.

This commit is contained in:
Paul Schaub 2022-05-08 11:24:34 +02:00
parent 08ec140b63
commit 12e62d381c
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
2 changed files with 23 additions and 0 deletions

View file

@ -17,6 +17,7 @@ import org.bouncycastle.bcpg.sig.IssuerKeyID;
import org.bouncycastle.bcpg.sig.KeyExpirationTime; import org.bouncycastle.bcpg.sig.KeyExpirationTime;
import org.bouncycastle.bcpg.sig.RevocationReason; import org.bouncycastle.bcpg.sig.RevocationReason;
import org.bouncycastle.bcpg.sig.SignatureExpirationTime; import org.bouncycastle.bcpg.sig.SignatureExpirationTime;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPObjectFactory; import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKey;
@ -26,6 +27,7 @@ import org.bouncycastle.openpgp.PGPSignatureGenerator;
import org.bouncycastle.openpgp.PGPSignatureList; import org.bouncycastle.openpgp.PGPSignatureList;
import org.bouncycastle.openpgp.operator.PGPContentSignerBuilder; import org.bouncycastle.openpgp.operator.PGPContentSignerBuilder;
import org.bouncycastle.util.encoders.Hex; import org.bouncycastle.util.encoders.Hex;
import org.bouncycastle.util.io.Streams;
import org.pgpainless.PGPainless; import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.HashAlgorithm; import org.pgpainless.algorithm.HashAlgorithm;
import org.pgpainless.algorithm.SignatureType; import org.pgpainless.algorithm.SignatureType;
@ -247,6 +249,11 @@ public final class SignatureUtils {
int i = 0; int i = 0;
Object nextObject; Object nextObject;
while (i++ < maxIterations && (nextObject = objectFactory.nextObject()) != null) { while (i++ < maxIterations && (nextObject = objectFactory.nextObject()) != null) {
if (nextObject instanceof PGPCompressedData) {
PGPCompressedData compressedData = (PGPCompressedData) nextObject;
Streams.drain(compressedData.getInputStream()); // Skip packet without decompressing
}
if (nextObject instanceof PGPSignatureList) { if (nextObject instanceof PGPSignatureList) {
PGPSignatureList signatureList = (PGPSignatureList) nextObject; PGPSignatureList signatureList = (PGPSignatureList) nextObject;
for (PGPSignature s : signatureList) { for (PGPSignature s : signatureList) {

View file

@ -15,6 +15,22 @@ import org.junit.jupiter.api.Test;
public class SignatureUtilsTest { public class SignatureUtilsTest {
@Test
public void readSignaturesFromCompressedDataDoesNotAttemptDecompression() throws PGPException, IOException {
String compressed = "-----BEGIN PGP MESSAGE-----\n" +
"Version: PGPainless\n" +
"\n" +
"owHrKGVhEOZiYGNlSoxcsJtBkVMg3OzZZKnz5jxiiiz+aTG+h46kcR9zinOECZ/o\n" +
"YmTYsKve/opb3v/o8J0qq1/MFFBhP9jfEq+/avK6qPMrlh70Zfinu96c+cncX9GK\n" +
"B4ui3fUfbUo8tFrVTIRn7kROq69H77hd6cCw9susVdls1as1gNYunnp5V8Qp+wX3\n" +
"+jUnwoRB1p4SfPk412lb/cSmShb211fOX07h0JxVH1JXsc/vi2mi5ieG/2Xxb5tk\n" +
"LE+r7WwruxSaeXLuLsOmXTPZD0/VtvlqO89RYjsA\n" +
"=yZ18\n" +
"-----END PGP MESSAGE-----";
List<PGPSignature> signatures = SignatureUtils.readSignatures(compressed);
assertEquals(0, signatures.size());
}
@Test @Test
public void noIssuerResultsInKeyId0() throws PGPException, IOException { public void noIssuerResultsInKeyId0() throws PGPException, IOException {
String sig = "-----BEGIN PGP SIGNATURE-----\n" + String sig = "-----BEGIN PGP SIGNATURE-----\n" +