mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-11-30 00:02:06 +01:00
When setting expiration dates: Prevent integer overflow
This commit is contained in:
parent
70a861611c
commit
44c32d0620
2 changed files with 40 additions and 7 deletions
|
@ -212,9 +212,7 @@ public class SignatureSubpackets
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public SignatureSubpackets setSignatureExpirationTime(boolean isCritical, long seconds) {
|
public SignatureSubpackets setSignatureExpirationTime(boolean isCritical, long seconds) {
|
||||||
if (seconds < 0) {
|
enforceBounds(seconds);
|
||||||
throw new IllegalArgumentException("Expiration time cannot be negative.");
|
|
||||||
}
|
|
||||||
return setSignatureExpirationTime(new SignatureExpirationTime(isCritical, seconds));
|
return setSignatureExpirationTime(new SignatureExpirationTime(isCritical, seconds));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -285,12 +283,19 @@ public class SignatureSubpackets
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public SignatureSubpackets setKeyExpirationTime(boolean isCritical, long secondsFromCreationToExpiration) {
|
public SignatureSubpackets setKeyExpirationTime(boolean isCritical, long secondsFromCreationToExpiration) {
|
||||||
if (secondsFromCreationToExpiration < 0) {
|
enforceBounds(secondsFromCreationToExpiration);
|
||||||
throw new IllegalArgumentException("Seconds from key creation to expiration cannot be less than 0.");
|
|
||||||
}
|
|
||||||
return setKeyExpirationTime(new KeyExpirationTime(isCritical, secondsFromCreationToExpiration));
|
return setKeyExpirationTime(new KeyExpirationTime(isCritical, secondsFromCreationToExpiration));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private void enforceBounds(long secondsFromCreationToExpiration) {
|
||||||
|
if (secondsFromCreationToExpiration < 0) {
|
||||||
|
throw new IllegalArgumentException("Seconds from creation to expiration cannot be less than 0.");
|
||||||
|
}
|
||||||
|
if (secondsFromCreationToExpiration > 0xffffffffL) {
|
||||||
|
throw new IllegalArgumentException("Integer overflow. Seconds from creation to expiration cannot be larger than 0xffffffff");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public SignatureSubpackets setKeyExpirationTime(@Nullable KeyExpirationTime keyExpirationTime) {
|
public SignatureSubpackets setKeyExpirationTime(@Nullable KeyExpirationTime keyExpirationTime) {
|
||||||
this.keyExpirationTime = keyExpirationTime;
|
this.keyExpirationTime = keyExpirationTime;
|
||||||
|
|
|
@ -7,6 +7,7 @@ package org.pgpainless.key.modification;
|
||||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||||
import static org.junit.jupiter.api.Assertions.assertNull;
|
import static org.junit.jupiter.api.Assertions.assertNull;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.Calendar;
|
import java.util.Calendar;
|
||||||
|
@ -14,13 +15,14 @@ import java.util.Date;
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||||
|
import org.junit.JUtils;
|
||||||
import org.junit.jupiter.api.TestTemplate;
|
import org.junit.jupiter.api.TestTemplate;
|
||||||
import org.junit.jupiter.api.extension.ExtendWith;
|
import org.junit.jupiter.api.extension.ExtendWith;
|
||||||
import org.junit.JUtils;
|
|
||||||
import org.pgpainless.PGPainless;
|
import org.pgpainless.PGPainless;
|
||||||
import org.pgpainless.key.OpenPgpV4Fingerprint;
|
import org.pgpainless.key.OpenPgpV4Fingerprint;
|
||||||
import org.pgpainless.key.TestKeys;
|
import org.pgpainless.key.TestKeys;
|
||||||
import org.pgpainless.key.info.KeyRingInfo;
|
import org.pgpainless.key.info.KeyRingInfo;
|
||||||
|
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
||||||
import org.pgpainless.key.protection.UnprotectedKeysProtector;
|
import org.pgpainless.key.protection.UnprotectedKeysProtector;
|
||||||
import org.pgpainless.util.DateUtil;
|
import org.pgpainless.util.DateUtil;
|
||||||
import org.pgpainless.util.TestAllImplementations;
|
import org.pgpainless.util.TestAllImplementations;
|
||||||
|
@ -93,4 +95,30 @@ public class ChangeExpirationTest {
|
||||||
sInfo = PGPainless.inspectKeyRing(secretKeys);
|
sInfo = PGPainless.inspectKeyRing(secretKeys);
|
||||||
assertNull(sInfo.getPrimaryKeyExpirationDate());
|
assertNull(sInfo.getPrimaryKeyExpirationDate());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@TestTemplate
|
||||||
|
@ExtendWith(TestAllImplementations.class)
|
||||||
|
public void testExtremeExpirationDates() throws PGPException, IOException {
|
||||||
|
PGPSecretKeyRing secretKeys = TestKeys.getEmilSecretKeyRing();
|
||||||
|
SecretKeyRingProtector protector = SecretKeyRingProtector.unprotectedKeys();
|
||||||
|
|
||||||
|
// seconds from 2021 to 2199 will overflow 32bit integers
|
||||||
|
Date farAwayExpiration = DateUtil.parseUTCDate("2199-01-01 00:00:00 UTC");
|
||||||
|
|
||||||
|
final PGPSecretKeyRing finalKeys = secretKeys;
|
||||||
|
assertThrows(IllegalArgumentException.class, () ->
|
||||||
|
PGPainless.modifyKeyRing(finalKeys)
|
||||||
|
.setExpirationDate(farAwayExpiration, protector)
|
||||||
|
.done());
|
||||||
|
|
||||||
|
Date notSoFarAwayExpiration = DateUtil.parseUTCDate("2100-01-01 00:00:00 UTC");
|
||||||
|
|
||||||
|
secretKeys = PGPainless.modifyKeyRing(secretKeys)
|
||||||
|
.setExpirationDate(notSoFarAwayExpiration, protector)
|
||||||
|
.done();
|
||||||
|
|
||||||
|
Date actualExpiration = PGPainless.inspectKeyRing(secretKeys)
|
||||||
|
.getPrimaryKeyExpirationDate();
|
||||||
|
JUtils.assertDateEquals(notSoFarAwayExpiration, actualExpiration);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue