mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-12-26 21:07:58 +01:00
Add comment about readSignatures skipping compressed data packets
This commit is contained in:
parent
12e62d381c
commit
8fd67da973
1 changed files with 5 additions and 0 deletions
|
@ -249,8 +249,13 @@ public final class SignatureUtils {
|
|||
int i = 0;
|
||||
Object nextObject;
|
||||
while (i++ < maxIterations && (nextObject = objectFactory.nextObject()) != null) {
|
||||
|
||||
// Since signatures are indistinguishable from randomness, there is no point in having them compressed,
|
||||
// except for an attacker who is trying to exploit flaws in the decompression algorithm.
|
||||
// Therefore, we ignore compressed data packets without attempting decompression.
|
||||
if (nextObject instanceof PGPCompressedData) {
|
||||
PGPCompressedData compressedData = (PGPCompressedData) nextObject;
|
||||
// getInputStream() does not do decompression, contrary to getDataStream().
|
||||
Streams.drain(compressedData.getInputStream()); // Skip packet without decompressing
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue