1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-11-26 06:12:06 +01:00

Add comment about readSignatures skipping compressed data packets

This commit is contained in:
Paul Schaub 2022-05-08 11:34:56 +02:00
parent 12e62d381c
commit 8fd67da973
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311

View file

@ -249,8 +249,13 @@ public final class SignatureUtils {
int i = 0; int i = 0;
Object nextObject; Object nextObject;
while (i++ < maxIterations && (nextObject = objectFactory.nextObject()) != null) { while (i++ < maxIterations && (nextObject = objectFactory.nextObject()) != null) {
// Since signatures are indistinguishable from randomness, there is no point in having them compressed,
// except for an attacker who is trying to exploit flaws in the decompression algorithm.
// Therefore, we ignore compressed data packets without attempting decompression.
if (nextObject instanceof PGPCompressedData) { if (nextObject instanceof PGPCompressedData) {
PGPCompressedData compressedData = (PGPCompressedData) nextObject; PGPCompressedData compressedData = (PGPCompressedData) nextObject;
// getInputStream() does not do decompression, contrary to getDataStream().
Streams.drain(compressedData.getInputStream()); // Skip packet without decompressing Streams.drain(compressedData.getInputStream()); // Skip packet without decompressing
} }