From: Michael Schroeder Date: Fri, 23 Aug 2013 09:32:47 +0000 (+0200) Subject: make unarmor() more flexible, make sure pgp mpis are minimal X-Git-Tag: BASE-SuSE-Code-13_1-Branch~34 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=41a431ab1d37ed5a41a5475189f5b1a6812c51f2;p=thirdparty%2Flibsolv.git make unarmor() more flexible, make sure pgp mpis are minimal --- diff --git a/ext/repo_pubkey.c b/ext/repo_pubkey.c index 7b196cbc..077f5241 100644 --- a/ext/repo_pubkey.c +++ b/ext/repo_pubkey.c @@ -113,7 +113,7 @@ crc24(unsigned char *p, int len) } static unsigned char * -unarmor(char *pubkey, int *pktlp) +unarmor(char *pubkey, int *pktlp, char *startstr, char *endstr) { char *p; int l, eof; @@ -121,7 +121,8 @@ unarmor(char *pubkey, int *pktlp) unsigned int v; *pktlp = 0; - while (strncmp(pubkey, "-----BEGIN PGP PUBLIC KEY BLOCK-----", 36) != 0) + l = strlen(startstr); + while (strncmp(pubkey, startstr, l) != 0) { pubkey = strchr(pubkey, '\n'); if (!pubkey) @@ -176,7 +177,7 @@ unarmor(char *pubkey, int *pktlp) } while (*pubkey == ' ' || *pubkey == '\t' || *pubkey == '\n' || *pubkey == '\r') pubkey++; - if (strncmp(pubkey, "-----END PGP PUBLIC KEY BLOCK-----", 34) != 0) + if (strncmp(pubkey, endstr, strlen(endstr)) != 0) { solv_free(buf); return 0; @@ -693,7 +694,7 @@ pubkey2solvable(Solvable *s, Repodata *data, char *pubkey) unsigned char *pkts; int pktsl; - pkts = unarmor(pubkey, &pktsl); + pkts = unarmor(pubkey, &pktsl, "-----BEGIN PGP PUBLIC KEY BLOCK-----", "-----END PGP PUBLIC KEY BLOCK-----"); if (!pkts) { pool_error(s->repo->pool, 0, "unarmor failure"); diff --git a/ext/solv_pgpvrfy.c b/ext/solv_pgpvrfy.c index 3fe277e8..5996671e 100644 --- a/ext/solv_pgpvrfy.c +++ b/ext/solv_pgpvrfy.c @@ -377,7 +377,7 @@ findmpi(unsigned char **mpip, int *mpilp, int maxbits, int *outlen) return 0; bits = mpi[0] << 8 | mpi[1]; l = 2 + (bits + 7) / 8; - if (bits > maxbits || mpil < l) + if (bits > maxbits || mpil < l || (bits && !mpi[2])) { *mpilp = 0; return 0;