From 6e09e95c4780e500280f69c0deca9d9d2e8aec24 Mon Sep 17 00:00:00 2001
From: Michael Schroeder <mls@suse.de>
Date: Tue, 13 Sep 2022 15:22:52 +0200
Subject: [PATCH] Check subpackage length when parsing pubkeys

---
 ext/repo_pubkey.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ext/repo_pubkey.c b/ext/repo_pubkey.c
index a965a652..fdcb9ea4 100644
--- a/ext/repo_pubkey.c
+++ b/ext/repo_pubkey.c
@@ -458,11 +458,11 @@ pgpsig_init(struct pgpsig *sig, unsigned char *p, int l)
 		  sig->haveissuer = 1;
 		  memcpy(sig->issuer, q + 1, 8);
 		}
-	      if (x == 2 && j == 0)
+	      if (x == 2 && sl == 5 && j == 0)
 		sig->created = q[1] << 24 | q[2] << 16 | q[3] << 8 | q[4];
-	      if (x == 3 && j == 0)
+	      if (x == 3 && sl == 5 && j == 0)
 		sig->expires = q[1] << 24 | q[2] << 16 | q[3] << 8 | q[4];
-	      if (x == 9 && j == 0)
+	      if (x == 9 && sl == 5 && j == 0)
 		sig->keyexpires = q[1] << 24 | q[2] << 16 | q[3] << 8 | q[4];
 	      q += sl;
 	      ql -= sl;
-- 
2.47.2