gpg: Allow for longer signature subpackets.

* g10/parse-packet.c (parse_signature): Increase the cap for hashed subpackets to 30000. Print the value in the error message. Do not return an error but skip a too long signature. -- The limit of 10000 served us well for decades but given the option to put a key into the signature, a larger limit will eventually be useful. The second part makes things a bit robust against rogue subpackets on a keyserver.
2024-12-22 10:19:57 +01:00 · 2024-12-09 13:23:39 +01:00 · 2024-12-09 13:23:39 +01:00 · 36dbca3e69
commit 36dbca3e69
parent 4c830b240c
1 changed files with 8 additions and 7 deletions
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@ -2281,12 +2281,12 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
      pktlen -= 2;  /* Length of hashed data. */
      if (pktlen < n)
 	goto underflow;
-      if (n > 10000)
+      if (n > 30000)
 	{
-	  log_error ("signature packet: hashed data too long\n");
+	  log_error ("signature packet: hashed data too long (%u)\n", n);
          if (list_mode)
-            es_fputs (":signature packet: [hashed data too long]\n", listfp);
+            es_fprintf (listfp,
-	  rc = GPG_ERR_INV_PACKET;
+                        ":signature packet: [hashed data too long (%u)]\n", n);
 	  goto leave;
 	}
      if (n)
@ -2313,10 +2313,11 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
 	goto underflow;
      if (n > 10000)
 	{
-	  log_error ("signature packet: unhashed data too long\n");
+	  log_error ("signature packet: unhashed data too long (%u)\n", n);
          if (list_mode)
-            es_fputs (":signature packet: [unhashed data too long]\n", listfp);
+            es_fprintf (listfp,
-	  rc = GPG_ERR_INV_PACKET;
+                        ":signature packet: [unhashed data too long (%u)]\n",
                        n);
 	  goto leave;
 	}
      if (n)