1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

gpg: Allow for longer signature subpackets.

* g10/parse-packet.c (parse_signature): Increase the cap for hashed
subpackets to 30000.  Print the value in the error message.  Do not
return an error but skip a too long signature.
--

The limit of 10000 served us well for decades but given the option to
put a key into the signature, a larger limit will eventually be
useful.  The second part makes things a bit robust against rogue
subpackets on a keyserver.
This commit is contained in:
Werner Koch 2024-12-09 13:23:39 +01:00
parent 4c830b240c
commit 36dbca3e69
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B

View File

@ -2281,12 +2281,12 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
pktlen -= 2; /* Length of hashed data. */
if (pktlen < n)
goto underflow;
if (n > 10000)
if (n > 30000)
{
log_error ("signature packet: hashed data too long\n");
log_error ("signature packet: hashed data too long (%u)\n", n);
if (list_mode)
es_fputs (":signature packet: [hashed data too long]\n", listfp);
rc = GPG_ERR_INV_PACKET;
es_fprintf (listfp,
":signature packet: [hashed data too long (%u)]\n", n);
goto leave;
}
if (n)
@ -2313,10 +2313,11 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
goto underflow;
if (n > 10000)
{
log_error ("signature packet: unhashed data too long\n");
log_error ("signature packet: unhashed data too long (%u)\n", n);
if (list_mode)
es_fputs (":signature packet: [unhashed data too long]\n", listfp);
rc = GPG_ERR_INV_PACKET;
es_fprintf (listfp,
":signature packet: [unhashed data too long (%u)]\n",
n);
goto leave;
}
if (n)