common: Don't assume on-disk layout matches in-memory layout.

* g10/packet.h (PKT_signature): Change revkey's type from a struct revocation_key ** to a struct revocation_key *. Update users. -- revkey was a pointer into the raw data. But, C doesn't guarantee that there is no padding. Thus, we copy the data. Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2025-07-03 22:56:33 +02:00 · 2015-08-21 10:38:41 +02:00 · 2015-08-21 10:38:41 +02:00 · 4f37820334
commit 4f37820334
parent b3226cadf9
6 changed files with 26 additions and 20 deletions
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@ -1711,25 +1711,31 @@ parse_sig_subpkt2 (PKT_signature * sig, sigsubpkttype_t reqtype)
 void
 parse_revkeys (PKT_signature * sig)
 {
-  struct revocation_key *revkey;
+  const byte *revkey;
  int seq = 0;
  size_t len;

  if (sig->sig_class != 0x1F)
    return;

-  while ((revkey =
-	  (struct revocation_key *) enum_sig_subpkt (sig->hashed,
-						     SIGSUBPKT_REV_KEY,
-						     &len, &seq, NULL)))
+  while ((revkey = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REV_KEY,
+				    &len, &seq, NULL)))
    {
-      if (len == sizeof (struct revocation_key)
-          && (revkey->class & 0x80))  /* 0x80 bit must be set.  */
+      if (/* The only valid length is 22 bytes.  See RFC 4880
+	     5.2.3.15.  */
+	  len == 22
+	  /* 0x80 bit must be set on the class.  */
+          && (revkey[0] & 0x80))
 	{
 	  sig->revkey = xrealloc (sig->revkey,
-				  sizeof (struct revocation_key *) *
+				  sizeof (struct revocation_key) *
 				  (sig->numrevkeys + 1));
-	  sig->revkey[sig->numrevkeys] = revkey;
+
+	  /* Copy the individual fields.  */
+	  sig->revkey[sig->numrevkeys].class = revkey[0];
+	  sig->revkey[sig->numrevkeys].algid = revkey[1];
+	  memcpy (sig->revkey[sig->numrevkeys].fpr, &revkey[2], 20);
+
 	  sig->numrevkeys++;
 	}
    }