Do not attempt to parse a 32-bit integer if a packet is not 4 bytes.tmp-openpgp-fix

    This addresses:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=737

Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>

3 files changed, 2 insertions, 2 deletions

diff --git a/lib/opencdk/keydb.c b/lib/opencdk/keydb.c
index 6fc0b9ec43..f78d35f68f 100644
--- a/lib/opencdk/keydb.c
+++ b/lib/opencdk/keydb.c
@@ -1400,7 +1400,7 @@ keydb_parse_allsigs(cdk_kbnode_t knode, cdk_keydb_hd_t hd, int check)
 							    signature->
 							    hashed,
 							    CDK_SIGSUBPKT_KEY_EXPIRE);
-					if (s) {
+					if (s && s->size == 4) {
 						expiredate =
 						    _cdk_buftou32(s->d);
 						pk->expiredate =
diff --git a/tests/cert-tests/data/openpgp-invalid10.pub b/tests/cert-tests/data/openpgp-invalid10.pub
new file mode 100644
index 0000000000..f1cd353eb4
--- /dev/null
+++ b/tests/cert-tests/data/openpgp-invalid10.pub
diff --git a/tests/cert-tests/openpgp-cert-parser b/tests/cert-tests/openpgp-cert-parser
index 4ac5a6f946..f17e160a0c 100755
--- a/tests/cert-tests/openpgp-cert-parser
+++ b/tests/cert-tests/openpgp-cert-parser
@@ -43,7 +43,7 @@ echo "Checking OpenPGP certificate parsing"
 for i in "truncated.pub" "attribute-leak-1.pub" "subpkt-leak.pub" "openpgp-invalid1.pub" \
 	"openpgp-invalid2.pub" "openpgp-invalid3.pub" "openpgp-invalid4.pub" "openpgp-invalid5.pub" \
 	"openpgp-invalid6.pub" "openpgp-invalid7.pub" "openpgp-invalid8.pub" \
-	"openpgp-invalid9.pub";do
+	"openpgp-invalid9.pub" "openpgp-invalid10";do
 	${VALGRIND} "${CERTTOOL}" --inraw --pgp-certificate-info --infile "${srcdir}/data/${i}"
 	rc=$?
 	if test $rc != 1;then