From f22499a05d0a01e35dd10d7644f8d74391ba4222 Mon Sep 17 00:00:00 2001 From: Panu Matilainen Date: Tue, 15 Jun 2021 14:18:23 +0300 Subject: Reject unimplemented critical PGP packets as per RFC-4880 Bit 7 of the subpacket type is the "critical" bit. If set, it denotes that the subpacket is one that is critical for the evaluator of the signature to recognize. If a subpacket is encountered that is marked critical but is unknown to the evaluating software, the evaluator SHOULD consider the signature to be in error. We only implement creation time and issuer keyid, everything else is unimplemented and should be flagged as an error if critical as per above. Initial patch by Demi Marie Obenour. --- rpmio/rpmpgp.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'rpmio/rpmpgp.c') diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c index e0a8a1054..f1a99e716 100644 --- a/rpmio/rpmpgp.c +++ b/rpmio/rpmpgp.c @@ -407,6 +407,7 @@ static int pgpPrtSubType(const uint8_t *h, size_t hlen, pgpSigType sigtype, int rc = 0; while (hlen > 0 && rc == 0) { + int impl = 0; i = pgpLen(p, hlen, &plen); if (i == 0 || plen < 1 || i + plen > hlen) break; @@ -436,6 +437,7 @@ static int pgpPrtSubType(const uint8_t *h, size_t hlen, pgpSigType sigtype, pgpPrtVal(" ", pgpKeyServerPrefsTbl, p[i]); break; case PGPSUBTYPE_SIG_CREATE_TIME: + impl = *p; if (!(_digp->saved & PGPDIG_SAVED_TIME) && (sigtype == PGPSIGTYPE_POSITIVE_CERT || sigtype == PGPSIGTYPE_BINARY || sigtype == PGPSIGTYPE_TEXT || sigtype == PGPSIGTYPE_STANDALONE)) { @@ -450,6 +452,7 @@ static int pgpPrtSubType(const uint8_t *h, size_t hlen, pgpSigType sigtype, break; case PGPSUBTYPE_ISSUER_KEYID: /* issuer key ID */ + impl = *p; if (!(_digp->saved & PGPDIG_SAVED_ID) && (sigtype == PGPSIGTYPE_POSITIVE_CERT || sigtype == PGPSIGTYPE_BINARY || sigtype == PGPSIGTYPE_TEXT || sigtype == PGPSIGTYPE_STANDALONE)) { @@ -489,6 +492,10 @@ static int pgpPrtSubType(const uint8_t *h, size_t hlen, pgpSigType sigtype, break; } pgpPrtNL(); + + if (!impl && (p[0] & PGPSUBTYPE_CRITICAL)) + rc = 1; + p += plen; hlen -= plen; } -- cgit v1.2.1