From 36dbca3e6944d13e75e96eace634e58a7d7e201d Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 9 Dec 2024 13:23:39 +0100 Subject: gpg: Allow for longer signature subpackets. * g10/parse-packet.c (parse_signature): Increase the cap for hashed subpackets to 30000. Print the value in the error message. Do not return an error but skip a too long signature. -- The limit of 10000 served us well for decades but given the option to put a key into the signature, a larger limit will eventually be useful. The second part makes things a bit robust against rogue subpackets on a keyserver. --- g10/parse-packet.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/g10/parse-packet.c b/g10/parse-packet.c index a16f70fea..ac784b7fb 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -2281,12 +2281,12 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen, pktlen -= 2; /* Length of hashed data. */ if (pktlen < n) goto underflow; - if (n > 10000) + if (n > 30000) { - log_error ("signature packet: hashed data too long\n"); + log_error ("signature packet: hashed data too long (%u)\n", n); if (list_mode) - es_fputs (":signature packet: [hashed data too long]\n", listfp); - rc = GPG_ERR_INV_PACKET; + es_fprintf (listfp, + ":signature packet: [hashed data too long (%u)]\n", n); goto leave; } if (n) @@ -2313,10 +2313,11 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen, goto underflow; if (n > 10000) { - log_error ("signature packet: unhashed data too long\n"); + log_error ("signature packet: unhashed data too long (%u)\n", n); if (list_mode) - es_fputs (":signature packet: [unhashed data too long]\n", listfp); - rc = GPG_ERR_INV_PACKET; + es_fprintf (listfp, + ":signature packet: [unhashed data too long (%u)]\n", + n); goto leave; } if (n) -- cgit v1.2.3