[Pkg-gnupg-commit] [gpgme] 275/412: core: Do not identify PNG files as PGP signatures.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Sep 22 21:27:02 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gpgme.
commit a9168185ba97aa1d827315cd8017899bf904aded
Author: Werner Koch <wk at gnupg.org>
Date: Wed Aug 10 15:31:25 2016 +0200
core: Do not identify PNG files as PGP signatures.
* src/data-identify.c (next_openpgp_packet): Blacklist PNG files.
--
GnuPG-bug-id: 2314
Signed-off-by: Werner Koch <wk at gnupg.org>
---
src/data-identify.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/data-identify.c b/src/data-identify.c
index 88a472f..1edfb9b 100644
--- a/src/data-identify.c
+++ b/src/data-identify.c
@@ -95,6 +95,11 @@ next_openpgp_packet (unsigned char const **bufptr, size_t *buflen,
if (!len)
return gpg_error (GPG_ERR_NO_DATA);
+ /* First some blacklisting. */
+ if (len >= 4 && !memcmp (buf, "\x89PNG", 4))
+ return gpg_error (GPG_ERR_INV_PACKET); /* This is a PNG file. */
+
+ /* Start parsing. */
ctb = *buf++; len--;
if ( !(ctb & 0x80) )
return gpg_error (GPG_ERR_INV_PACKET); /* Invalid CTB. */
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gpgme.git
More information about the Pkg-gnupg-commit
mailing list