PGPainless/pgpainless
PGPainless/pgpainless
1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2025-12-10 14:21:09 +01:00
Code Issues Releases Wiki Activity

Fix detection of unarmored data in detached signature verification

Browse source
This commit is contained in:
Paul Schaub 2022-02-11 13:58:50 +01:00
parent 9b5cc2da5a
commit 458b4f1f78
3 changed files with 112 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

37
pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java
View file

@ -46,6 +46,7 @@ import org.pgpainless.algorithm.CompressionAlgorithm;
import org.pgpainless.algorithm.EncryptionPurpose;
import org.pgpainless.algorithm.StreamEncoding;
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
import org.pgpainless.exception.FinalIOException;
import org.pgpainless.exception.MessageNotIntegrityProtectedException;
import org.pgpainless.exception.MissingDecryptionMethodException;
import org.pgpainless.exception.MissingLiteralDataException;
@ -154,7 +155,7 @@ public final class DecryptionStreamFactory {
objectFactory = ImplementationFactory.getInstance().getPGPObjectFactory(decoderStream);
// Parse OpenPGP message
inputStream = processPGPPackets(objectFactory, 1);
} catch (EOFException e) {
} catch (EOFException | FinalIOException e) {
throw e;
} catch (MissingLiteralDataException e) {
// Not an OpenPGP message.
@ -174,7 +175,7 @@ public final class DecryptionStreamFactory {
objectFactory = ImplementationFactory.getInstance().getPGPObjectFactory(decoderStream);
inputStream = wrapInVerifySignatureStream(bufferedIn, objectFactory);
} else {
throw e;
throw new FinalIOException(e);
}
}
@ -195,18 +196,28 @@ public final class DecryptionStreamFactory {
throw new PGPException("Maximum depth of nested packages exceeded.");
}
Object nextPgpObject;
while ((nextPgpObject = objectFactory.nextObject()) != null) {
if (nextPgpObject instanceof PGPEncryptedDataList) {
return processPGPEncryptedDataList((PGPEncryptedDataList) nextPgpObject, depth);
try {
while ((nextPgpObject = objectFactory.nextObject()) != null) {
if (nextPgpObject instanceof PGPEncryptedDataList) {
return processPGPEncryptedDataList((PGPEncryptedDataList) nextPgpObject, depth);
}
if (nextPgpObject instanceof PGPCompressedData) {
return processPGPCompressedData((PGPCompressedData) nextPgpObject, depth);
}
if (nextPgpObject instanceof PGPOnePassSignatureList) {
return processOnePassSignatureList(objectFactory, (PGPOnePassSignatureList) nextPgpObject, depth);
}
if (nextPgpObject instanceof PGPLiteralData) {
return processPGPLiteralData(objectFactory, (PGPLiteralData) nextPgpObject, depth);
}
}
if (nextPgpObject instanceof PGPCompressedData) {
return processPGPCompressedData((PGPCompressedData) nextPgpObject, depth);
}
if (nextPgpObject instanceof PGPOnePassSignatureList) {
return processOnePassSignatureList(objectFactory, (PGPOnePassSignatureList) nextPgpObject, depth);
}
if (nextPgpObject instanceof PGPLiteralData) {
return processPGPLiteralData(objectFactory, (PGPLiteralData) nextPgpObject, depth);
} catch (FinalIOException e) {
throw e;
} catch (IOException e) {
if (depth == 1 && e.getMessage().contains("unknown object in stream:")) {
throw new MissingLiteralDataException("No Literal Data Packet found.");
} else {
throw new FinalIOException(e);
}
}

17
pgpainless-core/src/main/java/org/pgpainless/exception/FinalIOException.java Normal file
View file

@ -0,0 +1,17 @@
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package org.pgpainless.exception;
import java.io.IOException;
/**
* Wrapper for {@link IOException} indicating that we need to throw this exception up.
*/
public class FinalIOException extends IOException {
public FinalIOException(IOException e) {
super(e);
}
}