Even more fuzzing

2025-12-06 12:21:15 +01:00 · 2025-07-09 14:09:47 +02:00 · 2025-07-09 14:09:47 +02:00 · f718b2ec81
commit f718b2ec81
parent 3f9dbb3456
34 changed files with 517 additions and 366 deletions
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/OpenPgpMessageInputStream.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/OpenPgpMessageInputStream.kt
@ -145,7 +145,11 @@ class OpenPgpMessageInputStream(

        // Comsume packets, potentially stepping into nested layers
        layer@ while (run {
-            packet = pIn.nextPacketTag()
+            packet = try {
+                pIn.nextPacketTag()
+            } catch (e: NoSuchElementException) {
+                throw MalformedOpenPgpMessageException(e.message)
+            }
            packet
        } != null) {

@ -208,12 +212,25 @@ class OpenPgpMessageInputStream(
        syntaxVerifier.next(InputSymbol.LITERAL_DATA)
        val literalData = packetInputStream!!.readLiteralData()

+        val streamEncoding = try {
+            StreamEncoding.requireFromCode(literalData.format)
+        } catch (e: NoSuchElementException) {
+            throw PGPException("Invalid stream encoding format encountered: ${literalData.format}; ${e.message}")
+        }
+
+        val fileName = try {
+            literalData.fileName
+        } catch (e: IllegalArgumentException) {
+            // Non UTF8
+            throw PGPException("Cannot decode literal data filename: ${e.message}")
+        }
+
        // Extract Metadata
        layerMetadata.child =
            LiteralData(
-                literalData.fileName,
+                fileName,
                literalData.modificationTime,
-                StreamEncoding.requireFromCode(literalData.format))
+                streamEncoding)

        nestedInputStream = literalData.inputStream
    }
@ -223,10 +240,16 @@ class OpenPgpMessageInputStream(
        signatures.enterNesting()
        val compressedData = packetInputStream!!.readCompressedData()

+        val compAlg = try {
+            CompressionAlgorithm.requireFromId(compressedData.algorithm)
+        } catch (e: NoSuchElementException) {
+            throw PGPException(e.message)
+        }
+
        // Extract Metadata
        val compressionLayer =
            CompressedData(
-                CompressionAlgorithm.requireFromId(compressedData.algorithm),
+                compAlg,
                layerMetadata.depth + 1)

        LOGGER.debug(
@ -326,6 +349,18 @@ class OpenPgpMessageInputStream(
        syntaxVerifier.next(InputSymbol.ENCRYPTED_DATA)

        val encDataList = packetInputStream!!.readEncryptedDataList()
+        if (encDataList.isEmpty) {
+            LOGGER.debug(
+                "Missing encrypted session key packet.")
+            return false
+        }
+
+        if (!encDataList.isIntegrityProtected && !encDataList.get(0).isAEAD) {
+            LOGGER.warn("Symmetrically Encrypted Data Packet is not integrity-protected.")
+            if (!options.isIgnoreMDCErrors()) {
+                throw MessageNotIntegrityProtectedException()
+            }
+        }
        val esks = ESKsAndData(encDataList)

        when (EncryptedDataPacketType.of(encDataList)!!) {
@ -583,7 +618,13 @@ class OpenPgpMessageInputStream(
        pkesk: PGPPublicKeyEncryptedData
    ): Boolean {
        try {
-            val decrypted = pkesk.getDataStream(decryptorFactory)
+            val decrypted = try {
+                pkesk.getDataStream(decryptorFactory)
+            } catch (e: ClassCastException) {
+                throw PGPException(e.message)
+            } catch (e: IllegalArgumentException) {
+                throw PGPException(e.message)
+            }
            val sessionKey = SessionKey(pkesk.getSessionKey(decryptorFactory))
            throwIfUnacceptable(sessionKey.algorithm)

--- a/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/TeeBCPGInputStream.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/TeeBCPGInputStream.kt
@ -17,6 +17,7 @@ import org.bouncycastle.openpgp.PGPOnePassSignature
 import org.bouncycastle.openpgp.PGPPadding
 import org.bouncycastle.openpgp.PGPSignature
 import org.pgpainless.algorithm.OpenPgpPacket
+import org.pgpainless.exception.MalformedOpenPgpMessageException

 /**
 * Since we need to update signatures with data from the underlying stream, this class is used to
@ -61,7 +62,12 @@ class TeeBCPGInputStream(inputStream: BCPGInputStream, outputStream: OutputStrea

    fun readEncryptedDataList(): PGPEncryptedDataList {
        delayedTee.squeeze()
-        return PGPEncryptedDataList(packetInputStream)
+        return try {
+            PGPEncryptedDataList(packetInputStream)
+        } catch (e: IllegalArgumentException) {
+            // Mismatched SKESK / SEIPD version
+            throw MalformedOpenPgpMessageException(e.message)
+        }
    }

    fun readOnePassSignature(): PGPOnePassSignature {
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/exception/MalformedOpenPgpMessageException.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/exception/MalformedOpenPgpMessageException.kt
@ -15,7 +15,7 @@ import org.pgpainless.decryption_verification.syntax_check.State
 * @see [RFC4880 §11.3. OpenPGP Messages](https://www.rfc-editor.org/rfc/rfc4880#section-11.3)
 */
 class MalformedOpenPgpMessageException : RuntimeException {
-    constructor(message: String) : super(message)
+    constructor(message: String?) : super(message)

    constructor(message: String, e: MalformedOpenPgpMessageException) : super(message, e)