search

rnpgp / rnp

RNP: high performance C++ OpenPGP library used by Mozilla Thunderbird
https://www.rnpgp.org
Other
194 stars 55 forks source link

Check key packet length edge cases. #938

Closed ni4 closed 4 years ago

ni4 commented 4 years ago

Description

Make sure key packet can be correctly read with 1-byte, 2-byte and 4-byte packet lengths. Also test negative cases - when key packet length is very large (say, 3Gb), zero, 2 bytes, etc. Add separate test for these cases to rnp_tests suite, using the modified existing key file. Key loading should be done via the FFI interface (see rnp_import_keys() function).

ni4 commented 4 years ago

@msdev428 would you like to take this issue? Need your comment here to be able to assign it :) Thanks!

msdev428 commented 4 years ago

@ni4 sure, I will check and let you know. Thanks!

ni4 commented 4 years ago

@msdev428 great! Feel free to ask any questions here.

msdev428 commented 4 years ago

@ni4 do I need to create PR from master branch?

ni4 commented 4 years ago

@msdev428 no, please create a separate branch and then create PR from it. PR process in more details is described here: https://github.com/rnpgp/rnp/blob/master/docs/develop.adoc

msdev428 commented 4 years ago

@ni4 sorry for delay. Can you advise me to solve this issue? To simulate key packet length, then do I need to replace key length field in pgp binary key file, right?

ni4 commented 4 years ago

@msdev428 Yeah. Our implementation picks smallest possible packet header length. So you should cut existing header (see output of rnp --list-packets keyfile, prepend constructed header with different length field, and make sure key is loaded successfully.

msdev428 commented 4 years ago

@ni4 Can you give access to make PR?

$ git push --set-upstream origin invalid_pkt_length_check 
ERROR: Permission to rnpgp/rnp.git denied to msdev428.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
ni4 commented 4 years ago

@msdev428 you should be able to create a PR from your own fork, please see https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request-from-a-fork for the details.

ronaldtse commented 4 years ago

@msdev428 also see this: https://github.com/rnpgp/rnp/issues/944#issuecomment-549292090

msdev428 commented 4 years ago

@ni4 I created PR #950

ni4 commented 4 years ago

@msdev428 Thanks, I'll review it and add comments to the PR.

ni4 commented 4 years ago

Fixed in #1011