make unarmor() more flexible, make sure pgp mpis are minimal

diff --git a/ext/repo_pubkey.c b/ext/repo_pubkey.c
index 7b196cb..077f524 100644 (file)
--- a/ext/repo_pubkey.c
+++ b/ext/repo_pubkey.c
@@ -113,7 +113,7 @@ crc24(unsigned char *p, int len)
 }
 
 static unsigned char *
-unarmor(char *pubkey, int *pktlp)
+unarmor(char *pubkey, int *pktlp, char *startstr, char *endstr)
 {
   char *p;
   int l, eof;
@@ -121,7 +121,8 @@ unarmor(char *pubkey, int *pktlp)
   unsigned int v;
 
   *pktlp = 0;
-  while (strncmp(pubkey, "-----BEGIN PGP PUBLIC KEY BLOCK-----", 36) != 0)
+  l = strlen(startstr);
+  while (strncmp(pubkey, startstr, l) != 0)
     {
       pubkey = strchr(pubkey, '\n');
       if (!pubkey)
@@ -176,7 +177,7 @@ unarmor(char *pubkey, int *pktlp)
     }
   while (*pubkey == ' ' || *pubkey == '\t' || *pubkey == '\n' || *pubkey == '\r')
     pubkey++;
-  if (strncmp(pubkey, "-----END PGP PUBLIC KEY BLOCK-----", 34) != 0)
+  if (strncmp(pubkey, endstr, strlen(endstr)) != 0)
     {
       solv_free(buf);
       return 0;
@@ -693,7 +694,7 @@ pubkey2solvable(Solvable *s, Repodata *data, char *pubkey)
   unsigned char *pkts;
   int pktsl;
 
-  pkts = unarmor(pubkey, &pktsl);
+  pkts = unarmor(pubkey, &pktsl, "-----BEGIN PGP PUBLIC KEY BLOCK-----", "-----END PGP PUBLIC KEY BLOCK-----");
   if (!pkts)
     {
       pool_error(s->repo->pool, 0, "unarmor failure");

diff --git a/ext/solv_pgpvrfy.c b/ext/solv_pgpvrfy.c
index 3fe277e..5996671 100644 (file)
--- a/ext/solv_pgpvrfy.c
+++ b/ext/solv_pgpvrfy.c
@@ -377,7 +377,7 @@ findmpi(unsigned char **mpip, int *mpilp, int maxbits, int *outlen)
     return 0;
   bits = mpi[0] << 8 | mpi[1];
   l = 2 + (bits + 7) / 8;
-  if (bits > maxbits || mpil < l)
+  if (bits > maxbits || mpil < l || (bits && !mpi[2]))
     {
       *mpilp = 0;
       return 0;