Valid PGP packets are always at least two bytes long

- Old format tags encode the number of body length bytes in the packet
  header, new format encodes it in the first body length byte. In
  both cases there must be at least two bytes worth of data for it
  to be a valid header. Sanity check before accessing.

diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
index 14afc91..9f92515 100644 (file)
--- a/rpmio/rpmpgp.c
+++ b/rpmio/rpmpgp.c
@@ -1090,7 +1090,7 @@ int pgpPubkeyFingerprint(const uint8_t * pkt, size_t pktlen, pgpKeyID_t keyid)
     DIGEST_CTX ctx;
     int rc = -1;       /* assume failure. */
 
-    if (!(val & 0x80))
+    if (!(val & 0x80) || pktlen < 2)
        return rc;
 
     if (val & 0x40) {
@@ -1181,7 +1181,7 @@ static int pgpPrtPkt(const uint8_t *pkt, size_t pleft,
     int rc = 0;
 
     /* XXX can't deal with these. */
-    if (!(val & 0x80))
+    if (!(val & 0x80) || pleft < 2)
        return -1;
 
     if (val & 0x40) {