[git] GPGME - branch, master, updated. gpgme-1.6.0-275-ga916818
by Werner Koch
cvs at cvs.gnupg.org
Wed Aug 10 15:38:29 CEST 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".
The branch, master has been updated
via a9168185ba97aa1d827315cd8017899bf904aded (commit)
from 09667a6006986a782af98ca1de4d6521e1b8f353 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit a9168185ba97aa1d827315cd8017899bf904aded
Author: Werner Koch <wk at gnupg.org>
Date: Wed Aug 10 15:31:25 2016 +0200
core: Do not identify PNG files as PGP signatures.
* src/data-identify.c (next_openpgp_packet): Blacklist PNG files.
--
GnuPG-bug-id: 2314
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/src/data-identify.c b/src/data-identify.c
index 88a472f..1edfb9b 100644
--- a/src/data-identify.c
+++ b/src/data-identify.c
@@ -95,6 +95,11 @@ next_openpgp_packet (unsigned char const **bufptr, size_t *buflen,
if (!len)
return gpg_error (GPG_ERR_NO_DATA);
+ /* First some blacklisting. */
+ if (len >= 4 && !memcmp (buf, "\x89PNG", 4))
+ return gpg_error (GPG_ERR_INV_PACKET); /* This is a PNG file. */
+
+ /* Start parsing. */
ctb = *buf++; len--;
if ( !(ctb & 0x80) )
return gpg_error (GPG_ERR_INV_PACKET); /* Invalid CTB. */
-----------------------------------------------------------------------
Summary of changes:
src/data-identify.c | 5 +++++
1 file changed, 5 insertions(+)
hooks/post-receive
--
GnuPG Made Easy
http://git.gnupg.org
More information about the Gnupg-commits
mailing list