Relax base64 decoding: allow spaces and tabs between the crc and footer.

rnpgp · Mar 28, 2024 · 2b64d3b · 2b64d3b
1 parent 92babb7
commit 2b64d3b
Show file tree

Hide file tree

Showing 5 changed files with 55 additions and 3 deletions.
diff --git a/src/librepgp/stream-armor.cpp b/src/librepgp/stream-armor.cpp
@@ -233,7 +233,8 @@ armor_read_trailer(pgp_source_armored_param_t *param)
     char   str[64];
     size_t stlen;
 
-    if (!armor_skip_chars(*param->readsrc, "\r\n")) {
+    /* Space or tab could get between armor and trailer, see issue #2199 */
+    if (!armor_skip_chars(*param->readsrc, "\r\n \t")) {
         return false;
     }
 

diff --git a/src/tests/data/test_stream_key_load/ecc-25519-pub-extra-line-2.asc b/src/tests/data/test_stream_key_load/ecc-25519-pub-extra-line-2.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEWsN6MBYJKwYBBAHaRw8BAQdAAS+nkv9BdVi0JX7g6d+O201bdKhdowbielOo
+ugCpCfi0CWVjYy0yNTUxOYiUBBMWCAA8AhsDBQsJCAcCAyICAQYVCgkICwIEFgID
+AQIeAwIXgBYhBCH8aCdKrjtd45pCd8x4YniYGwcoBQJcVa/NAAoJEMx4YniYGwco
+lFAA/jMt3RUUb5xt63JW6HFcrYq0RrDAcYMsXAY73iZpPsEcAQDmKbH21LkwoClU
+9RrUJSYZnMla/pQdgOxd7/PjRCpbCg==
+=miZp
+
+
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/src/tests/data/test_stream_key_load/ecc-25519-pub-extra-line.asc b/src/tests/data/test_stream_key_load/ecc-25519-pub-extra-line.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEWsN6MBYJKwYBBAHaRw8BAQdAAS+nkv9BdVi0JX7g6d+O201bdKhdowbielOo
+ugCpCfi0CWVjYy0yNTUxOYiUBBMWCAA8AhsDBQsJCAcCAyICAQYVCgkICwIEFgID
+AQIeAwIXgBYhBCH8aCdKrjtd45pCd8x4YniYGwcoBQJcVa/NAAoJEMx4YniYGwco
+lFAA/jMt3RUUb5xt63JW6HFcrYq0RrDAcYMsXAY73iZpPsEcAQDmKbH21LkwoClU
+9RrUJSYZnMla/pQdgOxd7/PjRCpbCg==
+=miZp
+
+
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/src/tests/ffi-key.cpp b/src/tests/ffi-key.cpp
@@ -4873,3 +4873,28 @@ TEST_F(rnp_tests, test_ffi_designated_revokers)
     /* Cleanup */
     rnp_ffi_destroy(ffi);
 }
+
+TEST_F(rnp_tests, test_armored_keys_extra_line)
+{
+    rnp_ffi_t ffi = NULL;
+    assert_rnp_success(rnp_ffi_create(&ffi, "GPG", "GPG"));
+    /* Key with extra line after the checksum */
+    assert_true(
+      import_pub_keys(ffi, "data/test_stream_key_load/ecc-25519-pub-extra-line.asc"));
+    rnp_key_handle_t key = NULL;
+    assert_rnp_success(rnp_locate_key(ffi, "keyid", "0xcc786278981b0728", &key));
+    assert_true(check_key_valid(key, true));
+    assert_true(check_uid_valid(key, 0, true));
+    rnp_key_handle_destroy(key);
+
+    /* Key with extra lines with spaces after the checksum */
+    assert_true(
+      import_pub_keys(ffi, "data/test_stream_key_load/ecc-25519-pub-extra-line-2.asc"));
+    key = NULL;
+    assert_rnp_success(rnp_locate_key(ffi, "keyid", "0xcc786278981b0728", &key));
+    assert_true(check_key_valid(key, true));
+    assert_true(check_uid_valid(key, 0, true));
+    rnp_key_handle_destroy(key);
+
+    rnp_ffi_destroy(ffi);
+}
diff --git a/src/tests/streams.cpp b/src/tests/streams.cpp
@@ -1561,11 +1561,15 @@ TEST_F(rnp_tests, test_stream_dearmor_edge_cases)
     len = snprintf(msg, sizeof(msg), "%s\n\n%s\n%s\n%s\n", HDR, b64, CRC, FTR2);
     assert_false(try_dearmor(msg, len));
 
-    /* extra spaces or chars before the footer - FAIL */
+    /* extra spaces or tabs before the footer - allow it, see issue #2199 */
     len = snprintf(msg, sizeof(msg), "%s\n\n%s\n%s\n  %s\n", HDR, b64, CRC, FTR);
-    assert_false(try_dearmor(msg, len));
+    assert_true(try_dearmor(msg, len));
     len = snprintf(msg, sizeof(msg), "%s\n\n%s\n%s\n\t\t %s\n", HDR, b64, CRC, FTR);
+    assert_true(try_dearmor(msg, len));
+    /* no empty line between crc and footer - FAIL */
+    len = snprintf(msg, sizeof(msg), "%s\n\n%s\n%s%s\n", HDR, b64, CRC, FTR);
     assert_false(try_dearmor(msg, len));
+    /* extra chars before the footer - FAIL */
     len = snprintf(msg, sizeof(msg), "%s\n\n%s\n%s\n11111%s\n", HDR, b64, CRC, FTR);
     assert_false(try_dearmor(msg, len));