x/crypto/openpgp: ReadMessage(): Panic on invalid input in packet.PublicKeyV3.setFingerPrintAndKeyId() (slice bounds out of range) (original) (raw)

The following program panics:

package main

import ( "bytes" "encoding/hex" "io" "log" "os"

"golang.org/x/crypto/openpgp"

)

// An empty Keyring type emptyKR struct { }

func (kr emptyKR) KeysById(id uint64) []openpgp.Key { return nil }

func (kr emptyKR) DecryptionKeys() []openpgp.Key { return nil }

func (kr emptyKR) KeysByIdUsage(uint64, byte) []openpgp.Key { return nil }

var data = "9303000130303030303030303030983002303030303030030000000130"

func main() { buf, err := hex.DecodeString(data) if err != nil { log.Fatalln(err) }

md, err := openpgp.ReadMessage(bytes.NewBuffer(buf), emptyKR{},
    func([]openpgp.Key, bool) ([]byte, error) {
        return []byte("insecure"), nil
    }, nil)

if err != nil {
    log.Fatalln(err)
}

_, err = io.Copy(os.Stdout, md.UnverifiedBody)
if err != nil {
    log.Fatalln(err)
}

if md.SignatureError != nil {
    log.Fatalln("integrity check failed")
}

}

with the trace:

panic: runtime error: slice bounds out of range

goroutine 1 [running]:
golang.org/x/crypto/openpgp/packet.(*PublicKeyV3).setFingerPrintAndKeyId(0xc208064000)
    /home/marebri/devel/go/src/golang.org/x/crypto/openpgp/packet/public_key_v3.go:85 +0x168
golang.org/x/crypto/openpgp/packet.(*PublicKeyV3).parse(0xc208064000, 0x7fa916c14c58, 0xc208062060, 0x0, 0x0)
    /home/marebri/devel/go/src/golang.org/x/crypto/openpgp/packet/public_key_v3.go:75 +0x273
golang.org/x/crypto/openpgp/packet.Read(0x7fa916c14b60, 0xc2080120e0, 0x7fa916c14c80, 0xc208064000, 0x0, 0x0)
    /home/marebri/devel/go/src/golang.org/x/crypto/openpgp/packet/packet.go:375 +0x152
golang.org/x/crypto/openpgp/packet.(*Reader).Next(0xc20803c480, 0x0, 0x0, 0x0, 0x0)
    /home/marebri/devel/go/src/golang.org/x/crypto/openpgp/packet/reader.go:37 +0x10c
golang.org/x/crypto/openpgp.readSignedMessage(0xc20803c480, 0xc2080600a0, 0x7fa916c14b88, 0x68c0a8, 0xc2080600a0, 0x0, 0x0)
    /home/marebri/devel/go/src/golang.org/x/crypto/openpgp/read.go:234 +0xc4
golang.org/x/crypto/openpgp.ReadMessage(0x7fa916c14b60, 0xc2080120e0, 0x7fa916c14b88, 0x68c0a8, 0x5f08c0, 0x0, 0xc208060000, 0x0, 0x0)
    /home/marebri/devel/go/src/golang.org/x/crypto/openpgp/read.go:137 +0x497
main.main()
    /home/marebri/devel/lab/go/crypto/openpgp/issues/3f41f6e4/main.go:40 +0x285

goroutine 2 [runnable]:
runtime.forcegchelper()
    /opt/go/src/runtime/proc.go:90
runtime.goexit()
    /opt/go/src/runtime/asm_amd64.s:2232 +0x1

goroutine 3 [runnable]:
runtime.bgsweep()
    /opt/go/src/runtime/mgc0.go:82
runtime.goexit()
    /opt/go/src/runtime/asm_amd64.s:2232 +0x1

goroutine 4 [runnable]:
runtime.runfinq()
    /opt/go/src/runtime/malloc.go:712
runtime.goexit()
    /opt/go/src/runtime/asm_amd64.s:2232 +0x1

Found using gofuzz. You may assign this issue to me.