Skip to content

OpenPGP: Mitigate some RuntimeExceptions uncovered using Fuzzing #2123

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 31 commits into
base: main
Choose a base branch
from
Open

OpenPGP: Mitigate some RuntimeExceptions uncovered using Fuzzing #2123

wants to merge 31 commits into from

Conversation

vanitasvitae
Copy link
Contributor

Hey!

I did run junit-jazzer agains some PGPainless functions and uncovered some bugs in the bcpg codebase.

The commits in this PR harmonize the way malformed or strange packets are handled, by preventing runtime exceptions, such as IndexOutOfBounds, NegativeArraySize, IllegalArgumentExceptions and OutOfMemory errors.

I'm only just getting started with fuzzing, but I can highly recommend it!

@vanitasvitae
RegularExpression packet: Catch IndexOutOfBounds (-1) for malformed r…
3cac5d8 
…egex subpackets
@vanitasvitae
PGPSignature: Prevent IndexOutOfBoundsExceptions for malformed Ed2551…
1e50bb6 
…9/Ed448 signatures
@vanitasvitae
Introduce MalformedPacketException
322a1e8 
This is a dedicated exception type that is thrown for malformed OpenPGP packets
@vanitasvitae
AEADEncDataPacket: Rethrow IllegalArgumentException for unknown AEAD …
eb8bcc4 
…algorithm as MalformedPacketException
@vanitasvitae
ECDHPGPPublicKey: Prevent IndexOutOfBoundsException and throw Malform…
86c723a 
…edPacketException for malformed packets with unexpected kdf parameter length
@vanitasvitae
LiteralDataPacket: Throw MalformedPacketException for negative body l…
a5a0ab9 
…ength octet
@vanitasvitae
AEADEncDataPacket: Fix error message
e139e2f
@vanitasvitae
OctetArrayBCPGKey: Prevent OutOfMemoryError by limiting encoding leng…
af17961 
…th to 2mb
@vanitasvitae
PublicKeyEncSessionPacket: Prevent negative keyInfoLen octet
26875db
@vanitasvitae
PublicKeyPacket: Prevent negative keyLen octet
3359b93
@vanitasvitae
SignaturePacket: Prevent large or negative subpacket encoding lengths
bf833a1
@vanitasvitae
SymmetricKeyEncSessionPacket: Rethrow IllegalArgumentException for un…
1d1b5d2 
…known AEAD algorithms as IOException
@vanitasvitae
SignatureExpirationTime: Sanitize date encoding length
4c83c07
@vanitasvitae
NotationData: Sanitize encoding length
7caacb3
@vanitasvitae
IssuerFingerprint, IntendedRecipientFingerprint: Sanitize minimal enc…
8c4dc73 
…oding length
@vanitasvitae
ImageAttribute: Sanitize encoding length
1388777
@vanitasvitae
UserAttributeSubpacketInputStream: Sanitize encoding length and limit…
7271e08 
… subpacket encoding length to max 5mb
@vanitasvitae
SignaturePacket: Rethrow IllegalArgumentExceptions in subpackets as M…
08cbdb7 
…alformedPacketExceptions
@vanitasvitae
SignatureSubpacketInputStream: Rethrow IllegalArgumentExceptions duri…
ae92b59 
…ng subpacket parsing as MalformedPacketException
@vanitasvitae
PublicKeyEncSessionPacket: Rethrow IllegalArgumentException for malfo…
85bcddb 
…rmed fingerprint lengths as MalformedPacketException
@vanitasvitae
SymmetricKeyEncSessionPacket: Prevent NegativeArraySizeException for …
509a0a3 
…malformed packets with negative IV
@vanitasvitae
SymmetricKeyEncSessionPacket: Rethrow IllegalArgumentException for un…
2ea1758 
…known AEAD algorithm as MalformedPacketException
@vanitasvitae
SignaturePacket: Prevent negative salt size
c47c742
@vanitasvitae
SymmetricKeyEncSessionPacket: Prevent auth tag length exceeding sessi…
4213302 
…on key data
@vanitasvitae
PublicKeyPacket: Rethrow IllegalStateExceptions (e.g. invalid hash fu…
dbc397c 
…nction in ECDHPublicBCPGKey) as MalformedPacketException
@vanitasvitae
Move MAX_LEN variable from OctetArrayBCPGKey to PublicKeyPacket
7b32d2b
@vanitasvitae
Add Packet.sanitizeLength() utility method
a1c8996
@vanitasvitae
SecretKeyPacket: Sanitize s2k length octet
1ed2a6b
@vanitasvitae
SecretKeyPacket: Sanitize key octet count
bc6a827
@vanitasvitae
SecretKeyPacket: Rethrow IllegalArgumentException for unknown AEAD al…
5218813 
…gorithm
@ligefeiBouncycastle ligefeiBouncycastle self-requested a review July 13, 2025 23:59
@ligefeiBouncycastle
Copy link
Collaborator

Hi @vanitasvitae,
Thanks for your valuable PR in hardening the PGP packet handling against malformed inputs. Your fuzzing work is much appreciated.

Regarding the UserAttributeSubpacketInputStream.MAX_LEN setting (currently 5MB):

  • We should revisit this limit – a prior fix in the C# library (PR #638) encountered a similar issue where packet lengths could theoretically reach 4,082,119,084 bytes (~3.8GB). The resolution there set the max to 2³⁰ bytes (1,073,741,824 bytes)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ligefeiBouncycastle ligefeiBouncycastle Awaiting requested review from ligefeiBouncycastle

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@vanitasvitae @ligefeiBouncycastle