Hi Sune-- Thanks for this report. Do you know what tooling is generating these packets for poppler?
In GnuPG right now (even without the patch you identified), those packets are generally ignored. On Fri 2025-05-16 12:01:38 +0200, Sune Stolborg Vuorela wrote: > On Thursday, May 15, 2025 2:04:43 PM CEST Sune Stolborg Vuorela wrote: >> The signature blob is a detached signature packet followed by a finite >> length comment packet. > > A comment package here is what GnuPG calls PKT_COMMENT, it has > datavalue 61. And in most/all openpgp (and librepgp) specs this is in > the private / experimental range, so they should not be rejected 'just > because'. The OpenPGP packet grammar in RFC 4880 doesn't describe a detached signature object at all, so it was really anyone's guess what a detached embedded signature is supposed to be. There is no obligation on any OpenPGP parser to accept arbitrary packets in arbitrary locations. The OpenPGP working group collaboratively described what a detached signature in RFC 9580: https://www.rfc-editor.org/rfc/rfc9580.html#section-10.4 if there was some other grammar being used by someone, there were literally years for them to speak up. Looking at your sample PDF (thanks for the link!) it appears that it is a comment packet of length 0x24d4 containing all zeros. What is the purpose of this packet? Why is it being included? Rather than increasing the attack surface of GnuPG, maybe whatever implementation is producing this thing shouldn't emit a private/experimental packet sequence. > This was btw introduces in GnuPG in 1998 and has been in use for > things ever since. This is the first place i've seen these particular experimental packets show up. If there are other places where you know of it being used, please let me know! --dkg
signature.asc
Description: PGP signature
