(maven-gpg-plugin) branch master updated: [MGPG-116] Up max key file size to 64K (#85)

Thu, 28 Mar 2024 03:27:43 -0700 

This is an automated email from the ASF dual-hosted git repository.

cstamas pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/maven-gpg-plugin.git


The following commit(s) were added to refs/heads/master by this push:
     new ef57091  [MGPG-116] Up max key file size to 64K (#85)
ef57091 is described below

commit ef57091a7ffce55afe7b68bbd8b7592a6831687f
Author: Tamas Cservenak <ta...@cservenak.net>
AuthorDate: Thu Mar 28 11:27:31 2024 +0100

    [MGPG-116] Up max key file size to 64K (#85)
    
    Allow 64K files as well, as this may be "ring" (collection of keys) as well.
    
    ---
    
    https://issues.apache.org/jira/browse/MGPG-116
---
 src/main/java/org/apache/maven/plugins/gpg/BcSigner.java | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/main/java/org/apache/maven/plugins/gpg/BcSigner.java 
b/src/main/java/org/apache/maven/plugins/gpg/BcSigner.java
index b31623c..83e8229 100644
--- a/src/main/java/org/apache/maven/plugins/gpg/BcSigner.java
+++ b/src/main/java/org/apache/maven/plugins/gpg/BcSigner.java
@@ -122,9 +122,14 @@ public class BcSigner extends AbstractGpgSigner {
 
     public final class GpgConfLoader implements Loader {
         /**
-         * Maximum key size, see <a 
href="https://wiki.gnupg.org/LargeKeys";>Large Keys</a>.
+         * Maximum file size allowed to load (as we load it into heap).
+         * <p>
+         * This barrier exists to prevent us to load big/huge files, if this 
code is pointed at one
+         * (by mistake or by malicious intent).
+         *
+         * @see <a href="https://wiki.gnupg.org/LargeKeys";>Large Keys</a>
          */
-        private static final long MAX_SIZE = 16 * 1024 + 1L;
+        private static final long MAX_SIZE = 64 * 1024 + 1L;
 
         @Override
         public byte[] loadKeyRingMaterial(RepositorySystemSession session) 
throws IOException {
@@ -138,7 +143,7 @@ public class BcSigner extends AbstractGpgSigner {
                 if (Files.size(keyPath) < MAX_SIZE) {
                     return Files.readAllBytes(keyPath);
                 } else {
-                    throw new IOException("Refusing to load key " + keyPath + 
"; is larger than 16KB");
+                    throw new IOException("Refusing to load file " + keyPath + 
"; is larger than 64KB");
                 }
             }
             return null;

Reply via email to