(resending, as the original message seems to be MIA)
Consider the following scenario:
An implementation is parsing a public-key packet. The packet header
gives a body length of 600 bytes; this is then buffered into memory.
The software successfully parses all the data in the packet body -
everything from the packet version number to the final MPI that it was
expecting - and realizes that it has only read 400 bytes.
Even if the public key data was successfully parsed, should the
implementation consider the packet to be malformed and reject the key?
Or should the leftover data be considered optional and be ignored? I
think it makes more sense to error out, but the RFC draft and mailing
list archives seem to be silent on this issue.
On a somewhat related note, are V3 partial-length headers limited to the
same context as V4 partial-length headers? That is - are they allowed
only on data packets?
Thanks for your help!
~ Levi