First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 122721
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Tavis Ormandy (RETIRED) <taviso@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 122721 depends on: Show dependency tree
Bug 122721 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-02-13 12:09 0000 
The gpg man page states "RETURN VALUE, The program returns 0 if everything was
fine, 1 if at least a signature was bad, and other error codes for fatal
errors.", as gpg is often used as a backend the return value is often used to
determine whether a signature verified correctly.

For example, you have an automated system that verifies a file has been signed
by a key on a keyring that contains the public keys that you trust to provide
the correct file. You might use:

gpg --batch --no-default-keyring --keyring trustedpeople.gpg --verify file.sig
file

This command should return success if the file is signed by a key on
trustedpeople.gpg, failure if file.sig is invalid, or not a signature file. I
dicovered that a file consisting of multiple 0xca bytes will cause gpg to
always return success, I think this might be a bug that could potentially have
security impact in the scenarios similar to the one described above.

Reproduce:

$ perl -e 'print "\xca"x"64"' > input.sig 
$ gpg --verify input.sig anyfile; echo $?

The 0xca file also works when encoded in base64 in clearsigned (armored?)
messages. 

I've added Werner Koch to cc, who hopefully will be kind enough to provide some
input? :)

------- Comment #1 From Tavis Ormandy (RETIRED) 2006-02-14 08:52:14 0000 ------- 
I've noticed a fix was committed for this issue to svn, so we can unrestrict
this bug now.

Werner: in your opinion, does this bug warrant an update?

------- Comment #2 From Tavis Ormandy (RETIRED) 2006-02-15 07:15:24 0000 ------- 
GnuPG project has released 1.4.2.1 to address this issue, moving into
vulnerabilities.

Crypto herd: please provide updated ebuilds.

------- Comment #3 From Marcelo Goes 2006-02-15 07:51:02 0000 ------- 
Done.

------- Comment #4 From Stefan Cornelius (RETIRED) 2006-02-15 07:56:33 0000 ------- 
arches please test and mark stable, thanks

------- Comment #5 From Mike Doty 2006-02-15 09:12:24 0000 ------- 
amd64 stable

------- Comment #6 From Tobias Scherbaum 2006-02-15 11:15:58 0000 ------- 
ppc stable

------- Comment #7 From Markus Rothe 2006-02-15 13:20:21 0000 ------- 
stable on ppc64

------- Comment #8 From Mark Loeser 2006-02-15 14:23:58 0000 ------- 
x86 done

------- Comment #9 From Jason Wever (RETIRED) 2006-02-15 19:54:57 0000 ------- 
SPARC'd

------- Comment #10 From René Nussbaumer 2006-02-15 22:22:53 0000 ------- 
Stable on hppa

------- Comment #11 From Bryan Østergaard (RETIRED) 2006-02-18 03:05:31 0000 ------- 
Stable on alpha + ia64.

------- Comment #12 From Stefan Cornelius (RETIRED) 2006-02-18 03:11:34 0000 ------- 
ok, glsa vote i guess. I vote YES.

------- Comment #13 From Thierry Carrez (RETIRED) 2006-02-18 04:21:37 0000 ------- 
Yes too, GLSA draft is in and ready.

------- Comment #14 From Thierry Carrez (RETIRED) 2006-02-18 06:27:38 0000 ------- 
GLSA 200602-10
arm mips and s390 should remember to mark stable to benefit from GLSA

------- Comment #15 From Joshua Kinard 2006-02-26 12:05:27 0000 ------- 
mips stable.
First Last Prev Next    No search results available      Search page      Enter new bug