Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 81509 Details for
Bug 125217
app-crypt/gnupg: ambiguous signatures may verify unsigned data
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch from Werner Koch of GnuPG project
a.diff (text/plain), 4.60 KB, created by
Tavis Ormandy (RETIRED)
on 2006-03-06 04:24:50 UTC
(
hide
)
Description:
patch from Werner Koch of GnuPG project
Filename:
MIME Type:
Creator:
Tavis Ormandy (RETIRED)
Created:
2006-03-06 04:24:50 UTC
Size:
4.60 KB
patch
obsolete
>Index: mainproc.c >=================================================================== >--- mainproc.c (revision 4034) >+++ mainproc.c (working copy) >@@ -680,7 +680,8 @@ > for( data++, datalen--; datalen; datalen--, data++ ) > md_enable( c->mfx.md, *data ); > any = 1; >- break; /* no pass signature packets are expected */ >+ break; /* Stop here as one-pass signature packets are not >+ expected. */ > } > else if(n->pkt->pkttype==PKT_SIGNATURE) > { >@@ -1164,7 +1165,7 @@ > > /* If we have not encountered any signature we print an error > messages, send a NODATA status back and return an error code. >- Using log_error is required becuase verify_files does not check >+ Using log_error is required because verify_files does not check > error codes for each file but we want to terminate the process > with an error. */ > if (!rc && !c->any_sig_seen) >@@ -1444,39 +1445,62 @@ > */ > { > KBNODE n; >- int n_sig=0; >+ int n_sig = 0; >+ int n_plaintext = 0; >+ int sig_seen, onepass_seen; > >- for (n=c->list; n; n=n->next ) { >+ for (n=c->list; n; n=n->next ) >+ { > if ( n->pkt->pkttype == PKT_SIGNATURE ) >- n_sig++; >- } >- if (n_sig > 1) { /* more than one signature - check sequence */ >- int tmp, onepass; >- >- for (tmp=onepass=0,n=c->list; n; n=n->next ) { >- if (n->pkt->pkttype == PKT_ONEPASS_SIG) >- onepass++; >- else if (n->pkt->pkttype == PKT_GPG_CONTROL >- && n->pkt->pkt.gpg_control->control >- == CTRLPKT_CLEARSIGN_START ) { >- onepass++; /* handle the same way as a onepass */ >- } >- else if ( (tmp && n->pkt->pkttype != PKT_SIGNATURE) ) { >- log_error(_("can't handle these multiple signatures\n")); >- return 0; >- } >- else if ( n->pkt->pkttype == PKT_SIGNATURE ) >- tmp = 1; >- else if (!tmp && !onepass >- && n->pkt->pkttype == PKT_GPG_CONTROL >- && n->pkt->pkt.gpg_control->control >- == CTRLPKT_PLAINTEXT_MARK ) { >- /* plaintext before signatures but no one-pass packets*/ >- log_error(_("can't handle these multiple signatures\n")); >- return 0; >- } >- } >- } >+ n_sig++; >+ else if (n->pkt->pkttype == PKT_GPG_CONTROL >+ && (n->pkt->pkt.gpg_control->control >+ == CTRLPKT_PLAINTEXT_MARK) ) >+ n_plaintext++; >+ } >+ >+ for (sig_seen=onepass_seen=0,n=c->list; n; n=n->next ) >+ { >+ if (n->pkt->pkttype == PKT_ONEPASS_SIG) >+ { >+ onepass_seen++; >+ } >+ else if (n->pkt->pkttype == PKT_GPG_CONTROL >+ && (n->pkt->pkt.gpg_control->control >+ == CTRLPKT_CLEARSIGN_START) ) >+ { >+ onepass_seen++; /* Handle the same way as a onepass. */ >+ } >+ else if ( (sig_seen && n->pkt->pkttype != PKT_SIGNATURE) ) >+ { >+ log_error(_("can't handle these multiple signatures\n")); >+ return 0; >+ } >+ else if ( n->pkt->pkttype == PKT_SIGNATURE ) >+ { >+ sig_seen = 1; >+ } >+ else if (n_sig > 1 && !sig_seen && !onepass_seen >+ && n->pkt->pkttype == PKT_GPG_CONTROL >+ && (n->pkt->pkt.gpg_control->control >+ == CTRLPKT_PLAINTEXT_MARK) ) >+ { >+ /* Plaintext before signatures but no onepass >+ signature packets. */ >+ log_error(_("can't handle these multiple signatures\n")); >+ return 0; >+ } >+ else if (n_plaintext > 1 && !sig_seen && !onepass_seen >+ && n->pkt->pkttype == PKT_GPG_CONTROL >+ && (n->pkt->pkt.gpg_control->control >+ == CTRLPKT_PLAINTEXT_MARK) ) >+ { >+ /* More than one plaintext before a signature but no >+ onepass packets. */ >+ log_error(_("can't handle this ambiguous signed data\n")); >+ return 0; >+ } >+ } > } > > astr = pubkey_algo_to_string( sig->pubkey_algo );
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 125217
: 81509 |
81641