Ported multiple-messages protection.

2025-07-02 22:46:30 +02:00 · 2007-03-05 14:56:31 +00:00 · 2007-03-05 14:56:31 +00:00 · 9491ab44c5
commit 9491ab44c5
parent f6243073a8
11 changed files with 112 additions and 37 deletions
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@ -98,10 +98,9 @@ struct mainproc_context


 static int do_proc_packets( CTX c, IOBUF a );
-
 static void list_node( CTX c, KBNODE node );
 static void proc_tree( CTX c, KBNODE node );
-
+static int literals_seen;

 static void
 release_list( CTX c )
@ -596,6 +595,8 @@ proc_plaintext( CTX c, PACKET *pkt )
    int any, clearsig, only_md5, rc;
    KBNODE n;

+    literals_seen++;
+
    if( pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8 ) )
 	log_info(_("NOTE: sender requested \"for-your-eyes-only\"\n"));
    else if( opt.verbose )
@ -683,12 +684,29 @@ proc_plaintext( CTX c, PACKET *pkt )
 	    gcry_md_start_debug ( c->mfx.md2, "verify2" );
    }

-    rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig );
-    if ( gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only ) 
+    rc=0;
+
+    if (literals_seen>1)
      {
-        /* Can't write output but we hash it anyway to check the
-           signature. */
-        rc = handle_plaintext( pt, &c->mfx, 1, clearsig );
+	log_info (_("WARNING: multiple plaintexts seen\n"));
+
+	if (!opt.flags.allow_multiple_messages)
+	  {
+            write_status_text (STATUS_ERROR, "proc_pkt.plaintext 89_BAD_DATA");
+	    log_inc_errorcount ();
+	    rc = gpg_error (GPG_ERR_UNEXPECTED); 
+	  }
+      }
+    
+    if(!rc)
+      {
+        rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig );
+        if ( gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only ) 
+          {
+            /* Can't write output but we hash it anyway to check the
+               signature. */
+            rc = handle_plaintext( pt, &c->mfx, 1, clearsig );
+          }
      }

    if( rc )
@ -1512,8 +1530,17 @@ check_sig_and_print( CTX c, KBNODE node )
          n_sig++;
        if (!n_sig)
          goto ambiguous;
-        if (n && !opt.allow_multisig_verification)
-          goto ambiguous;
+
+	/* If we wanted to disallow multiple sig verification, we'd do
+	   something like this:
+
+	   if (n && !opt.allow_multisig_verification)
+             goto ambiguous;
+
+	   However, now that we have --allow-multiple-messages, this
+	   can stay allowable as we can't get here unless multiple
+	   messages (i.e. multiple literals) are allowed. */
+
        if (n_onepass != n_sig)
          {
            log_info ("number of one-pass packets does not match "