From a200f76dcfc458a7585952a41b4c286bc48b3fe8 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 6 Mar 2006 12:28:46 +0000 Subject: [PATCH] Fixed problem with PGP2 style signatures and mutilple plaintext data --- configure.ac | 2 +- g10/ChangeLog | 5 +++ g10/mainproc.c | 90 +++++++++++++++++++++++++--------------- scripts/ChangeLog | 2 + scripts/w32installer.nsi | 15 ++++--- 5 files changed, 74 insertions(+), 40 deletions(-) diff --git a/configure.ac b/configure.ac index 2182c497d..6a8d6dae7 100644 --- a/configure.ac +++ b/configure.ac @@ -26,7 +26,7 @@ min_automake_version="1.9.3" # Remember to change the version number immediately *after* a release # and remove the "-cvs" or "rc" suffix immediately *before* a release. -AC_INIT(gnupg, 1.4.3rc1, bug-gnupg@gnu.org) +AC_INIT(gnupg, 1.4.3-cvs, bug-gnupg@gnu.org) # Set development_version to yes if the minor number is odd or you # feel that the default check for a development version is not # sufficient. diff --git a/g10/ChangeLog b/g10/ChangeLog index e08271b2f..fb8337814 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,8 @@ +2006-03-06 Werner Koch + + * mainproc.c (check_sig_and_print): Check for multiple plaintexts + before a signature. Reported by Tavis Ormandy. + 2006-03-05 Werner Koch * plaintext.c (handle_plaintext): Replace assert by explict error diff --git a/g10/mainproc.c b/g10/mainproc.c index 7b64939c1..a83fb9e45 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -680,7 +680,8 @@ proc_plaintext( CTX c, PACKET *pkt ) for( data++, datalen--; datalen; datalen--, data++ ) md_enable( c->mfx.md, *data ); any = 1; - break; /* no pass signature packets are expected */ + break; /* Stop here as one-pass signature packets are not + expected. */ } else if(n->pkt->pkttype==PKT_SIGNATURE) { @@ -1164,7 +1165,7 @@ proc_signature_packets( void *anchor, IOBUF a, /* If we have not encountered any signature we print an error messages, send a NODATA status back and return an error code. - Using log_error is required becuase verify_files does not check + Using log_error is required because verify_files does not check error codes for each file but we want to terminate the process with an error. */ if (!rc && !c->any_sig_seen) @@ -1444,39 +1445,62 @@ check_sig_and_print( CTX c, KBNODE node ) */ { KBNODE n; - int n_sig=0; + int n_sig = 0; + int n_plaintext = 0; + int sig_seen, onepass_seen; - for (n=c->list; n; n=n->next ) { + for (n=c->list; n; n=n->next ) + { if ( n->pkt->pkttype == PKT_SIGNATURE ) - n_sig++; - } - if (n_sig > 1) { /* more than one signature - check sequence */ - int tmp, onepass; - - for (tmp=onepass=0,n=c->list; n; n=n->next ) { - if (n->pkt->pkttype == PKT_ONEPASS_SIG) - onepass++; - else if (n->pkt->pkttype == PKT_GPG_CONTROL - && n->pkt->pkt.gpg_control->control - == CTRLPKT_CLEARSIGN_START ) { - onepass++; /* handle the same way as a onepass */ - } - else if ( (tmp && n->pkt->pkttype != PKT_SIGNATURE) ) { - log_error(_("can't handle these multiple signatures\n")); - return 0; - } - else if ( n->pkt->pkttype == PKT_SIGNATURE ) - tmp = 1; - else if (!tmp && !onepass - && n->pkt->pkttype == PKT_GPG_CONTROL - && n->pkt->pkt.gpg_control->control - == CTRLPKT_PLAINTEXT_MARK ) { - /* plaintext before signatures but no one-pass packets*/ - log_error(_("can't handle these multiple signatures\n")); - return 0; - } - } - } + n_sig++; + else if (n->pkt->pkttype == PKT_GPG_CONTROL + && (n->pkt->pkt.gpg_control->control + == CTRLPKT_PLAINTEXT_MARK) ) + n_plaintext++; + } + + for (sig_seen=onepass_seen=0,n=c->list; n; n=n->next ) + { + if (n->pkt->pkttype == PKT_ONEPASS_SIG) + { + onepass_seen++; + } + else if (n->pkt->pkttype == PKT_GPG_CONTROL + && (n->pkt->pkt.gpg_control->control + == CTRLPKT_CLEARSIGN_START) ) + { + onepass_seen++; /* Handle the same way as a onepass. */ + } + else if ( (sig_seen && n->pkt->pkttype != PKT_SIGNATURE) ) + { + log_error(_("can't handle these multiple signatures\n")); + return 0; + } + else if ( n->pkt->pkttype == PKT_SIGNATURE ) + { + sig_seen = 1; + } + else if (n_sig > 1 && !sig_seen && !onepass_seen + && n->pkt->pkttype == PKT_GPG_CONTROL + && (n->pkt->pkt.gpg_control->control + == CTRLPKT_PLAINTEXT_MARK) ) + { + /* Plaintext before signatures but no onepass + signature packets. */ + log_error(_("can't handle these multiple signatures\n")); + return 0; + } + else if (n_plaintext > 1 && !sig_seen && !onepass_seen + && n->pkt->pkttype == PKT_GPG_CONTROL + && (n->pkt->pkt.gpg_control->control + == CTRLPKT_PLAINTEXT_MARK) ) + { + /* More than one plaintext before a signature but no + onepass packets. */ + log_error(_("can't handle this ambiguous signed data\n")); + return 0; + } + } } astr = pubkey_algo_to_string( sig->pubkey_algo ); diff --git a/scripts/ChangeLog b/scripts/ChangeLog index f21de2dcd..dda1eda9b 100644 --- a/scripts/ChangeLog +++ b/scripts/ChangeLog @@ -1,5 +1,7 @@ 2006-02-14 Werner Koch + * w32installer.nsi: Don't use System.dll. + * autogen.sh (DIE): Add lost exit for --build-w32. 2005-10-02 Marcus Brinkmann diff --git a/scripts/w32installer.nsi b/scripts/w32installer.nsi index e68e18eaa..e4e88c5e3 100644 --- a/scripts/w32installer.nsi +++ b/scripts/w32installer.nsi @@ -132,7 +132,7 @@ Page custom CustomPageOptions ReserveFile "opt.ini" ReserveFile "COPYING.txt" ReserveFile "README-W32.txt" -ReserveFile "${NSISDIR}/Plugins/System.dll" +#ReserveFile "${NSISDIR}/Plugins/System.dll" ReserveFile "${NSISDIR}/Plugins/UserInfo.dll" @@ -444,11 +444,14 @@ SectionEnd ; Uninstall ; --------- Function .onInit - System::Call 'kernel32::CreateMutexA(i 0, i 0, t "GnuPGInst") i .r1 ?e' - Pop $R0 - StrCmp $R0 0 +3 - MessageBox MB_OK "An instance of the installer is already running." - Abort + # We can't use System.dll anymore becuase it has bee removed from + # Debian due to an inability to build using FS. We should use the + # use our own DLL as we do with gpg4win. + #System::Call 'kernel32::CreateMutexA(i 0, i 0, t "GnuPGInst") i .r1 ?e' + #Pop $R0 + #StrCmp $R0 0 +3 + # MessageBox MB_OK "An instance of the installer is already running." + # Abort ;;!define MUI_LANGDLL_ALWAYSSHOW !insertmacro MUI_LANGDLL_DISPLAY