1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00

Fixed problem with PGP2 style signatures and mutilple plaintext data

This commit is contained in:
Werner Koch 2006-03-06 12:28:46 +00:00
parent 09203be1c6
commit a200f76dcf
5 changed files with 74 additions and 40 deletions

View File

@ -26,7 +26,7 @@ min_automake_version="1.9.3"
# Remember to change the version number immediately *after* a release
# and remove the "-cvs" or "rc" suffix immediately *before* a release.
AC_INIT(gnupg, 1.4.3rc1, bug-gnupg@gnu.org)
AC_INIT(gnupg, 1.4.3-cvs, bug-gnupg@gnu.org)
# Set development_version to yes if the minor number is odd or you
# feel that the default check for a development version is not
# sufficient.

View File

@ -1,3 +1,8 @@
2006-03-06 Werner Koch <wk@g10code.com>
* mainproc.c (check_sig_and_print): Check for multiple plaintexts
before a signature. Reported by Tavis Ormandy.
2006-03-05 Werner Koch <wk@g10code.com>
* plaintext.c (handle_plaintext): Replace assert by explict error

View File

@ -680,7 +680,8 @@ proc_plaintext( CTX c, PACKET *pkt )
for( data++, datalen--; datalen; datalen--, data++ )
md_enable( c->mfx.md, *data );
any = 1;
break; /* no pass signature packets are expected */
break; /* Stop here as one-pass signature packets are not
expected. */
}
else if(n->pkt->pkttype==PKT_SIGNATURE)
{
@ -1164,7 +1165,7 @@ proc_signature_packets( void *anchor, IOBUF a,
/* If we have not encountered any signature we print an error
messages, send a NODATA status back and return an error code.
Using log_error is required becuase verify_files does not check
Using log_error is required because verify_files does not check
error codes for each file but we want to terminate the process
with an error. */
if (!rc && !c->any_sig_seen)
@ -1444,39 +1445,62 @@ check_sig_and_print( CTX c, KBNODE node )
*/
{
KBNODE n;
int n_sig=0;
int n_sig = 0;
int n_plaintext = 0;
int sig_seen, onepass_seen;
for (n=c->list; n; n=n->next ) {
for (n=c->list; n; n=n->next )
{
if ( n->pkt->pkttype == PKT_SIGNATURE )
n_sig++;
}
if (n_sig > 1) { /* more than one signature - check sequence */
int tmp, onepass;
for (tmp=onepass=0,n=c->list; n; n=n->next ) {
if (n->pkt->pkttype == PKT_ONEPASS_SIG)
onepass++;
else if (n->pkt->pkttype == PKT_GPG_CONTROL
&& n->pkt->pkt.gpg_control->control
== CTRLPKT_CLEARSIGN_START ) {
onepass++; /* handle the same way as a onepass */
}
else if ( (tmp && n->pkt->pkttype != PKT_SIGNATURE) ) {
log_error(_("can't handle these multiple signatures\n"));
return 0;
}
else if ( n->pkt->pkttype == PKT_SIGNATURE )
tmp = 1;
else if (!tmp && !onepass
&& n->pkt->pkttype == PKT_GPG_CONTROL
&& n->pkt->pkt.gpg_control->control
== CTRLPKT_PLAINTEXT_MARK ) {
/* plaintext before signatures but no one-pass packets*/
log_error(_("can't handle these multiple signatures\n"));
return 0;
}
}
}
n_sig++;
else if (n->pkt->pkttype == PKT_GPG_CONTROL
&& (n->pkt->pkt.gpg_control->control
== CTRLPKT_PLAINTEXT_MARK) )
n_plaintext++;
}
for (sig_seen=onepass_seen=0,n=c->list; n; n=n->next )
{
if (n->pkt->pkttype == PKT_ONEPASS_SIG)
{
onepass_seen++;
}
else if (n->pkt->pkttype == PKT_GPG_CONTROL
&& (n->pkt->pkt.gpg_control->control
== CTRLPKT_CLEARSIGN_START) )
{
onepass_seen++; /* Handle the same way as a onepass. */
}
else if ( (sig_seen && n->pkt->pkttype != PKT_SIGNATURE) )
{
log_error(_("can't handle these multiple signatures\n"));
return 0;
}
else if ( n->pkt->pkttype == PKT_SIGNATURE )
{
sig_seen = 1;
}
else if (n_sig > 1 && !sig_seen && !onepass_seen
&& n->pkt->pkttype == PKT_GPG_CONTROL
&& (n->pkt->pkt.gpg_control->control
== CTRLPKT_PLAINTEXT_MARK) )
{
/* Plaintext before signatures but no onepass
signature packets. */
log_error(_("can't handle these multiple signatures\n"));
return 0;
}
else if (n_plaintext > 1 && !sig_seen && !onepass_seen
&& n->pkt->pkttype == PKT_GPG_CONTROL
&& (n->pkt->pkt.gpg_control->control
== CTRLPKT_PLAINTEXT_MARK) )
{
/* More than one plaintext before a signature but no
onepass packets. */
log_error(_("can't handle this ambiguous signed data\n"));
return 0;
}
}
}
astr = pubkey_algo_to_string( sig->pubkey_algo );

View File

@ -1,5 +1,7 @@
2006-02-14 Werner Koch <wk@gnupg.org>
* w32installer.nsi: Don't use System.dll.
* autogen.sh (DIE): Add lost exit for --build-w32.
2005-10-02 Marcus Brinkmann <marcus@g10code.de>

View File

@ -132,7 +132,7 @@ Page custom CustomPageOptions
ReserveFile "opt.ini"
ReserveFile "COPYING.txt"
ReserveFile "README-W32.txt"
ReserveFile "${NSISDIR}/Plugins/System.dll"
#ReserveFile "${NSISDIR}/Plugins/System.dll"
ReserveFile "${NSISDIR}/Plugins/UserInfo.dll"
@ -444,11 +444,14 @@ SectionEnd ; Uninstall
; ---------
Function .onInit
System::Call 'kernel32::CreateMutexA(i 0, i 0, t "GnuPGInst") i .r1 ?e'
Pop $R0
StrCmp $R0 0 +3
MessageBox MB_OK "An instance of the installer is already running."
Abort
# We can't use System.dll anymore becuase it has bee removed from
# Debian due to an inability to build using FS. We should use the
# use our own DLL as we do with gpg4win.
#System::Call 'kernel32::CreateMutexA(i 0, i 0, t "GnuPGInst") i .r1 ?e'
#Pop $R0
#StrCmp $R0 0 +3
# MessageBox MB_OK "An instance of the installer is already running."
# Abort
;;!define MUI_LANGDLL_ALWAYSSHOW
!insertmacro MUI_LANGDLL_DISPLAY