mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-02 22:46:30 +02:00
gpg: Make the use of "--verify FILE" for detached sigs harder.
* g10/openfile.c (open_sigfile): Factor some code out to ...
(get_matching_datafile): new function.
* g10/plaintext.c (hash_datafiles): Do not try to find matching file
in batch mode.
* g10/mainproc.c (check_sig_and_print): Print a warning if a possibly
matching data file is not used by a standard signatures.
--
Allowing to use the abbreviated form for detached signatures is a long
standing bug which has only been noticed by the public with the
release of 2.1.0. :-(
What we do is to remove the ability to check detached signature in
--batch using the one file abbreviated mode. This should exhibit
problems in scripts which use this insecure practice. We also print a
warning if a matching data file exists but was not considered because
the detached signature was actually a standard signature:
gpgv: Good signature from "Werner Koch (dist sig)"
gpgv: WARNING: not a detached signature; \
file 'gnupg-2.1.0.tar.bz2' was NOT verified!
We can only print a warning because it is possible that a standard
signature is indeed to be verified but by coincidence a file with a
matching name is stored alongside the standard signature.
Reported-by: Simon Nicolussi (to gnupg-users on Nov 7)
Signed-off-by: Werner Koch <wk@gnupg.org>
(backported from commit 69384568f6)
This commit is contained in:
Werner Koch
parent
da95d0d378
commit
a5ca45e616
4 changed files with 115 additions and 39 deletions
|
|
@ -546,17 +546,25 @@ hash_datafiles( gcry_md_hd_t md, gcry_md_hd_t md2, strlist_t files,
|
|||
pfx = new_progress_context ();
|
||||
|
||||
if( !files ) {
|
||||
/* check whether we can open the signed material */
|
||||
fp = open_sigfile( sigfilename, pfx );
|
||||
if( fp ) {
|
||||
do_hash( md, md2, fp, textmode );
|
||||
iobuf_close(fp);
|
||||
release_progress_context (pfx);
|
||||
return 0;
|
||||
}
|
||||
log_error (_("no signed data\n"));
|
||||
release_progress_context (pfx);
|
||||
return gpg_error (GPG_ERR_NO_DATA);
|
||||
/* Check whether we can open the signed material. We avoid
|
||||
trying to open a file if run in batch mode. This assumed
|
||||
data file for a sig file feature is just a convenience thing
|
||||
for the command line and the user needs to read possible
|
||||
warning messages. */
|
||||
if (!opt.batch)
|
||||
{
|
||||
fp = open_sigfile( sigfilename, pfx );
|
||||
if( fp )
|
||||
{
|
||||
do_hash( md, md2, fp, textmode );
|
||||
iobuf_close(fp);
|
||||
release_progress_context (pfx);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
log_error (_("no signed data\n"));
|
||||
release_progress_context (pfx);
|
||||
return gpg_error (GPG_ERR_NO_DATA);
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -615,7 +623,7 @@ hash_datafile_by_fd ( gcry_md_hd_t md, gcry_md_hd_t md2, int data_fd,
|
|||
do_hash ( md, md2, fp, textmode);
|
||||
|
||||
iobuf_close(fp);
|
||||
|
||||
|
||||
release_progress_context (pfx);
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue