* sig-check.c (signature_check2): Sanity check that the md has a context

for the hash that the sig is expecting. This can happen if a onepass sig header does not match the actual sig, and also if the clearsign "Hash:" header is missing or does not match the actual sig.
2025-04-17 15:44:34 +02:00 · 2002-08-07 19:53:27 +00:00 · 2002-08-07 19:53:27 +00:00 · e703540328
commit e703540328
parent bed4e0daa0
2 changed files with 17 additions and 1 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,5 +1,11 @@
 2002-08-07  David Shaw  <dshaw@jabberwocky.com>

+	* sig-check.c (signature_check2): Sanity check that the md has a
+	context for the hash that the sig is expecting.  This can happen
+	if a onepass sig header does not match the actual sig, and also if
+	the clearsign "Hash:" header is missing or does not match the
+	actual sig.
+
 	* keyedit.c (menu_revsig): Properly show a uid is revoked without
 	restarting gpg.  This is Debian bug 124219, though their supplied
 	patch will not do the right thing.
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@ -63,7 +63,17 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest,
    int rc=0;

    *r_expiredate = 0;
-    if( get_pubkey( pk, sig->keyid ) )
+
+    /* Sanity check that the md has a context for the hash that the
+       sig is expecting.  This can happen if a onepass sig header does
+       not match the actual sig, and also if the clearsign "Hash:"
+       header is missing or does not match the actual sig. */
+
+    if(!md_algo_present(digest,sig->digest_algo)) {
+        log_info(_("WARNING: signature digest conflict in message\n"));
+	rc=G10ERR_BAD_SIGN;
+    }
+    else if( get_pubkey( pk, sig->keyid ) )
 	rc = G10ERR_NO_PUBKEY;
    else if(!pk->is_valid &&
 	    (pk->main_keyid[0]!=pk->keyid[0] ||