gpg: Make the use of "--verify FILE" for detached sigs harder.

* g10/openfile.c (open_sigfile): Factor some code out to ... (get_matching_datafile): new function. * g10/plaintext.c (hash_datafiles): Do not try to find matching file in batch mode. * g10/mainproc.c (check_sig_and_print): Print a warning if a possibly matching data file is not used by a standard signatures. -- Allowing to use the abbreviated form for detached signatures is a long standing bug which has only been noticed by the public with the release of 2.1.0. :-( What we do is to remove the ability to check detached signature in --batch using the one file abbreviated mode. This should exhibit problems in scripts which use this insecure practice. We also print a warning if a matching data file exists but was not considered because the detached signature was actually a standard signature: gpgv: Good signature from "Werner Koch (dist sig)" gpgv: WARNING: not a detached signature; \ file 'gnupg-2.1.0.tar.bz2' was NOT verified! We can only print a warning because it is possible that a standard signature is indeed to be verified but by coincidence a file with a matching name is stored alongside the standard signature. Reported-by: Simon Nicolussi (to gnupg-users on Nov 7) Signed-off-by: Werner Koch <wk@gnupg.org> (backported from commit 69384568f6) Updated doc/gpg.texi.
2025-07-03 22:56:33 +02:00 · 2014-11-14 09:36:19 +01:00 · 2014-11-14 09:36:19 +01:00 · fbb50867f8
commit fbb50867f8
parent 42d2474a02
5 changed files with 129 additions and 47 deletions
--- a/g10/plaintext.c
+++ b/g10/plaintext.c
@ -538,13 +538,20 @@ hash_datafiles( MD_HANDLE md, MD_HANDLE md2, STRLIST files,
    STRLIST sl;

    if( !files ) {
-	/* check whether we can open the signed material */
-	fp = open_sigfile( sigfilename, &pfx );
-	if( fp ) {
-	    do_hash( md, md2, fp, textmode );
-	    iobuf_close(fp);
-	    return 0;
-	}
+      /* Check whether we can open the signed material.  We avoid
+         trying to open a file if run in batch mode.  This assumed
+         data file for a sig file feature is just a convenience thing
+         for the command line and the user needs to read possible
+         warning messages. */
+        if (!opt.batch) {
+            fp = open_sigfile( sigfilename, &pfx );
+            if( fp ) {
+                do_hash( md, md2, fp, textmode );
+	        iobuf_close(fp);
+	        return 0;
+            }
+        }
+
        log_error (_("no signed data\n"));
        return G10ERR_OPEN_FILE;
    }