gpg --verify hangs on malformed signature
Werner Koch
wk at isil.d.shuttle.de
Wed Jul 22 10:07:09 CEST 1998
Steffen Ullrich <ccrlphr at xensei.com> writes:
> Sorry, but the patch doesn't help. Looking at the debug messages I think here is the one
> who shows the problem first:
>
> gpg: DBG: armor-filter: control: 3
> gpg: CRC error; d8b879 - 826da9
> gpg: DBG: parse_packet(iob=6): type=4 length=604044300
> ^^^^^^^^^^^^
I noticed that. The reason is that the (armored) data is scrambled
and the parsing codes sees a packet of this length. Yes, my patch is
not good: skip_rest does not return an error code and the error
checking
at the end of parse is only done if the parsingfunction returns with
-1; which it does not. We should change the line after the leave
label in parse() to:
if( !rc && iobuf_error(inp) )
rc = ...
I think I should add some test cases for invalid data.
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg: There is no indication that the signature belongs to the owner.
>
> when I vaildate the valid signature of a mail. I imported the foreign key, signed it and now I would think
> if I signed the key it should be trusted - or whom should I trust if not me?
Can you check this again with option "--debug 256"? Anyway I'm
currently rewriting all this stuff.
> BTW, did you know that the german division of Network Associates (which know owns PGP) charges 3049,-
> DM for a 10 user License? They still give you only the NT and Mac version, but starting with 10
> users you are allowed to use the code which is available commercially under UNIX.
Really? www.pgpi.com?
Werner
More information about the Gnupg-devel
mailing list