apparent clearsigning bug
Greg Troxel
gdt at ir.bbn.com
Mon Jan 11 14:36:55 CET 1999
This is with pure 0.9.1 (plus export-dynamic fix to compile) on
FreeBSD 2.2.X. I believe that final input lines without newlines are
at least sometimes handled incorrectly.
I found (by accident) that a message with a final line with a space
but no newline produced a clearsig that didn't verify.
Here is an example; the file contains the words
this is a sig test
on one line followed by a \n and then a ' ', and no trailing \n.
fnord gdt 84 ~/.gnupg > cat sig-test-1
this is a sig test
fnord gdt 85 ~/.gnupg > ed sig-test-1.asc
299
1,$l
-----BEGIN PGP SIGNED MESSAGE-----$
Hash: SHA1$
$
this is a sig test\r$
$
-----BEGIN PGP SIGNATURE-----$
Version: GnuPG v0.9.1 (FreeBSD)$
Comment: For info see http://www.gnupg.org$
$
iD8DBQE2mgli+vesoDJhHiURAvSLAJ9IxxAH2tPL/wMIxgkgN7PWKtWRYQCgmWWX$
LkkZC1iCxHxNSMhkQLrqbU4=$
=/8m4$
-----END PGP SIGNATURE-----$
BAD SIGNATURE
I note that the output has a ' ', but no \r.
A different file with a second line with just a ' ' but a proper
trailing \n has instead a normal empty line in the signature.
-----BEGIN PGP SIGNED MESSAGE-----$
Hash: SHA1$
$
this is a sig test\r$
\r$
$
-----BEGIN PGP SIGNATURE-----$
Version: GnuPG v0.9.1 (FreeBSD)$
Comment: For info see http://www.gnupg.org$
$
iD8DBQE2mgkm+vesoDJhHiURAhGSAJ9paggWVeEL6cgAjfI4jxuz71J6AgCgqPyy$
+7CLp7k/3vWDIeapMzE2fWo=$
=Mpin$
-----END PGP SIGNATURE-----$
GOOD SIGNATURE
More information about the Gnupg-devel
mailing list