apparent clearsigning bug

Greg Troxel gdt at ir.bbn.com
Mon Jan 11 14:36:55 CET 1999


This is with pure 0.9.1 (plus export-dynamic fix to compile) on
FreeBSD 2.2.X.  I believe that final input lines without newlines are
at least sometimes handled incorrectly.

I found (by accident) that a message with a final line with a space
but no newline produced a clearsig that didn't verify.
Here is an example; the file contains the words
 this is a sig test
on one line followed by a \n and then a ' ', and no trailing \n.


fnord gdt 84 ~/.gnupg > cat sig-test-1
this is a sig test
 fnord gdt 85 ~/.gnupg > ed sig-test-1.asc
299
1,$l
-----BEGIN PGP SIGNED MESSAGE-----$
Hash: SHA1$
$
this is a sig test\r$
 $
-----BEGIN PGP SIGNATURE-----$
Version: GnuPG v0.9.1 (FreeBSD)$
Comment: For info see http://www.gnupg.org$
$
iD8DBQE2mgli+vesoDJhHiURAvSLAJ9IxxAH2tPL/wMIxgkgN7PWKtWRYQCgmWWX$
LkkZC1iCxHxNSMhkQLrqbU4=$
=/8m4$
-----END PGP SIGNATURE-----$

BAD SIGNATURE


I note that the output has a ' ', but no \r.

A different file with a second line with just a ' ' but a proper
trailing \n has instead a normal empty line in the signature.

-----BEGIN PGP SIGNED MESSAGE-----$
Hash: SHA1$
$
this is a sig test\r$
\r$
$
-----BEGIN PGP SIGNATURE-----$
Version: GnuPG v0.9.1 (FreeBSD)$
Comment: For info see http://www.gnupg.org$
$
iD8DBQE2mgkm+vesoDJhHiURAhGSAJ9paggWVeEL6cgAjfI4jxuz71J6AgCgqPyy$
+7CLp7k/3vWDIeapMzE2fWo=$
=Mpin$
-----END PGP SIGNATURE-----$

GOOD SIGNATURE




More information about the Gnupg-devel mailing list