Patch for detached signature bug
Werner Koch
wk@gnupg.org
Thu, 30 Nov 2000 11:43:40 +0100
--b8GWCKCLzrXbuNet
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi,
I think I have fixed the problem Rene Puls figured out. The
drawback with this solution (and I can't think of any other), is
that the semantics of --verify have changed to address the problem.
--verify now ignores signed material given on stdin unless this is
requested by using a "-" as the name for the file with the signed
material.
So if you have any code using gpg in a way like this:
cat foo.tar.gz | gpg --verify foo.tar.gz.sig
you must change it to:
cat foo.tar.gz | gpg --verify foo.tar.gz.sig -
This second form does also work with all other versions of gpg.
=20
If this patch works for you, and will post the patch on announce
later this day. =20
Werner
Apply the patch using patch -p1 while in the top directory of the
GnuPG source. The patch is against the 1.0.4 release.
--- gnupg-1.0.4/g10/mainproc.c Mon Oct 16 19:12:30 2000
+++ gnupg-stable/g10/mainproc.c Thu Nov 30 10:31:01 2000
@@ -1296,6 +1299,10 @@
return;
}
}
+ else if ( c->signed_data ) {
+ log_error (_("not a detached signature\n") );
+ return;
+ }
=20
for( n1 =3D node; (n1 =3D find_next_kbnode(n1, PKT_SIGNATURE )); )
check_sig_and_print( c, n1 );
@@ -1307,6 +1314,10 @@
log_error("cleartext signature without data\n" );
return;
}
+ else if ( c->signed_data ) {
+ log_error (_("not a detached signature\n") );
+ return;
+ }
=09
for( n1 =3D node; (n1 =3D find_next_kbnode(n1, PKT_SIGNATURE )); )
check_sig_and_print( c, n1 );
@@ -1365,6 +1376,10 @@
return;
}
}
+ else if ( c->signed_data ) {
+ log_error (_("not a detached signature\n") );
+ return;
+ }
else
log_info(_("old style (PGP 2.x) signature\n"));
=20
--- gnupg-1.0.4/g10/plaintext.c Wed Jul 26 11:21:58 2000
+++ gnupg-stable/g10/plaintext.c Thu Nov 30 11:03:03 2000
@@ -370,7 +370,7 @@
const char *sigfilename, int textmode )
{
IOBUF fp;
- STRLIST sl=3DNULL;
+ STRLIST sl;
=20
if( !files ) {
/* check whether we can open the signed material */
@@ -380,28 +380,26 @@
iobuf_close(fp);
return 0;
}
- /* no we can't (no sigfile) - read signed stuff from stdin */
- add_to_strlist( &sl, "-");
+ log_error (_("no signed data\n"));
+ return G10ERR_OPEN_FILE;
}
- else
- sl =3D files;
=20
- for( ; sl; sl =3D sl->next ) {
+
+ for (sl=3Dfiles; sl; sl =3D sl->next ) {
fp =3D iobuf_open( sl->d );
if( !fp ) {
log_error(_("can't open signed data `%s'\n"),
print_fname_stdin(sl->d));
- if( !files )
- free_strlist(sl);
return G10ERR_OPEN_FILE;
}
do_hash( md, md2, fp, textmode );
iobuf_close(fp);
}
=20
- if( !files )
- free_strlist(sl);
return 0;
}
+
+
+
=20
=20
--- gnupg-1.0.4/g10/openfile.c Tue Sep 5 17:31:57 2000
+++ gnupg-stable/g10/openfile.c Thu Nov 30 10:56:06 2000
@@ -257,7 +257,7 @@
buf =3D m_strdup(iname);
buf[len-4] =3D 0 ;
a =3D iobuf_open( buf );
- if( opt.verbose )
+ if( a && opt.verbose )
log_info(_("assuming signed data in `%s'\n"), buf );
m_free(buf);
}
@@ -329,7 +329,7 @@
=20
if ( ( *defhome =3D=3D '~'
&& ( strlen(fname) >=3D strlen (defhome+1)
- && !strcmp(fname+strlen(defhome+1)-strlen(defhome+1),
+ && !strcmp(fname+strlen(fname)-strlen(defhome+1),
defhome+1 ) ))
|| ( *defhome !=3D '~'
&& !compare_filenames( fname, defhome ) )
@@ -345,7 +345,3 @@
g10_exit(1);
}
}
-
-
-
-
--b8GWCKCLzrXbuNet
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6Ji9cbH7huGIcwBMRAn1QAJ9CgMelVEMM03MizKFxkIGlZuRdMACePQfG
YjYCxILCH/eLc59Gxfy7IIo=
=A7so
-----END PGP SIGNATURE-----
--b8GWCKCLzrXbuNet--