Patch for detached signature bug
Werner Koch
wk at gnupg.org
Thu Nov 30 11:43:40 CET 2000
Hi,
I think I have fixed the problem Rene Puls figured out. The
drawback with this solution (and I can't think of any other), is
that the semantics of --verify have changed to address the problem.
--verify now ignores signed material given on stdin unless this is
requested by using a "-" as the name for the file with the signed
material.
So if you have any code using gpg in a way like this:
cat foo.tar.gz | gpg --verify foo.tar.gz.sig
you must change it to:
cat foo.tar.gz | gpg --verify foo.tar.gz.sig -
This second form does also work with all other versions of gpg.
If this patch works for you, and will post the patch on announce
later this day.
Werner
Apply the patch using patch -p1 while in the top directory of the
GnuPG source. The patch is against the 1.0.4 release.
--- gnupg-1.0.4/g10/mainproc.c Mon Oct 16 19:12:30 2000
+++ gnupg-stable/g10/mainproc.c Thu Nov 30 10:31:01 2000
@@ -1296,6 +1299,10 @@
return;
}
}
+ else if ( c->signed_data ) {
+ log_error (_("not a detached signature\n") );
+ return;
+ }
for( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); )
check_sig_and_print( c, n1 );
@@ -1307,6 +1314,10 @@
log_error("cleartext signature without data\n" );
return;
}
+ else if ( c->signed_data ) {
+ log_error (_("not a detached signature\n") );
+ return;
+ }
for( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); )
check_sig_and_print( c, n1 );
@@ -1365,6 +1376,10 @@
return;
}
}
+ else if ( c->signed_data ) {
+ log_error (_("not a detached signature\n") );
+ return;
+ }
else
log_info(_("old style (PGP 2.x) signature\n"));
--- gnupg-1.0.4/g10/plaintext.c Wed Jul 26 11:21:58 2000
+++ gnupg-stable/g10/plaintext.c Thu Nov 30 11:03:03 2000
@@ -370,7 +370,7 @@
const char *sigfilename, int textmode )
{
IOBUF fp;
- STRLIST sl=NULL;
+ STRLIST sl;
if( !files ) {
/* check whether we can open the signed material */
@@ -380,28 +380,26 @@
iobuf_close(fp);
return 0;
}
- /* no we can't (no sigfile) - read signed stuff from stdin */
- add_to_strlist( &sl, "-");
+ log_error (_("no signed data\n"));
+ return G10ERR_OPEN_FILE;
}
- else
- sl = files;
- for( ; sl; sl = sl->next ) {
+
+ for (sl=files; sl; sl = sl->next ) {
fp = iobuf_open( sl->d );
if( !fp ) {
log_error(_("can't open signed data `%s'\n"),
print_fname_stdin(sl->d));
- if( !files )
- free_strlist(sl);
return G10ERR_OPEN_FILE;
}
do_hash( md, md2, fp, textmode );
iobuf_close(fp);
}
- if( !files )
- free_strlist(sl);
return 0;
}
+
+
+
--- gnupg-1.0.4/g10/openfile.c Tue Sep 5 17:31:57 2000
+++ gnupg-stable/g10/openfile.c Thu Nov 30 10:56:06 2000
@@ -257,7 +257,7 @@
buf = m_strdup(iname);
buf[len-4] = 0 ;
a = iobuf_open( buf );
- if( opt.verbose )
+ if( a && opt.verbose )
log_info(_("assuming signed data in `%s'\n"), buf );
m_free(buf);
}
@@ -329,7 +329,7 @@
if ( ( *defhome == '~'
&& ( strlen(fname) >= strlen (defhome+1)
- && !strcmp(fname+strlen(defhome+1)-strlen(defhome+1),
+ && !strcmp(fname+strlen(fname)-strlen(defhome+1),
defhome+1 ) ))
|| ( *defhome != '~'
&& !compare_filenames( fname, defhome ) )
@@ -345,7 +345,3 @@
g10_exit(1);
}
}
-
-
-
-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
Url : /pipermail/attachments/20001130/9a1716b0/attachment.bin
More information about the Gnupg-devel
mailing list