MDC bug in GPG ?

disastry@saiknes.lv disastry@saiknes.lv
Tue Aug 13 13:10:01 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Seems there is something wrong in GPG in MDC packet parsing.

I'm adding MDC support to mpgp, but I made a mistake: instead of 0xD3, 0x20 I put 0xD3, 0x22,
and GPG 1.0.7 and 1.1.91 decrypted it just fine and did not complained about error!
with -v -v it said: "gpg: decryption okay".

in parse-packet.c parse_mdc() there is check:
    if( !new_ctb || pktlen != 20 ) {
	log_error("mdc_packet with invalid encoding\n");
but obviously it didn't worked...

__
Disastry  http://disastry.dhs.org/
http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon
 ^----PGP 2.6.3ia-multi06 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
      AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes)
-----BEGIN PGP SIGNATURE-----
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1

iQA/AwUBPVjBSzBaTVEuJQxkEQPeogCfSgfHmdbS4S014AZnUJqaGu2wULgAn3/g
1/MkcP4Arn2CRIDXJezLwmwN
=REvK
-----END PGP SIGNATURE-----