MDC bug in GPG ?

Michael Young mwy-gpg41 at the-youngs.org
Wed Aug 21 07:05:02 CEST 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Subject: Re: MDC bug in GPG ?

> From: Werner Koch <wk at gnupg.org>
> It is not expected that a packet follows an
> compression packet because the length of the compressed packet is
> implicitly known and all trailing garbage is ignored.  Changing this
> is hard and so we better keep it as it is.

I've complained before that I think that depending on the
"implicit length" from a compression packet is bad form,
and is (or should be) disallowed by RFC2440.

Ignoring "trailing garbage" cannot be a good thing.  Yes, protocols
can be designed to ignore features intended for future use.  But that's
not the case here.  It would be a shame to pass up the opportunity to
detect malformed input.

Is your only concern that it's hard to change?  If so, would you
accept a contributed change to use a bounded packet?  (I don't really
think I'll have the time to do it, but there's no point to my
working on it if you have other objections.)

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQA/AwUBPWMRQFMkvpTT8vCGEQIhKACfUGGosVUVyjrkipTeWtdXS6d34iUAoOuF
RScY5qywZYxhMcK9GqzDYlwW
=TAdq
-----END PGP SIGNATURE-----






More information about the Gnupg-devel mailing list