[gpgme] bad signature causes infinite loop in verify.c
Benjamin Lee
benjaminlee at users.sf.net
Mon May 19 03:17:02 CEST 2003
On Monday, 2003-05-19 at 09:16:03 AM, Marcus Brinkmann scribbled:
> On Mon, May 19, 2003 at 08:12:42AM +1000, Benjamin Lee wrote:
*snip*
>
> [embarrasing code snippet removed ;)]
>
;-P
> Thanks for finding this bug and sending a patch. I just put it into CVS.
>
Not a problem.
> > To create a test case, all one needs to do is gpg --clear-sign, and then
> > edit by hand the created .asc file, removing or adding a couple of
> > erroneous characters in the signature.
>
> You must have been lucky. I tried this, and I only get checksum errors,
Hmm... I guess so, although I haven't really checked carefully what I
did to the .asc (I'll send it along for reference sake, later, it's not
very large)... but lucky, I was lucky, I suppose. ;-)
> NODATA or BADARMOR status code (note that in two of these cases, gpgme will
> fail the operation silently, ie return GPGME_No_Error - this is going to be
> fixed in a major overhaul of the error handling at some time).
>
> > I have not yet checked all other uses of strchr.
>
> I just did, and it seemed to be a single incident.
>
Cool magool.
Later,
Ben.
--
Benjamin Lee
Melbourne, Australia "Always real." http://realthought.net/
__________________________________________________________________________
Science is what happens when preconception meets verification.
More information about the Gnupg-devel
mailing list