[gpgme] bad signature causes infinite loop in verify.c

Benjamin Lee benjaminlee at users.sf.net
Mon May 19 03:17:02 CEST 2003

On Monday, 2003-05-19 at 09:16:03 AM, Marcus Brinkmann scribbled:
> On Mon, May 19, 2003 at 08:12:42AM +1000, Benjamin Lee wrote:


> [embarrasing code snippet removed ;)]


> Thanks for finding this bug and sending a patch.  I just put it into CVS.

Not a problem.

> > To create a test case, all one needs to do is gpg --clear-sign, and then
> > edit by hand the created .asc file, removing or adding a couple of
> > erroneous characters in the signature.
> You must have been lucky.  I tried this, and I only get checksum errors,

Hmm... I guess so, although I haven't really checked carefully what I
did to the .asc (I'll send it along for reference sake, later, it's not
very large)... but lucky, I was lucky, I suppose. ;-)

> NODATA or BADARMOR status code (note that in two of these cases, gpgme will
> fail the operation silently, ie return GPGME_No_Error - this is going to be
> fixed in a major overhaul of the error handling at some time).
> > I have not yet checked all other uses of strchr.
> I just did, and it seemed to be a single incident.

Cool magool.


Benjamin Lee
Melbourne, Australia             "Always real."    http://realthought.net/

Science is what happens when preconception meets verification.

More information about the Gnupg-devel mailing list