[gpgme] bad signature causes infinite loop in verify.c
Benjamin Lee
benjamin.lee at realthought.net
Wed May 21 15:36:15 CEST 2003
Hi all,
Using the cvs version of gpgme, there seems to be an infinite loop in
gpgme/verify.c inside parse_new_sig() when handling case
GPGME_STATUS_ERRSIG around line 188.
You'll notice that 'i' is never incremented so the while loop:
while (end && i < 4)
hangs the program.
The other problem was that strchr was being used incorrectly (although pre
1.43 it was being used correctly).
To create a test case, all one needs to do is gpg --clear-sign, and then
edit by hand the created .asc file, removing or adding a couple of
erroneous characters in the signature.
The bug seems to have appeared after revision 1.43 of verify.c.
I have not yet checked all other uses of strchr.
Find a patch attached.
--
Benjamin Lee
Melbourne, Australia "Always real." http://realthought.net/
__________________________________________________________________________
When the speaker and he to whom he is speaks do not understand, that is
metaphysics.
-- Voltaire
-------------- next part --------------
Index: gpgme/verify.c
===================================================================
RCS file: /cvs/gnupg/gpgme/gpgme/verify.c,v
retrieving revision 1.51
diff -u -b -B -r1.51 verify.c
--- gpgme/verify.c 18 May 2003 21:08:43 -0000 1.51
+++ gpgme/verify.c 18 May 2003 21:55:18 -0000
@@ -189,7 +189,15 @@
/* The return code is the 6th argument, if it is 9, the
problem is a missing key. */
while (end && i < 4)
+ {
end = strchr (end, ' ');
+
+ if ( end )
+ end++;
+
+ i++;
+ }
+
if (end && end[0] && (!end[1] || !end[1] == ' '))
{
switch (end[0])
@@ -221,6 +229,7 @@
if (!sig->fpr)
return GPGME_Out_Of_Core;
}
+
return 0;
}
More information about the Gnupg-devel
mailing list