[gpgme] bad signature causes infinite loop in verify.c

Benjamin Lee benjamin.lee at realthought.net
Wed May 21 15:36:15 CEST 2003


Hi all,

Using the cvs version of gpgme, there seems to be an infinite loop in
gpgme/verify.c inside parse_new_sig() when handling case
GPGME_STATUS_ERRSIG around line 188.

You'll notice that 'i' is never incremented so the while loop:

while (end && i < 4)

hangs the program.

The other problem was that strchr was being used incorrectly (although pre
1.43 it was being used correctly).

To create a test case, all one needs to do is gpg --clear-sign, and then
edit by hand the created .asc file, removing or adding a couple of
erroneous characters in the signature.

The bug seems to have appeared after revision 1.43 of verify.c. 

I have not yet checked all other uses of strchr.

Find a patch attached.

-- 
Benjamin Lee
Melbourne, Australia             "Always real."    http://realthought.net/

__________________________________________________________________________
When the speaker and he to whom he is speaks do not understand, that is
metaphysics.
		-- Voltaire
-------------- next part --------------
Index: gpgme/verify.c
===================================================================
RCS file: /cvs/gnupg/gpgme/gpgme/verify.c,v
retrieving revision 1.51
diff -u -b -B -r1.51 verify.c
--- gpgme/verify.c	18 May 2003 21:08:43 -0000	1.51
+++ gpgme/verify.c	18 May 2003 21:55:18 -0000
@@ -189,7 +189,15 @@
 	  /* The return code is the 6th argument, if it is 9, the
 	     problem is a missing key.  */
 	  while (end && i < 4)
+            {
 	    end = strchr (end, ' ');
+              
+              if ( end )
+                end++;
+              
+              i++;
+            }
+		
 	  if (end && end[0] && (!end[1] || !end[1] == ' '))
 	    {
 	      switch (end[0])
@@ -221,6 +229,7 @@
       if (!sig->fpr)
 	return GPGME_Out_Of_Core;
     }
+	
   return 0;
 }
 


More information about the Gnupg-devel mailing list