Injecting Status-fd output

Werner Koch wk at gnupg.org
Thu Mar 8 12:20:59 CET 2007


On Thu,  8 Mar 2007 09:50, nicholas.cole at gmail.com said:

> Usually, I read the --status-fd output and the statard output
> seperately, but obviously this has its own problems.

gpg should make sure that this is syncronized.  But wait, I just
checked the writing of the plaintext and found a problem when writing
to stdout.  In this case the file pointer will not be closed at the
end of the wrinting.  If this is now a plaintext packet which is not
signed and followed by a signed plaintext, it is possible that some
data of the first packet might have not been flushed at the time the
the PLAINTEXT status is written.  I just fixed this by making sure
that stdout gets flushed before and after writing out a plaintext.

Fortunately this can't be exploited with gpg 1.4.7 as a plaintext
packet will lead to an error.  It is however a problem for
applications taking care of the plaintext status line.

I am not sure whether this is really exploitable but an update to gpg
1.4.7 is highly suggested.

> If the two are read together, however, as they seem to be intended to
> be, what is to stop the plaintext injecting lines that begin:
>
> [GPG: ]
>
> into its output and upsetting whatever parsing engine is doing the reading?

This is an old problem and something we can't easily fix.  Detecting
this marker in the plaintext is of course possible but what shall we
do about it?  We would need to modify the message and thus break a lot
of applications.  It might we possible to do this for the case of
status-fd and output writing to stdout only.


Salam-Shalom,

   Werner




More information about the Gnupg-devel mailing list