[PATCH] scute: Remove prepended nul byte in signature data

Damien Goutte-Gattat dgouttegattat at incenp.org
Wed Mar 23 09:35:46 CET 2016

* src/agent.c (pksign_parse_result): Check for nul byte prepended
by the agent to the signature value.

GPG Agent may prepend a nul byte in the signature value if the
first byte of the signature has its most significant bit set, to
prevent it from being interpreted as a sign bit (see the function
agent_pksign_do, in GnuPG's agent/pksign.c file).

The current sexp parser in Scute does not expect this extra nul
byte, and will reject any signature containing it with a

This patch checks for an initial nul byte in the signature
data, and removes it.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
 src/agent.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/agent.c b/src/agent.c
index 7e968c0..ac5a30f 100644
--- a/src/agent.c
+++ b/src/agent.c
@@ -1025,6 +1025,13 @@ pksign_parse_result (const struct signature *sig,
   if (! n)
     return gpg_error (GPG_ERR_INV_SEXP);
+  /* Remove nul byte prepended by gpg-agent. */
+  if (*s == 0)
+    {
+      n -= 1;
+      s += 1;
+    }
   if (*len < (unsigned int) n)
     return gpg_error (GPG_ERR_INV_LENGTH);

More information about the Gnupg-devel mailing list