[PATCH] scute: Remove prepended nul byte in signature data
Damien Goutte-Gattat
dgouttegattat at incenp.org
Wed Mar 23 09:35:46 CET 2016
* src/agent.c (pksign_parse_result): Check for nul byte prepended
by the agent to the signature value.
--
GPG Agent may prepend a nul byte in the signature value if the
first byte of the signature has its most significant bit set, to
prevent it from being interpreted as a sign bit (see the function
agent_pksign_do, in GnuPG's agent/pksign.c file).
The current sexp parser in Scute does not expect this extra nul
byte, and will reject any signature containing it with a
GPG_ERR_INV_LENGTH error.
This patch checks for an initial nul byte in the signature
data, and removes it.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
---
src/agent.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/agent.c b/src/agent.c
index 7e968c0..ac5a30f 100644
--- a/src/agent.c
+++ b/src/agent.c
@@ -1025,6 +1025,13 @@ pksign_parse_result (const struct signature *sig,
if (! n)
return gpg_error (GPG_ERR_INV_SEXP);
+ /* Remove nul byte prepended by gpg-agent. */
+ if (*s == 0)
+ {
+ n -= 1;
+ s += 1;
+ }
+
if (*len < (unsigned int) n)
return gpg_error (GPG_ERR_INV_LENGTH);
--
2.7.3
More information about the Gnupg-devel
mailing list