security patches

David Shaw dshaw@jabberwocky.com
Tue Oct 9 19:21:01 2001


--UugvWAfsgieZRqgk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Oct 09, 2001 at 06:21:26PM +0200, Florian Weimer wrote:

> David Shaw <dshaw@jabberwocky.com> writes:
>=20
> > > And there's a tendency for implementation errors because of the two
> > > areas which require rather different treatment.
> >=20
> > True. The famous ADK bug was from this exact problem.
> >=20
> > It would be nice if the RFC had a note saying something like "Hey
> > Buddy - if you want to rely on these subpackets being unchangeable,
> > put them in the HASHED section!" :)
>=20
> This wouldn't have prevented the ADK bug. Creating packets in the
> proper place is not too difficult, but if you don't add an additional
> layer of abstraction, you have to check whether a packet is in the
> hashed area or not in many places.
The ADK bug was that the ADK subpacket was allowed in the unhashed area of the signature. If PGP checked for which area the subpacket was in (which it does now), then there would not have been a bug. I don't see this as checking in too many places - just in the minimal places necessary. The GnuPG code handles this nicely with two functions that say (in effect), "give me this subpacket from the (hashed/unhashed) area", and "give me this subpacket wherever it may live". If a subpacket must live in the hashed section, accepting it from the hashed section only enforces this. David --=20 David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +--------------------------------------------------------------------------= -+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson --UugvWAfsgieZRqgk Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iQEVAwUBO8Mxgoccwqs8s7QVAQGLowgAmMd5cEq3RplLRGtmT1tX+rbQhe1jFb7Y eoBggJvuZ4be3MBAFYhCBRkbDoOUPcuzOg1BcyvdFvEYkhGGwpkr6kHuBf0cIZ3N 21+DK47+1tNSCnztSOXsXxAlGUG1DcpF4r9VFP0j8z9XC4ap0JtAUpg797UMdtcM GRHlix0IIjjMnwdX2NuXbQwj8qatYy+8KP4txjlDFHdjY5gfSyVNGLKetutmnhg9 +fAzQj6+B2V+/b7+EkmgtQ8TvCzZm+6vMRx9NQurjrLdp8dgR6hsSfGJy51znxbj YGMcKXYoVrojPV0NvSSPnJ8LHBGPECqmsmX8tOCBrqIq7c9cYKDXFg== =55Se -----END PGP SIGNATURE----- --UugvWAfsgieZRqgk--