security patches

David Shaw dshaw@jabberwocky.com
Tue Oct 9 19:21:01 2001 

--UugvWAfsgieZRqgk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Oct 09, 2001 at 06:21:26PM +0200, Florian Weimer wrote:

> David Shaw <dshaw@jabberwocky.com> writes:

>=20

> > > And there's a tendency for implementation errors because of the two

> > > areas which require rather different treatment.

> >=20

> > True.  The famous ADK bug was from this exact problem.

> >=20

> > It would be nice if the RFC had a note saying something like "Hey

> > Buddy - if you want to rely on these subpackets being unchangeable,

> > put them in the HASHED section!" :)

>=20

> This wouldn't have prevented the ADK bug.  Creating packets in the

> proper place is not too difficult, but if you don't add an additional

> layer of abstraction, you have to check whether a packet is in the

> hashed area or not in many places.


The ADK bug was that the ADK subpacket was allowed in the unhashed
area of the signature.  If PGP checked for which area the subpacket
was in (which it does now), then there would not have been a bug.  I
don't see this as checking in too many places - just in the minimal
places necessary.

The GnuPG code handles this nicely with two functions that say (in
effect), "give me this subpacket from the (hashed/unhashed) area", and
"give me this subpacket wherever it may live".  If a subpacket must
live in the hashed section, accepting it from the hashed section only
enforces this.

David

--=20
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+--------------------------------------------------------------------------=
-+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

--UugvWAfsgieZRqgk
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iQEVAwUBO8Mxgoccwqs8s7QVAQGLowgAmMd5cEq3RplLRGtmT1tX+rbQhe1jFb7Y
eoBggJvuZ4be3MBAFYhCBRkbDoOUPcuzOg1BcyvdFvEYkhGGwpkr6kHuBf0cIZ3N
21+DK47+1tNSCnztSOXsXxAlGUG1DcpF4r9VFP0j8z9XC4ap0JtAUpg797UMdtcM
GRHlix0IIjjMnwdX2NuXbQwj8qatYy+8KP4txjlDFHdjY5gfSyVNGLKetutmnhg9
+fAzQj6+B2V+/b7+EkmgtQ8TvCzZm+6vMRx9NQurjrLdp8dgR6hsSfGJy51znxbj
YGMcKXYoVrojPV0NvSSPnJ8LHBGPECqmsmX8tOCBrqIq7c9cYKDXFg==
=55Se
-----END PGP SIGNATURE-----

--UugvWAfsgieZRqgk--