[Fwd: Bug in 1.2.4 - cannot verify messages with lines that contain dashes]

[Kurt Fitzner]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

If this is a duplicated, please forgive me.  I didn't see it come back
to me - I figure that since it had an attachment originally it was
rejected...

I've tried to subscribe to the devel mailing list, but the web page
signup is broken, and I've received no response from
gnupg-devel-reguest, so I will post this bug report and patch here.

I noticed when trying to verify Atom-Smasher's signatures that GnuPG
hung up due to the fact that his signature has a line of dashes in it.
Unfortunately, fake_packet() in armor.c assumes that if a string of four
dashes is encountered, that it is the end of the signed message.

It is a fairly trivial fix.  I have attached a small diff patch that
will correct the issue.

Please accept my apologies if this has already been adressed in another
report.

	Kurt Fitzner


- --- armor_old.c	Tue Sep 16 20:20:18 2003
+++ armor.c	Fri Mar 19 07:20:38 2004
@@ -549,11 +549,11 @@
~ 	    }
~ 	    else if( n >= 15 &&  p[1] == '-' && p[2] == '-' && p[3] == '-' ) {
~ 		int type = is_armor_header( p, n );
~ 		if( afx->not_dash_escaped && type != BEGIN_SIGNATURE )
~ 		    ; /* this is okay */
- -		else {
+		else if (type != -1) {
~ 		    if( type != BEGIN_SIGNATURE ) {
~ 			log_info(_("unexpected armor:"));
~ 			print_string( stderr, p, n, 0 );
~ 			putc('\n', stderr);
~ 		    }

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQEVAwUBQF3I9d366Kf2Ie2tAQKAngf+MVCm8PI1Mq/x1VSq6iaQh2ztmjwHZQkr
/Rq6TagWPnh/lLE9cS0jlsTddimQGM4GVREtraggtJBdByDQ9ERRiSRm0V+845CB
I214xksIYb4kZYXgrwfkwxQScwLboLhvNad2Mae04DU62CHpdZGHFQbWJ5C6nniJ
UYLDQXBzeLNeWJFWeT0OltwnCSDzfHy5DgH708EVtlC0eQouUu6dhfOoSUZz66xK
ei2MSXvZrhMjm1Kzg6TVIXTpeEb7+4zkCd26O2ZKCCrbLuC36lmAU9KmPQ6NfNbd
0W2qg/73G3kJtWvPpMYGYv+LBSq995+nftK4ZBrMvQERjW8Y3lKacQ==
=l2kt
-----END PGP SIGNATURE-----