Bug in 1.2.4 - cannot verify messages with lines that contain dashes

Kurt Fitzner kfitzner at excelcia.org
Mon Mar 22 04:00:43 CET 2004


David Shaw wrote:

> I'm afraid I don't really understand the problem you're having.  Can
> you post an example of the problem?  I have never had a problem
> verifying a signature from anyone on this list.

It appears that I was mistaken.  It is a bug in either Mozilla 
Thunderbird or in Enigmail (or both).  It seems that the dash escape is 
removed from messages before it is passed to GnuPG.

However, I would still suggest the submitted patch be incorporated. 
Without it, gpg assumes that any line that starts with 4 dashes is a 
armor header.  With the patch, it will ignore dashed lines unless they 
are a known OpenPGP header - at which point, if it is not the header 
that gpg is looking for, it will still output an "unexpected armor" 
error message.

Attached is a zipped file with an example message where the dash escape 
has been removed from a non-gpg-armor line.  The change in the patch 
will allow it to be verified, whereas stock 1.2.4 will die with a series 
of errors.

With the patch, improperly escaped messages will still be able to be 
verified unless they contain nested armor headers where the escaping has 
also been removed.  Additionally, it nullifies the need to dash escape 
lines that are not actually OpenPGP armor headers - thus preserving the 
formatting on clearsigned text more faithfully.

If this change is rejected, I still suggest that the errors returned 
when gpg attempts to verify the signature on the sample message should 
be verbose-mode messages only. I'm not sure that exposing the internal 
gpg errors that occur when bad armor is found is a good thing.  At 
least, not unless verbose output is selected. I would suggest that "good 
signature", "bad signature" or "no signature" be the only normal output 
when verifying a message.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: ClearsignedDashes.zip
Type: application/x-zip-compressed
Size: 655 bytes
Desc: not available
Url : /pipermail/attachments/20040321/13ff161f/ClearsignedDashes.bin


More information about the Gnupg-users mailing list