diff options
| author | Werner Koch <wk@gnupg.org> | 2022-11-10 14:50:21 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2022-11-10 14:55:38 +0100 |
| commit | 976e9d608367f481f21ab13ec6125dc8ab3ad345 (patch) | |
| tree | 0c8c2668ca14d422e9d4050bdcdf6801988320db /g10/armor.c | |
| parent | gpg: Move w32_system function. (diff) | |
| download | gnupg2-976e9d608367f481f21ab13ec6125dc8ab3ad345.tar.xz gnupg2-976e9d608367f481f21ab13ec6125dc8ab3ad345.zip | |
gpg: Fix verification of cleartext signatures with overlong lines.
* g10/armor.c (fake_packet): Indicate truncated lines by inserting a
formfeed.
(armor_filter): Replace assert by log_assert.
--
Reported-by: Demi Marie Obenour
GnuPG-bug-id: T6272
Diffstat (limited to '')
| -rw-r--r-- | g10/armor.c | 29 |
1 files changed, 24 insertions, 5 deletions
diff --git a/g10/armor.c b/g10/armor.c index fc299c74a..b47c04ab3 100644 --- a/g10/armor.c +++ b/g10/armor.c @@ -650,6 +650,7 @@ fake_packet( armor_filter_context_t *afx, IOBUF a, byte *p; byte tempbuf[PARTIAL_CHUNK]; size_t tempbuf_len=0; + int this_truncated; while( !rc && size-len>=(PARTIAL_CHUNK+1)) { /* copy what we have in the line buffer */ @@ -684,7 +685,13 @@ fake_packet( armor_filter_context_t *afx, IOBUF a, continue; } if( !maxlen ) + { afx->truncated++; + this_truncated = 1; + } + else + this_truncated = 0; + p = afx->buffer; n = afx->buffer_len; @@ -737,7 +744,7 @@ fake_packet( armor_filter_context_t *afx, IOBUF a, } /* Now handle the end-of-line canonicalization */ - if( !afx->not_dash_escaped ) + if( !afx->not_dash_escaped || this_truncated) { int crlf = n > 1 && p[n-2] == '\r' && p[n-1]=='\n'; @@ -754,10 +761,17 @@ fake_packet( armor_filter_context_t *afx, IOBUF a, * or calculate the hash here in this module and somehow find * a way to send the hash down the processing line (well, a special * faked packet could do the job). + * + * To make sure that a truncated line triggers a bad + * signature error we replace a removed LF by a FF or + * append a FF. Right, this is a hack but better than a + * global variable and way easier than to introduce a new + * control packet or insert a line like "[truncated]\n" + * into the filter output. */ if( crlf ) afx->buffer[afx->buffer_len++] = '\r'; - afx->buffer[afx->buffer_len++] = '\n'; + afx->buffer[afx->buffer_len++] = this_truncated? '\f':'\n'; afx->buffer[afx->buffer_len] = '\0'; } } @@ -1126,11 +1140,11 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn, rc = 0; else if( rc == 2 ) { log_error(_("premature eof (in trailer)\n")); - rc = GPG_ERR_INVALID_ARMOR; + rc = GPG_ERR_INV_ARMOR; } else { log_error(_("error in trailer line\n")); - rc = GPG_ERR_INVALID_ARMOR; + rc = GPG_ERR_INV_ARMOR; } #endif } @@ -1278,7 +1292,7 @@ armor_filter( void *opaque, int control, if( !fp ) { fp = fopen("armor.out", "w"); - assert(fp); + log_assert(fp); } #endif @@ -1539,6 +1553,11 @@ armor_filter( void *opaque, int control, afx->no_openpgp_data = 1; write_status_text( STATUS_NODATA, "1" ); } + /* Note that in a cleartext signature truncated lines in the + * plaintext are detected and propagated to the signature + * checking code by inserting a \f into the plaintext. We do + * not use log_info here because some of the truncated lines + * are harmless. */ if( afx->truncated ) log_info(_("invalid armor: line longer than %d characters\n"), MAX_LINELEN ); |