Detect and bailo out on double plaintext messages.

This commit is contained in:
Werner Koch 2007-02-26 10:36:08 +00:00
parent 69346c7aad
commit 1786019d68
6 changed files with 80 additions and 12 deletions

6
NEWS
View File

@ -1,3 +1,9 @@
Noteworthy changes in version 1.1.4
------------------------------------------------
* Detect and bail out on double plaintext messages.
Noteworthy changes in version 1.1.3 (2007-01-29) Noteworthy changes in version 1.1.3 (2007-01-29)
------------------------------------------------ ------------------------------------------------

View File

@ -1,3 +1,11 @@
2007-02-26 Werner Koch <wk@g10code.com>
* verify.c (op_data_t): New element PLAINTEXT_SEEN.
(_gpgme_verify_status_handler): Return an error if more than one
plaintext has been seen.
(parse_error): New arg SET_STATUS. Also detect it based on an
ERROR status (gpg > 1.4.6).
2007-01-26 Werner Koch <wk@g10code.com> 2007-01-26 Werner Koch <wk@g10code.com>
* w32-io.c (build_commandline): Fixed stupid quoting bug. * w32-io.c (build_commandline): Fixed stupid quoting bug.

View File

@ -72,7 +72,7 @@ extern "C" {
AM_PATH_GPGME macro) check that this header matches the installed AM_PATH_GPGME macro) check that this header matches the installed
library. Warning: Do not edit the next line. configure will do library. Warning: Do not edit the next line. configure will do
that for you! */ that for you! */
#define GPGME_VERSION "1.1.3-cvs1202" #define GPGME_VERSION "1.1.3"

View File

@ -40,6 +40,7 @@ typedef struct
gpgme_signature_t current_sig; gpgme_signature_t current_sig;
int did_prepare_new_sig; int did_prepare_new_sig;
int only_newsig_seen; int only_newsig_seen;
int plaintext_seen;
} *op_data_t; } *op_data_t;
@ -549,8 +550,11 @@ parse_trust (gpgme_signature_t sig, gpgme_status_code_t code, char *args)
} }
/* Parse an error status line and if SET_STATUS is true update the
result status as appropriate. With SET_STATUS being false, only
check for an error. */
static gpgme_error_t static gpgme_error_t
parse_error (gpgme_signature_t sig, char *args) parse_error (gpgme_signature_t sig, char *args, int set_status)
{ {
gpgme_error_t err; gpgme_error_t err;
char *where = strchr (args, ' '); char *where = strchr (args, ' ');
@ -572,7 +576,16 @@ parse_error (gpgme_signature_t sig, char *args)
err = _gpgme_map_gnupg_error (which); err = _gpgme_map_gnupg_error (which);
if (!strcmp (where, "verify.findkey")) if (!strcmp (where, "proc_pkt.plaintext")
&& gpg_err_code (err) == GPG_ERR_BAD_DATA)
{
/* This indicates a double plaintext. The only solid way to
handle this is by failing the oepration. */
return gpg_error (GPG_ERR_BAD_DATA);
}
else if (!set_status)
;
else if (!strcmp (where, "verify.findkey"))
sig->status = err; sig->status = err;
else if (!strcmp (where, "verify.keyusage") else if (!strcmp (where, "verify.keyusage")
&& gpg_err_code (err) == GPG_ERR_WRONG_KEY_USAGE) && gpg_err_code (err) == GPG_ERR_WRONG_KEY_USAGE)
@ -670,9 +683,9 @@ _gpgme_verify_status_handler (void *priv, gpgme_status_code_t code, char *args)
case GPGME_STATUS_ERROR: case GPGME_STATUS_ERROR:
opd->only_newsig_seen = 0; opd->only_newsig_seen = 0;
/* The error status is informational, so we don't return an /* Some error stati are informational, so we don't return an
error code if we are not ready to process this status. */ error code if we are not ready to process this status. */
return sig ? parse_error (sig, args) : 0; return parse_error (sig, args, !!sig );
case GPGME_STATUS_EOF: case GPGME_STATUS_EOF:
if (sig && !opd->did_prepare_new_sig) if (sig && !opd->did_prepare_new_sig)
@ -703,6 +716,8 @@ _gpgme_verify_status_handler (void *priv, gpgme_status_code_t code, char *args)
break; break;
case GPGME_STATUS_PLAINTEXT: case GPGME_STATUS_PLAINTEXT:
if (++opd->only_newsig_seen > 1)
return gpg_error (GPG_ERR_BAD_DATA);
err = _gpgme_parse_plaintext (args, &opd->result.file_name); err = _gpgme_parse_plaintext (args, &opd->result.file_name);
if (err) if (err)
return err; return err;
@ -816,8 +831,9 @@ gpgme_get_sig_key (gpgme_ctx_t ctx, int idx, gpgme_key_t *r_key)
successful verify operation in R_STAT (if non-null). The creation successful verify operation in R_STAT (if non-null). The creation
time stamp of the signature is returned in R_CREATED (if non-null). time stamp of the signature is returned in R_CREATED (if non-null).
The function returns a string containing the fingerprint. */ The function returns a string containing the fingerprint. */
const char *gpgme_get_sig_status (gpgme_ctx_t ctx, int idx, const char *
_gpgme_sig_stat_t *r_stat, time_t *r_created) gpgme_get_sig_status (gpgme_ctx_t ctx, int idx,
_gpgme_sig_stat_t *r_stat, time_t *r_created)
{ {
gpgme_verify_result_t result; gpgme_verify_result_t result;
gpgme_signature_t sig; gpgme_signature_t sig;
@ -876,8 +892,9 @@ const char *gpgme_get_sig_status (gpgme_ctx_t ctx, int idx,
number of the signature after a successful verify operation. WHAT number of the signature after a successful verify operation. WHAT
is an attribute where GPGME_ATTR_EXPIRE is probably the most useful is an attribute where GPGME_ATTR_EXPIRE is probably the most useful
one. WHATIDX is to be passed as 0 for most attributes . */ one. WHATIDX is to be passed as 0 for most attributes . */
unsigned long gpgme_get_sig_ulong_attr (gpgme_ctx_t ctx, int idx, unsigned long
_gpgme_attr_t what, int whatidx) gpgme_get_sig_ulong_attr (gpgme_ctx_t ctx, int idx,
_gpgme_attr_t what, int whatidx)
{ {
gpgme_verify_result_t result; gpgme_verify_result_t result;
gpgme_signature_t sig; gpgme_signature_t sig;
@ -939,8 +956,9 @@ unsigned long gpgme_get_sig_ulong_attr (gpgme_ctx_t ctx, int idx,
} }
const char *gpgme_get_sig_string_attr (gpgme_ctx_t ctx, int idx, const char *
_gpgme_attr_t what, int whatidx) gpgme_get_sig_string_attr (gpgme_ctx_t ctx, int idx,
_gpgme_attr_t what, int whatidx)
{ {
gpgme_verify_result_t result; gpgme_verify_result_t result;
gpgme_signature_t sig; gpgme_signature_t sig;

View File

@ -1,3 +1,8 @@
2007-02-26 Werner Koch <wk@g10code.com>
* gpg/t-verify.c (double_plaintext_sig): New.
(main): Check it.
2006-12-02 Marcus Brinkmann <marcus@g10code.de> 2006-12-02 Marcus Brinkmann <marcus@g10code.de>
* gpgsm/t-keylist.c (main): Skip unknown keys. Newer versions of * gpgsm/t-keylist.c (main): Skip unknown keys. Newer versions of

View File

@ -76,6 +76,20 @@ static const char test_sig2[] =
"=Crq6\n" "=Crq6\n"
"-----END PGP MESSAGE-----\n"; "-----END PGP MESSAGE-----\n";
/* A message with a prepended but unsigned plaintext packet. */
static const char double_plaintext_sig[] =
"-----BEGIN PGP MESSAGE-----\n"
"\n"
"rDRiCmZvb2Jhci50eHRF4pxNVGhpcyBpcyBteSBzbmVha3kgcGxhaW50ZXh0IG1l\n"
"c3NhZ2UKowGbwMvMwCSoW1RzPCOz3IRxTWISa6JebnG666MFD1wzSzJSixQ81XMV\n"
"UlITUxTyixRyKxXKE0uSMxQyEosVikvyCwpSU/S4FNCArq6Ce1F+aXJGvoJvYlGF\n"
"erFCTmJxiUJ5flFKMVeHGwuDIBMDGysTyA4GLk4BmO036xgWzMgzt9V85jCtfDFn\n"
"UqVooWlGXHwNw/xg/fVzt9VNbtjtJ/fhUqYo0/LyCGEA\n"
"=6+AK\n"
"-----END PGP MESSAGE-----\n";
static void static void
check_result (gpgme_verify_result_t result, unsigned int summary, char *fpr, check_result (gpgme_verify_result_t result, unsigned int summary, char *fpr,
@ -235,6 +249,23 @@ main (int argc, char *argv[])
check_result (result, 0, "A0FF4590BB6122EDEF6E3C542D727CC768697734", check_result (result, 0, "A0FF4590BB6122EDEF6E3C542D727CC768697734",
GPG_ERR_NO_ERROR, 0); GPG_ERR_NO_ERROR, 0);
/* Checking an invalid message. */
gpgme_data_release (sig);
gpgme_data_release (text);
err = gpgme_data_new_from_mem (&sig, double_plaintext_sig,
strlen (double_plaintext_sig), 0);
fail_if_err (err);
err = gpgme_data_new (&text);
fail_if_err (err);
err = gpgme_op_verify (ctx, sig, NULL, text);
if (gpg_err_code (err) != GPG_ERR_BAD_DATA)
{
fprintf (stderr, "%s:%i: Double plaintext message not detected\n",
__FILE__, __LINE__);
exit (1);
}
gpgme_data_release (sig); gpgme_data_release (sig);
gpgme_data_release (text); gpgme_data_release (text);
gpgme_release (ctx); gpgme_release (ctx);