-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NotDashEscaped: You need GnuPG to verify this message Protect against messages with multiple plaintext packets. This patch is against GnuPG 1.4.6 2007-02-26 Werner Koch * status.h (STATUS_ERROR): New status code. * status.c (get_status_string): Ditto. * mainproc.c (proc_plaintext): Emit it if multiple messages are detected. 2007-02-20 David Shaw (wk) * mainproc.c (literals_seen): New. (proc_plaintext): Error out if more than one plaintext packet is encountered * gpg.c: New option --allow-multiple-messages and --no variant. diff -urNp orig/gnupg-1.4.6/checks/verify.test gnupg-1.4.6/checks/verify.test --- orig/gnupg-1.4.6/checks/verify.test 2006-03-07 11:28:24.000000000 +0100 +++ gnupg-1.4.6/checks/verify.test 2007-02-27 12:20:12.000000000 +0100 @@ -231,15 +231,15 @@ for i in $tests ; do eval "(IFS=; echo \"\$$i\")" >x case "$i" in msg_*_asc) - $GPG --verify x || error "verify of $i failed" + $GPG --allow-multiple-messages --verify x || error "verify of $i failed" ;; msg_*_asc_multisig) - $GPG --verify --allow-multisig-verification x \ + $GPG --allow-multiple-messages --verify --allow-multisig-verification x \ || error "verify of $i failed" - $GPG --verify x && error "verify of $i succeeded but should not" + $GPG --allow-multiple-messages --verify x && error "verify of $i succeeded but should not" ;; bad_*_asc) - $GPG --verify x && error "verify of $i succeeded but should not" + $GPG --allow-multiple-messages --verify x && error "verify of $i succeeded but should not" ;; *) error "No handler for test case $i" diff -urNp orig/gnupg-1.4.6/g10/gpg.c gnupg-1.4.6/g10/gpg.c --- orig/gnupg-1.4.6/g10/gpg.c 2006-12-03 16:37:45.000000000 +0100 +++ gnupg-1.4.6/g10/gpg.c 2007-02-27 12:09:26.000000000 +0100 @@ -368,6 +368,8 @@ enum cmd_and_opt_values oAllowMultisigVerification, oEnableDSA2, oDisableDSA2, + oAllowMultipleMessages, + oNoAllowMultipleMessages, oNoop }; @@ -711,6 +713,8 @@ static ARGPARSE_OPTS opts[] = { { oAllowMultisigVerification, "allow-multisig-verification", 0, "@"}, { oEnableDSA2, "enable-dsa2", 0, "@"}, { oDisableDSA2, "disable-dsa2", 0, "@"}, + { oAllowMultipleMessages, "allow-multiple-messages", 0, "@"}, + { oNoAllowMultipleMessages, "no-allow-multiple-messages", 0, "@"}, /* These two are aliases to help users of the PGP command line product use gpg with minimal pain. Many commands are common @@ -2782,6 +2786,14 @@ main (int argc, char **argv ) case oEnableDSA2: opt.flags.dsa2=1; break; case oDisableDSA2: opt.flags.dsa2=0; break; + case oAllowMultipleMessages: + opt.flags.allow_multiple_messages=1; + break; + + case oNoAllowMultipleMessages: + opt.flags.allow_multiple_messages=0; + break; + case oNoop: break; default : pargs.err = configfp? 1:2; break; diff -urNp orig/gnupg-1.4.6/g10/mainproc.c gnupg-1.4.6/g10/mainproc.c --- orig/gnupg-1.4.6/g10/mainproc.c 2006-04-08 02:51:28.000000000 +0200 +++ gnupg-1.4.6/g10/mainproc.c 2007-02-27 12:09:26.000000000 +0100 @@ -84,10 +84,9 @@ struct mainproc_context static int do_proc_packets( CTX c, IOBUF a ); - static void list_node( CTX c, KBNODE node ); static void proc_tree( CTX c, KBNODE node ); - +static int literals_seen; static void release_list( CTX c ) @@ -619,6 +618,8 @@ proc_plaintext( CTX c, PACKET *pkt ) int any, clearsig, only_md5, rc; KBNODE n; + literals_seen++; + if( pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8 ) ) log_info(_("NOTE: sender requested \"for-your-eyes-only\"\n")); else if( opt.verbose ) @@ -702,16 +703,37 @@ proc_plaintext( CTX c, PACKET *pkt ) if ( c->mfx.md2 ) md_start_debug( c->mfx.md2, "verify2" ); } - if ( c->pipemode.op == 'B' ) - rc = handle_plaintext( pt, &c->mfx, 1, 0 ); - else { - rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig ); - if( rc == G10ERR_CREATE_FILE && !c->sigs_only) { - /* can't write output but we hash it anyway to - * check the signature */ - rc = handle_plaintext( pt, &c->mfx, 1, clearsig ); - } - } + + rc=0; + + if(literals_seen>1) + { + log_info(_("WARNING: multiple plaintexts seen\n")); + + if(!opt.flags.allow_multiple_messages) + { + write_status_text (STATUS_ERROR, "proc_pkt.plaintext 89_BAD_DATA"); + log_inc_errorcount(); + rc=G10ERR_UNEXPECTED; + } + } + + if(!rc) + { + if ( c->pipemode.op == 'B' ) + rc = handle_plaintext( pt, &c->mfx, 1, 0 ); + else + { + rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig ); + if( rc == G10ERR_CREATE_FILE && !c->sigs_only) + { + /* can't write output but we hash it anyway to + * check the signature */ + rc = handle_plaintext( pt, &c->mfx, 1, clearsig ); + } + } + } + if( rc ) log_error( "handle plaintext failed: %s\n", g10_errstr(rc)); free_packet(pkt); diff -urNp orig/gnupg-1.4.6/g10/options.h gnupg-1.4.6/g10/options.h --- orig/gnupg-1.4.6/g10/options.h 2006-12-03 16:37:45.000000000 +0100 +++ gnupg-1.4.6/g10/options.h 2007-02-27 12:09:26.000000000 +0100 @@ -226,6 +226,7 @@ struct unsigned int use_embedded_filename:1; unsigned int utf8_filename:1; unsigned int dsa2:1; + unsigned int allow_multiple_messages:1; } flags; /* Linked list of ways to find a key if the key isn't on the local diff -urNp orig/gnupg-1.4.6/g10/status.c gnupg-1.4.6/g10/status.c --- orig/gnupg-1.4.6/g10/status.c 2006-04-03 09:58:31.000000000 +0200 +++ gnupg-1.4.6/g10/status.c 2007-02-27 12:09:26.000000000 +0100 @@ -166,6 +166,7 @@ get_status_string ( int no ) case STATUS_PKA_TRUST_BAD : s = "PKA_TRUST_BAD"; break; case STATUS_PKA_TRUST_GOOD : s = "PKA_TRUST_GOOD"; break; case STATUS_BEGIN_SIGNING : s = "BEGIN_SIGNING"; break; + case STATUS_ERROR : s = "ERROR"; break; default: s = "?"; break; } return s; diff -urNp orig/gnupg-1.4.6/g10/status.h gnupg-1.4.6/g10/status.h --- orig/gnupg-1.4.6/g10/status.h 2006-04-03 10:05:24.000000000 +0200 +++ gnupg-1.4.6/g10/status.h 2007-02-27 12:09:26.000000000 +0100 @@ -120,6 +120,8 @@ #define STATUS_BEGIN_SIGNING 84 +#define STATUS_ERROR 85 + /*-- status.c --*/ void set_status_fd ( int fd ); -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.2 (GNU/Linux) iEYEARECAAYFAkXkFQ4ACgkQYHhOlAEKV+3QjwCfXvOs79sxJ/eWh8BPc/AnEJew n04AoLTKcExo9/qex7o2dugzj6Iqa2rm =Ctxu -----END PGP SIGNATURE-----