1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
|
#! /bin/sh -e
## 28_multiple_message.dpatch
##
## DP: Description: Fix problems handling multiple messages [CVE-2007-1263]
## DP: Author: Werner Koch <wk@gnupg.org>
## DP: Upstream status: part of 1.4.7
## DP: Date: 2007-03-07
if [ $# -lt 1 ]; then
echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
exit 1
fi
[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}"
case "$1" in
-patch) patch -p1 ${patch_opts} < $0;;
-unpatch) patch -R -p1 ${patch_opts} < $0;;
*)
echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
exit 1;;
esac
exit 0
@DPATCH@
diff -urNad gnupg-1.4.6~/checks/verify.test gnupg-1.4.6/checks/verify.test
--- gnupg-1.4.6~/checks/verify.test 2006-03-07 10:28:24.000000000 +0000
+++ gnupg-1.4.6/checks/verify.test 2007-03-07 21:39:20.000000000 +0000
@@ -231,15 +231,15 @@
eval "(IFS=; echo \"\$$i\")" >x
case "$i" in
msg_*_asc)
- $GPG --verify x || error "verify of $i failed"
+ $GPG --allow-multiple-messages --verify x || error "verify of $i failed"
;;
msg_*_asc_multisig)
- $GPG --verify --allow-multisig-verification x \
+ $GPG --allow-multiple-messages --verify --allow-multisig-verification x \
|| error "verify of $i failed"
- $GPG --verify x && error "verify of $i succeeded but should not"
+ $GPG --allow-multiple-messages --verify x && error "verify of $i succeeded but should not"
;;
bad_*_asc)
- $GPG --verify x && error "verify of $i succeeded but should not"
+ $GPG --allow-multiple-messages --verify x && error "verify of $i succeeded but should not"
;;
*)
error "No handler for test case $i"
diff -urNad gnupg-1.4.6~/g10/gpg.c gnupg-1.4.6/g10/gpg.c
--- gnupg-1.4.6~/g10/gpg.c 2007-03-07 21:38:57.000000000 +0000
+++ gnupg-1.4.6/g10/gpg.c 2007-03-07 21:39:20.000000000 +0000
@@ -368,6 +368,8 @@
oAllowMultisigVerification,
oEnableDSA2,
oDisableDSA2,
+ oAllowMultipleMessages,
+ oNoAllowMultipleMessages,
oNoop
};
@@ -711,6 +713,8 @@
{ oAllowMultisigVerification, "allow-multisig-verification", 0, "@"},
{ oEnableDSA2, "enable-dsa2", 0, "@"},
{ oDisableDSA2, "disable-dsa2", 0, "@"},
+ { oAllowMultipleMessages, "allow-multiple-messages", 0, "@"},
+ { oNoAllowMultipleMessages, "no-allow-multiple-messages", 0, "@"},
/* These two are aliases to help users of the PGP command line
product use gpg with minimal pain. Many commands are common
@@ -2782,6 +2786,14 @@
case oEnableDSA2: opt.flags.dsa2=1; break;
case oDisableDSA2: opt.flags.dsa2=0; break;
+ case oAllowMultipleMessages:
+ opt.flags.allow_multiple_messages=1;
+ break;
+
+ case oNoAllowMultipleMessages:
+ opt.flags.allow_multiple_messages=0;
+ break;
+
case oNoop: break;
default : pargs.err = configfp? 1:2; break;
diff -urNad gnupg-1.4.6~/g10/mainproc.c gnupg-1.4.6/g10/mainproc.c
--- gnupg-1.4.6~/g10/mainproc.c 2006-04-08 01:51:28.000000000 +0100
+++ gnupg-1.4.6/g10/mainproc.c 2007-03-07 21:39:20.000000000 +0000
@@ -84,10 +84,9 @@
static int do_proc_packets( CTX c, IOBUF a );
-
static void list_node( CTX c, KBNODE node );
static void proc_tree( CTX c, KBNODE node );
-
+static int literals_seen;
static void
release_list( CTX c )
@@ -619,6 +618,8 @@
int any, clearsig, only_md5, rc;
KBNODE n;
+ literals_seen++;
+
if( pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8 ) )
log_info(_("NOTE: sender requested \"for-your-eyes-only\"\n"));
else if( opt.verbose )
@@ -702,16 +703,37 @@
if ( c->mfx.md2 )
md_start_debug( c->mfx.md2, "verify2" );
}
- if ( c->pipemode.op == 'B' )
- rc = handle_plaintext( pt, &c->mfx, 1, 0 );
- else {
- rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig );
- if( rc == G10ERR_CREATE_FILE && !c->sigs_only) {
- /* can't write output but we hash it anyway to
- * check the signature */
- rc = handle_plaintext( pt, &c->mfx, 1, clearsig );
- }
- }
+
+ rc=0;
+
+ if(literals_seen>1)
+ {
+ log_info(_("WARNING: multiple plaintexts seen\n"));
+
+ if(!opt.flags.allow_multiple_messages)
+ {
+ write_status_text (STATUS_ERROR, "proc_pkt.plaintext 89_BAD_DATA");
+ log_inc_errorcount();
+ rc=G10ERR_UNEXPECTED;
+ }
+ }
+
+ if(!rc)
+ {
+ if ( c->pipemode.op == 'B' )
+ rc = handle_plaintext( pt, &c->mfx, 1, 0 );
+ else
+ {
+ rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig );
+ if( rc == G10ERR_CREATE_FILE && !c->sigs_only)
+ {
+ /* can't write output but we hash it anyway to
+ * check the signature */
+ rc = handle_plaintext( pt, &c->mfx, 1, clearsig );
+ }
+ }
+ }
+
if( rc )
log_error( "handle plaintext failed: %s\n", g10_errstr(rc));
free_packet(pkt);
diff -urNad gnupg-1.4.6~/g10/options.h gnupg-1.4.6/g10/options.h
--- gnupg-1.4.6~/g10/options.h 2006-12-03 15:37:45.000000000 +0000
+++ gnupg-1.4.6/g10/options.h 2007-03-07 21:39:20.000000000 +0000
@@ -226,6 +226,7 @@
unsigned int use_embedded_filename:1;
unsigned int utf8_filename:1;
unsigned int dsa2:1;
+ unsigned int allow_multiple_messages:1;
} flags;
/* Linked list of ways to find a key if the key isn't on the local
diff -urNad gnupg-1.4.6~/g10/status.c gnupg-1.4.6/g10/status.c
--- gnupg-1.4.6~/g10/status.c 2007-03-07 21:38:57.000000000 +0000
+++ gnupg-1.4.6/g10/status.c 2007-03-07 21:39:20.000000000 +0000
@@ -166,6 +166,7 @@
case STATUS_PKA_TRUST_BAD : s = "PKA_TRUST_BAD"; break;
case STATUS_PKA_TRUST_GOOD : s = "PKA_TRUST_GOOD"; break;
case STATUS_BEGIN_SIGNING : s = "BEGIN_SIGNING"; break;
+ case STATUS_ERROR : s = "ERROR"; break;
default: s = "?"; break;
}
return s;
diff -urNad gnupg-1.4.6~/g10/status.h gnupg-1.4.6/g10/status.h
--- gnupg-1.4.6~/g10/status.h 2006-04-03 09:05:24.000000000 +0100
+++ gnupg-1.4.6/g10/status.h 2007-03-07 21:39:20.000000000 +0000
@@ -120,6 +120,8 @@
#define STATUS_BEGIN_SIGNING 84
+#define STATUS_ERROR 85
+
/*-- status.c --*/
void set_status_fd ( int fd );
|
