NetBSD Problem Report #43245

From www@NetBSD.org  Tue May  4 00:23:18 2010
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id 8808E63BA59
	for <gnats-bugs@gnats.NetBSD.org>; Tue,  4 May 2010 00:23:18 +0000 (UTC)
Message-Id: <20100504002318.44D8B63B8FE@www.NetBSD.org>
Date: Tue,  4 May 2010 00:23:18 +0000 (UTC)
From: xtraeme@gmail.com
Reply-To: xtraeme@gmail.com
To: gnats-bugs@NetBSD.org
Subject: security/netpgp fails to verify a detached/armored signature with .asc extension
X-Send-Pr-Version: www-1.0

>Number:         43245
>Category:       pkg
>Synopsis:       security/netpgp fails to verify a detached/armored signature with .asc extension
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    agc
>State:          closed
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Tue May 04 00:25:00 +0000 2010
>Closed-Date:    Sat May 08 16:14:05 +0000 2010
>Last-Modified:  Sat May 08 16:14:05 +0000 2010
>Originator:     Juan RP
>Release:        NULL
>Organization:
>Environment:
>Description:
libnetpgp from security/netpgp version 20100313 fails to verify a file with signature that has been created "armored and detached" with files that have any other extension that ".sig". Usually armored files have the '.asc' extension.

The following test program illustrates this:

[juan@nocturno ~]$ ls -l splash.rle*
-r--r--r-- 1 juan juan 14517 dic 20 15:35 splash.rle
-rw-r--r-- 1 juan juan   836 may  4 02:01 splash.rle.sig
[juan@nocturno ~]$

juan@nocturno ~]$ cat splash.rle.sig 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAABAgAGBQJL32PxAAoJEH9nDVLml/uIrtwQAMdQ8aZUNyDChSc+E0YLDHeV
sRlpvZ4GXiNGlkhtVd7LqvUTNanNRooKjMrVwbxTU7e8Nd4zjri7sIAeoDB2dKiM
bbXzF0cL/K4pKv4jXzGUuKiUY2w8rzoBYzpCMncg/O7nXtIBI8vBRQzTz1h0eEcW
xRIcwddixmIPn28YzJe+o+z6OMiFO5UgDwH9/ir1gxxN/tSQI6VyefiwYP3S1hVh
YZhtfv3SDZlUJmhjl9VXl1WDHCJRCW26Ktx3PC+1Va5iPKc/hJTOCRPivfwuVgW7
bRU5la1JP6aqbhX+NdCxPHnG1vbWYQrT47J/y7jPlJwzfaVIXZTdQqFY//9d0i73
wkb1TwNfvF/r4+I8lgHuGPucCd/a71W9Ly6BaSv/G0qA9KDgDon7Zj2SX9FsoUQi
PaiBlq6clg/W1M6Hd2adKVyS9m2hch5Sz+SZAG83FMIK9ERlBh+Bxi/C6NukJ7pE
UhAEWhLD7/V4OaN2373AQXBOzlJzhYR/9uvq42Yf96Q1Y0L+tpp/cTH/GVJ4hC/0
xTcvNIXv8NbDP9X0gbL9ptjxQqJXDx37cCrNw1X1w1Mf2r242Q9IiKyhl+01iaih
WDVNH37A1mAZRiqZA4XfhpqUIMuUH8j3cEIhWpIw6U1pnYDGq7dc+WIpxxZguvsc
om1ZIAbQv/s0lQdjnGiP
=yG+A
-----END PGP SIGNATURE-----
[juan@nocturno ~]$

[juan@nocturno ~]$ ./a.out ./splash.rle.sig 
netpgp: assuming signed data in "./splash.rle"
Good signature for ./splash.rle.sig made Tue May  4 02:01:53 2010
using RSA (Encrypt or Sign) key 7f670d52e697fb88
pub 4096/RSA (Encrypt or Sign) 7f670d52e697fb88 2010-05-03 [EXPIRES 2011-05-03]
Key fingerprint: f1a0 67f4 18d8 320a 4813 b78b 7f67 0d52 e697 fb88 
uid              Juan Romero Pardines <xtraeme@gmail.com>
sub 4096/RSA (Encrypt or Sign) 7f670d52e697fb88 2010-05-03 [EXPIRES 2011-05-03]
[juan@nocturno ~]$

Now when we move this signature file to '.asc' it returns:

[juan@nocturno ~]$ ./a.out ./splash.rle.asc 
"./splash.rle.asc": verification failure: 1 invalid signatures, 0 unknown signatures
netpgp_verify_file: Bad file descriptor
[juan@nocturno ~]$

a.out source code:

include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <netpgp.h>

int main(int argc, char **argv)
{
	netpgp_t npgp;

	memset(&npgp, 0, sizeof(npgp));
	netpgp_setvar(&npgp, "homedir", "/home/juan/.gnupg");

	if (!netpgp_init(&npgp))
		perror("netgpg_init");

	if (!netpgp_verify_file(&npgp, argv[1], NULL, 1))
		perror("netpgp_verify_file");

	netpgp_end(&npgp);
	exit(0);
}

The appended patch makes both cases work. Another way would be to simply skip the file extension test and check it all the time, not sure.
>How-To-Repeat:

>Fix:
--- src/lib/validate.c.orig	2010-05-04 02:07:27.512355384 +0200
+++ src/lib/validate.c	2010-05-04 02:08:47.038371812 +0200
@@ -814,7 +814,8 @@ __ops_validate_file(__ops_io_t *io,
 	sigsize = st.st_size;
 	detachname = NULL;
 	cc = snprintf(origfile, sizeof(origfile), "%s", infile);
-	if (strcmp(&origfile[cc - 4], ".sig") == 0) {
+	if ((strcmp(&origfile[cc - 4], ".sig") == 0) ||
+	    (strcmp(&origfile[cc - 4], ".asc") == 0)) {
 		origfile[cc - 4] = 0x0;
 		if (stat(origfile, &st) == 0 &&
 		    st.st_size > sigsize - SIG_OVERHEAD) {

>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: pkg-manager->agc
Responsible-Changed-By: wiz@NetBSD.org
Responsible-Changed-When: Tue, 04 May 2010 22:20:15 +0000
Responsible-Changed-Why:
Over to author.


From: "Alistair G. Crooks" <agc@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/43245 CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
Date: Fri, 7 May 2010 16:20:08 +0000

 Module Name:	src
 Committed By:	agc
 Date:		Fri May  7 16:20:08 UTC 2010

 Modified Files:
 	src/crypto/external/bsd/netpgp/dist/src/lib: validate.c

 Log Message:
 Overhaul the mechanism used to decide what is a detached signature, and
 a detached armoured signature, as well as just a plain standard signed
 file.

 This is in response to PR 43245 from Juan RP, and addresses the
 verification of detached armoured signatures, but in a different way
 to the patch provided in the PR which is hopefully more generic, and
 less reliant upon size of detached signature files.


 To generate a diff of this commit:
 cvs rdiff -u -r1.32 -r1.33 \
     src/crypto/external/bsd/netpgp/dist/src/lib/validate.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->feedback
State-Changed-By: agc@NetBSD.org
State-Changed-When: Fri, 07 May 2010 16:32:52 +0000
State-Changed-Why:
I've added code to verify detached and armoured sigs - can you tell
me if this fixes it for you, please?

Thanks


From: Juan Romero Pardines <xtraeme@gmail.com>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: pkg/43245 (security/netpgp fails to verify a detached/armored 
	signature with .asc extension)
Date: Fri, 7 May 2010 22:38:26 +0200

 2010/5/7  <agc@netbsd.org>:
 > Synopsis: security/netpgp fails to verify a detached/armored signature with .asc extension
 >
 > State-Changed-From-To: open->feedback
 > State-Changed-By: agc@NetBSD.org
 > State-Changed-When: Fri, 07 May 2010 16:32:52 +0000
 > State-Changed-Why:
 > I've added code to verify detached and armoured sigs - can you tell
 > me if this fixes it for you, please?

 Yes, it's ok. Thanks.

State-Changed-From-To: feedback->closed
State-Changed-By: agc@NetBSD.org
State-Changed-When: Sat, 08 May 2010 16:14:05 +0000
State-Changed-Why:
Confirmed fixed, closing now.

Thanks for the PR!


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.