NetBSD Problem Report #43245
From www@NetBSD.org Tue May 4 00:23:18 2010
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id 8808E63BA59
for <gnats-bugs@gnats.NetBSD.org>; Tue, 4 May 2010 00:23:18 +0000 (UTC)
Message-Id: <20100504002318.44D8B63B8FE@www.NetBSD.org>
Date: Tue, 4 May 2010 00:23:18 +0000 (UTC)
From: xtraeme@gmail.com
Reply-To: xtraeme@gmail.com
To: gnats-bugs@NetBSD.org
Subject: security/netpgp fails to verify a detached/armored signature with .asc extension
X-Send-Pr-Version: www-1.0
>Number: 43245
>Category: pkg
>Synopsis: security/netpgp fails to verify a detached/armored signature with .asc extension
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: agc
>State: closed
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Tue May 04 00:25:00 +0000 2010
>Closed-Date: Sat May 08 16:14:05 +0000 2010
>Last-Modified: Sat May 08 16:14:05 +0000 2010
>Originator: Juan RP
>Release: NULL
>Organization:
>Environment:
>Description:
libnetpgp from security/netpgp version 20100313 fails to verify a file with signature that has been created "armored and detached" with files that have any other extension that ".sig". Usually armored files have the '.asc' extension.
The following test program illustrates this:
[juan@nocturno ~]$ ls -l splash.rle*
-r--r--r-- 1 juan juan 14517 dic 20 15:35 splash.rle
-rw-r--r-- 1 juan juan 836 may 4 02:01 splash.rle.sig
[juan@nocturno ~]$
juan@nocturno ~]$ cat splash.rle.sig
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAABAgAGBQJL32PxAAoJEH9nDVLml/uIrtwQAMdQ8aZUNyDChSc+E0YLDHeV
sRlpvZ4GXiNGlkhtVd7LqvUTNanNRooKjMrVwbxTU7e8Nd4zjri7sIAeoDB2dKiM
bbXzF0cL/K4pKv4jXzGUuKiUY2w8rzoBYzpCMncg/O7nXtIBI8vBRQzTz1h0eEcW
xRIcwddixmIPn28YzJe+o+z6OMiFO5UgDwH9/ir1gxxN/tSQI6VyefiwYP3S1hVh
YZhtfv3SDZlUJmhjl9VXl1WDHCJRCW26Ktx3PC+1Va5iPKc/hJTOCRPivfwuVgW7
bRU5la1JP6aqbhX+NdCxPHnG1vbWYQrT47J/y7jPlJwzfaVIXZTdQqFY//9d0i73
wkb1TwNfvF/r4+I8lgHuGPucCd/a71W9Ly6BaSv/G0qA9KDgDon7Zj2SX9FsoUQi
PaiBlq6clg/W1M6Hd2adKVyS9m2hch5Sz+SZAG83FMIK9ERlBh+Bxi/C6NukJ7pE
UhAEWhLD7/V4OaN2373AQXBOzlJzhYR/9uvq42Yf96Q1Y0L+tpp/cTH/GVJ4hC/0
xTcvNIXv8NbDP9X0gbL9ptjxQqJXDx37cCrNw1X1w1Mf2r242Q9IiKyhl+01iaih
WDVNH37A1mAZRiqZA4XfhpqUIMuUH8j3cEIhWpIw6U1pnYDGq7dc+WIpxxZguvsc
om1ZIAbQv/s0lQdjnGiP
=yG+A
-----END PGP SIGNATURE-----
[juan@nocturno ~]$
[juan@nocturno ~]$ ./a.out ./splash.rle.sig
netpgp: assuming signed data in "./splash.rle"
Good signature for ./splash.rle.sig made Tue May 4 02:01:53 2010
using RSA (Encrypt or Sign) key 7f670d52e697fb88
pub 4096/RSA (Encrypt or Sign) 7f670d52e697fb88 2010-05-03 [EXPIRES 2011-05-03]
Key fingerprint: f1a0 67f4 18d8 320a 4813 b78b 7f67 0d52 e697 fb88
uid Juan Romero Pardines <xtraeme@gmail.com>
sub 4096/RSA (Encrypt or Sign) 7f670d52e697fb88 2010-05-03 [EXPIRES 2011-05-03]
[juan@nocturno ~]$
Now when we move this signature file to '.asc' it returns:
[juan@nocturno ~]$ ./a.out ./splash.rle.asc
"./splash.rle.asc": verification failure: 1 invalid signatures, 0 unknown signatures
netpgp_verify_file: Bad file descriptor
[juan@nocturno ~]$
a.out source code:
include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <netpgp.h>
int main(int argc, char **argv)
{
netpgp_t npgp;
memset(&npgp, 0, sizeof(npgp));
netpgp_setvar(&npgp, "homedir", "/home/juan/.gnupg");
if (!netpgp_init(&npgp))
perror("netgpg_init");
if (!netpgp_verify_file(&npgp, argv[1], NULL, 1))
perror("netpgp_verify_file");
netpgp_end(&npgp);
exit(0);
}
The appended patch makes both cases work. Another way would be to simply skip the file extension test and check it all the time, not sure.
>How-To-Repeat:
>Fix:
--- src/lib/validate.c.orig 2010-05-04 02:07:27.512355384 +0200
+++ src/lib/validate.c 2010-05-04 02:08:47.038371812 +0200
@@ -814,7 +814,8 @@ __ops_validate_file(__ops_io_t *io,
sigsize = st.st_size;
detachname = NULL;
cc = snprintf(origfile, sizeof(origfile), "%s", infile);
- if (strcmp(&origfile[cc - 4], ".sig") == 0) {
+ if ((strcmp(&origfile[cc - 4], ".sig") == 0) ||
+ (strcmp(&origfile[cc - 4], ".asc") == 0)) {
origfile[cc - 4] = 0x0;
if (stat(origfile, &st) == 0 &&
st.st_size > sigsize - SIG_OVERHEAD) {
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: pkg-manager->agc
Responsible-Changed-By: wiz@NetBSD.org
Responsible-Changed-When: Tue, 04 May 2010 22:20:15 +0000
Responsible-Changed-Why:
Over to author.
From: "Alistair G. Crooks" <agc@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/43245 CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
Date: Fri, 7 May 2010 16:20:08 +0000
Module Name: src
Committed By: agc
Date: Fri May 7 16:20:08 UTC 2010
Modified Files:
src/crypto/external/bsd/netpgp/dist/src/lib: validate.c
Log Message:
Overhaul the mechanism used to decide what is a detached signature, and
a detached armoured signature, as well as just a plain standard signed
file.
This is in response to PR 43245 from Juan RP, and addresses the
verification of detached armoured signatures, but in a different way
to the patch provided in the PR which is hopefully more generic, and
less reliant upon size of detached signature files.
To generate a diff of this commit:
cvs rdiff -u -r1.32 -r1.33 \
src/crypto/external/bsd/netpgp/dist/src/lib/validate.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->feedback
State-Changed-By: agc@NetBSD.org
State-Changed-When: Fri, 07 May 2010 16:32:52 +0000
State-Changed-Why:
I've added code to verify detached and armoured sigs - can you tell
me if this fixes it for you, please?
Thanks
From: Juan Romero Pardines <xtraeme@gmail.com>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: pkg/43245 (security/netpgp fails to verify a detached/armored
signature with .asc extension)
Date: Fri, 7 May 2010 22:38:26 +0200
2010/5/7 <agc@netbsd.org>:
> Synopsis: security/netpgp fails to verify a detached/armored signature with .asc extension
>
> State-Changed-From-To: open->feedback
> State-Changed-By: agc@NetBSD.org
> State-Changed-When: Fri, 07 May 2010 16:32:52 +0000
> State-Changed-Why:
> I've added code to verify detached and armoured sigs - can you tell
> me if this fixes it for you, please?
Yes, it's ok. Thanks.
State-Changed-From-To: feedback->closed
State-Changed-By: agc@NetBSD.org
State-Changed-When: Sat, 08 May 2010 16:14:05 +0000
State-Changed-Why:
Confirmed fixed, closing now.
Thanks for the PR!
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.