From: Andreas Seltenreich <andreas+ding@gate450.dyndns.org>
Subject: Re: Broken display of clearsigned PGP message
Date: Sat, 18 Nov 2006 04:40:54 +0100 [thread overview]
Message-ID: <87y7q9s9q1.fsf@gate450.dyndns.org> (raw)
In-Reply-To: <v9odsgtepo.fsf@marauder.physik.uni-ulm.de> (Reiner Steib's message of "Fri\, 13 Oct 2006 17\:31\:15 +0200")
Reiner Steib writes:
> I'd suggest to add a rather detailed explanation about this problem
> and the relevant RFC in `mm-uu-pgp-signed-extract-1'.
Ok, I've added a comment and also made the fix a bit more thorough -
Instead of stripping everything until we see what we think is
separating the armor headers, we're now stripping everything that we
know for sure isn't part of the signed text. That may be a bit
paranoid, but I've heard this is a must in the security business ;-).
regards,
andreas
*** mm-uu.el 28 Sep 2006 03:16:58 +0200 6.29.2.25
--- mm-uu.el 18 Nov 2006 04:03:40 +0100
***************
*** 373,380 ****
mm-security-handle 'gnus-details
(format "Clear verification not supported by `%s'.\n" mml2015-use))))
(goto-char (point-min))
! (if (re-search-forward "\n[\t ]*\n" nil t)
! (delete-region (point-min) (point)))
(if (re-search-forward mm-uu-pgp-beginning-signature nil t)
(delete-region (match-beginning 0) (point-max)))
(goto-char (point-min))
--- 373,388 ----
mm-security-handle 'gnus-details
(format "Clear verification not supported by `%s'.\n" mml2015-use))))
(goto-char (point-min))
! (forward-line)
! ;; We need to be careful not to strip beyond the armor headers.
! ;; Previously, an attacker could replace the text inside our
! ;; markup with trailing garbage by injecting whitespace into the
! ;; message.
! (while (looking-at "Hash:") ; The only header allowed in cleartext
! (forward-line)) ; signatures according to RFC2440.
! (when (looking-at "[\t ]*$")
! (forward-line))
! (delete-region (point-min) (point))
(if (re-search-forward mm-uu-pgp-beginning-signature nil t)
(delete-region (match-beginning 0) (point-max)))
(goto-char (point-min))
prev parent reply other threads:[~2006-11-18 3:40 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-09-28 5:31 Andreas Seltenreich
2006-10-13 14:31 ` Andreas Seltenreich
2006-10-13 15:31 ` Reiner Steib
2006-11-18 3:40 ` Andreas Seltenreich [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87y7q9s9q1.fsf@gate450.dyndns.org \
--to=andreas+ding@gate450.dyndns.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).