On Mon, 19 Apr 2010 10:26, j...@seiken.de said: > It would be pretty bad if ubuntu releases gnupg with this bug since lucid is > a > long term support release and gnupg might receive up to 5 years of reports of > regarding this bug on their mailing lists.
I posted the patch on January 26. Find it attached. Will you be so kind and forward it to the Ubuntu folks? Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
#! /bin/sh patch -p0 -f $* < $0 exit $? agent/ 2010-01-26 Werner Koch <w...@g10code.com> * protect.c (do_encryption): Encode the s2kcount and no not use a static value of 96. --- agent/protect.c (revision 5231) +++ agent/protect.c (working copy) @@ -360,19 +360,25 @@ in canoncical format of course. We use asprintf and %n modifier and dummy values as placeholders. */ - p = xtryasprintf - ("(9:protected%d:%s((4:sha18:%n_8bytes_2:96)%d:%n%*s)%d:%n%*s)", - (int)strlen (modestr), modestr, - &saltpos, - blklen, &ivpos, blklen, "", - enclen, &encpos, enclen, ""); - if (!p) - { - gpg_error_t tmperr = out_of_core (); - xfree (iv); - xfree (outbuf); - return tmperr; - } + { + char countbuf[35]; + + snprintf (countbuf, sizeof countbuf, "%lu", get_standard_s2k_count ()); + p = xtryasprintf + ("(9:protected%d:%s((4:sha18:%n_8bytes_%u:%s)%d:%n%*s)%d:%n%*s)", + (int)strlen (modestr), modestr, + &saltpos, + (unsigned int)strlen (countbuf), countbuf, + blklen, &ivpos, blklen, "", + enclen, &encpos, enclen, ""); + if (!p) + { + gpg_error_t tmperr = out_of_core (); + xfree (iv); + xfree (outbuf); + return tmperr; + } + } *resultlen = strlen (p); *result = (unsigned char*)p; memcpy (p+saltpos, iv+2*blklen, 8);
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users