Re: Signed patch against 2.0.1

[Werner Koch]

On Thu,  7 Dec 2006 20:01, [EMAIL PROTECTED] said:

 point others to the signed patch.  If any of the list owners have some
 free time I'd be happy to try to get that corrected or take it to the
 mailman-users list for advice if need be.  (It seems that the content
 filter settings for the list may be a little aggressive.)

Basically I am the list owner :-(.  I already installed a new version
of Mailman and tried to rebuild it.  However it mixed up the numbers
and thus most existing URLs won't be correct anymore.  The attachments
fgailed too, though.  So what I did is to manually edit the HTML
version to include at least the full text.

Recently I had another issue.  Pipermail break the message if it sees
a From  at the beginning of a line.  I also had to resort to manual
editing.

 BTW, I really like your Content-Type boundary string. :)

A gadget posted to the Gnus list some years ago:

  (defun spook-make-boundary (optional count)
(save-excursion
  (set-buffer (generate-new-buffer  *spook tmp*))
  (setq buffer-disable-undo t)
  (spook)
  (subst-char-in-region (point-min) (point-max) ?\n ?= t)
  (subst-char-in-region (point-min) (point-max) ?   ?- t)
  (prog1 
(buffer-substring (point-min) (min 70 (point-max)))
(kill-buffer (current-buffer)
  (setq mml-boundary-function 'spook-make-boundary)
  


Shalom-Salam,

   Werner



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Signed patch against 2.0.1

[Joseph Oreste Bruni]

On Dec 8, 2006, at 10:17 AM, Todd Zullinger wrote:

 Werner Koch wrote:
 Basically I am the list owner :-(.

 Good grief man, your head must hurt from all those hats. :)


His other name is Zaphod.



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Signed patch against 2.0.1

[Werner Koch]

Hi!

Here comes a signed patch against 2.0.1 for those who care to verify
signatures ;-).


Shalom-Salam,

   Werner

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

This is a patch against GnuPG 2.0.1. Change the directory to g10/ and
apply this patch.

2006-12-02  Werner Koch  [EMAIL PROTECTED]

* encr-data.c: Allocate DFX context on the heap and not on the
stack.  Changes at several places.  Fixes CVE-2006-6235.


Index: encr-data.c
===
--- encr-data.c (revision 4352)
+++ encr-data.c (working copy)
@@ -39,16 +39,37 @@
 static int decode_filter ( void *opaque, int control, IOBUF a,
byte *buf, size_t *ret_len);
 
-typedef struct 
+typedef struct decode_filter_context_s
 {
   gcry_cipher_hd_t cipher_hd;
   gcry_md_hd_t mdc_hash;
   char defer[22];
   int  defer_filled;
   int  eof_seen;
-} decode_filter_ctx_t;
+  int  refcount;
+} *decode_filter_ctx_t;
 
 
+/* Helper to release the decode context.  */
+static void
+release_dfx_context (decode_filter_ctx_t dfx)
+{
+  if (!dfx)
+return;
+
+  assert (dfx-refcount);
+  if ( !--dfx-refcount )
+{
+  gcry_cipher_close (dfx-cipher_hd);
+  dfx-cipher_hd = NULL;
+  gcry_md_close (dfx-mdc_hash);
+  dfx-mdc_hash = NULL;
+  xfree (dfx);
+}
+}
+
+
+
 /
  * Decrypt the data, specified by ED with the key DEK.
  */
@@ -62,7 +83,11 @@
   unsigned blocksize;
   unsigned nprefix;
   
-  memset( dfx, 0, sizeof dfx );
+  dfx = xtrycalloc (1, sizeof *dfx);
+  if (!dfx)
+return gpg_error_from_syserror ();
+  dfx-refcount = 1;
+
   if ( opt.verbose  !dek-algo_info_printed )
 {
   const char *s = gcry_cipher_algo_name (dek-algo);
@@ -77,20 +102,20 @@
 goto leave;
   blocksize = gcry_cipher_get_algo_blklen (dek-algo);
   if ( !blocksize || blocksize  16 )
-log_fatal(unsupported blocksize %u\n, blocksize );
+log_fatal (unsupported blocksize %u\n, blocksize );
   nprefix = blocksize;
   if ( ed-len  ed-len  (nprefix+2) )
 BUG();
 
   if ( ed-mdc_method ) 
 {
-  if (gcry_md_open (dfx.mdc_hash, ed-mdc_method, 0 ))
+  if (gcry_md_open (dfx-mdc_hash, ed-mdc_method, 0 ))
 BUG ();
   if ( DBG_HASHING )
-gcry_md_start_debug (dfx.mdc_hash, checkmdc);
+gcry_md_start_debug (dfx-mdc_hash, checkmdc);
 }
 
-  rc = gcry_cipher_open (dfx.cipher_hd, dek-algo,
+  rc = gcry_cipher_open (dfx-cipher_hd, dek-algo,
  GCRY_CIPHER_MODE_CFB,
  (GCRY_CIPHER_SECURE
   | ((ed-mdc_method || dek-algo = 100)?
@@ -104,7 +129,7 @@
 
 
   /* log_hexdump( thekey, dek-key, dek-keylen );*/
-  rc = gcry_cipher_setkey (dfx.cipher_hd, dek-key, dek-keylen);
+  rc = gcry_cipher_setkey (dfx-cipher_hd, dek-key, dek-keylen);
   if ( gpg_err_code (rc) == GPG_ERR_WEAK_KEY )
 {
   log_info(_(WARNING: message was encrypted with
@@ -123,7 +148,7 @@
   goto leave;
 }
 
-  gcry_cipher_setiv (dfx.cipher_hd, NULL, 0);
+  gcry_cipher_setiv (dfx-cipher_hd, NULL, 0);
 
   if ( ed-len )
 {
@@ -144,8 +169,8 @@
   temp[i] = c;
 }
   
-  gcry_cipher_decrypt (dfx.cipher_hd, temp, nprefix+2, NULL, 0);
-  gcry_cipher_sync (dfx.cipher_hd);
+  gcry_cipher_decrypt (dfx-cipher_hd, temp, nprefix+2, NULL, 0);
+  gcry_cipher_sync (dfx-cipher_hd);
   p = temp;
   /* log_hexdump( prefix, temp, nprefix+2 ); */
   if (dek-symmetric
@@ -155,17 +180,18 @@
   goto leave;
 }
   
-  if ( dfx.mdc_hash )
-gcry_md_write (dfx.mdc_hash, temp, nprefix+2);
-  
+  if ( dfx-mdc_hash )
+gcry_md_write (dfx-mdc_hash, temp, nprefix+2);
+
+  dfx-refcount++;
   if ( ed-mdc_method )
-iobuf_push_filter( ed-buf, mdc_decode_filter, dfx );
+iobuf_push_filter ( ed-buf, mdc_decode_filter, dfx );
   else
-iobuf_push_filter( ed-buf, decode_filter, dfx );
+iobuf_push_filter ( ed-buf, decode_filter, dfx );
 
   proc_packets ( procctx, ed-buf );
   ed-buf = NULL;
-  if ( ed-mdc_method  dfx.eof_seen == 2 )
+  if ( ed-mdc_method  dfx-eof_seen == 2 )
 rc = gpg_error (GPG_ERR_INV_PACKET);
   else if ( ed-mdc_method )
 { 
@@ -184,26 +210,28 @@
  bytes are appended.  */
   int datalen = gcry_md_get_algo_dlen (ed-mdc_method);
 
-  gcry_cipher_decrypt (dfx.cipher_hd, dfx.defer, 22, NULL, 0);
-  gcry_md_write (dfx.mdc_hash, dfx.defer, 2);
-  gcry_md_final (dfx.mdc_hash);
+  assert (dfx-cipher_hd);
+  assert (dfx-mdc_hash);
+  gcry_cipher_decrypt (dfx-cipher_hd, dfx-defer, 22, NULL, 0);
+  gcry_md_write (dfx-mdc_hash, dfx-defer, 2);
+  gcry_md_final (dfx-mdc_hash);
 
-  if (dfx.defer[0] != '\xd3' || dfx.defer[1] != '\x14' )
+  if (dfx-defer[0] != '\xd3' || dfx-defer[1] != '\x14' )
 {
   log_error(mdc_packet with invalid encoding\n);
   rc = gpg_error (GPG_ERR_INV_PACKET

Re: Signed patch against 2.0.1

[Todd Zullinger]

Werner Koch wrote:
 Here comes a signed patch against 2.0.1 for those who care to verify
 signatures ;-).

Thanks Werner.  Seems that the list archives scrub the attachment,
which makes it less useful than it'd be otherwise, 'cause you can't
point others to the signed patch.  If any of the list owners have some
free time I'd be happy to try to get that corrected or take it to the
mailman-users list for advice if need be.  (It seems that the content
filter settings for the list may be a little aggressive.)

BTW, I really like your Content-Type boundary string. :)

-- 
ToddOpenPGP - KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
==
Lack of money is the root of all evil.
-- George Bernard Shaw Man and Superman, 1903



pgpPBgw3tjWod.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Signed patch against 2.0.1

[Wouter van Heyst]

On Thu, Dec 07, 2006 at 02:01:22PM -0500, Todd Zullinger wrote:
 Werner Koch wrote:
  Here comes a signed patch against 2.0.1 for those who care to verify
  signatures ;-).
 
 Thanks Werner.  Seems that the list archives scrub the attachment,
 which makes it less useful than it'd be otherwise, 'cause you can't
 point others to the signed patch.  If any of the list owners have some
 free time I'd be happy to try to get that corrected or take it to the
 mailman-users list for advice if need be.  (It seems that the content
 filter settings for the list may be a little aggressive.)

I got a patch plus sig just fine, sure it isn't somewhere between the
list server and you that the scrubbing happens?

Wouter van Heyst


signature.asc
Description: Digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users