bug#1757: marked as done (mutt-1.5.4i: gpg sign+encrypt with pgp_retainable_sigs does only encrypt but not sign)

To: Thomas Roessler <roessler@xxxxxxxxxxxxxxxxxx>
Subject: bug#1757: marked as done (mutt-1.5.4i: gpg sign+encrypt with pgp_retainable_sigs does only encrypt but not sign)
From: bugmaster@xxxxxxx (GUUG bug Tracking System)
Date: Mon, 12 Jan 2004 21:03:07 +0100
Cc: <mutt-dev@xxxxxxxx>
In-reply-to: <20040112200247.GH5446@xxxxxxxxxxxxxxxxxxxxxxxxxx>
References: <20040112200247.GH5446@xxxxxxxxxxxxxxxxxxxxxxxxxx> <20040112190620.AE02E1880B@xxxxxxxxxxxxxxxx>
Sender: <bugs@xxxxxxxxxxxxxxxxxxxx>
Your message dated Mon, 12 Jan 2004 21:02:47 +0100
with message-id <20040112200247.GH5446@xxxxxxxxxxxxxxxxxxxxxxxxxx>
and subject line bug#1757: mutt-1.5.4i: gpg sign+encrypt with 
pgp_retainable_sigs does only encrypt but not sign
has caused the attached bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Herr der Kaefer
(administrator, GUUG bugs database)

--------------------------------------
Received: (at submit) by bugs.guug.de; 12 Jan 2004 19:04:09 +0000
>From arturcz@xxxxxxxxxxxxxxxx Mon Jan 12 20:04:05 2004
Received: from blabluga.hell.pl ([62.121.102.27] ident=postfix)
        by trithemius.gnupg.org with esmtp (Exim 3.35 #1 (Debian))
        id 1Ag7M0-00061m-00
        for <submit@xxxxxxxxxxxx>; Mon, 12 Jan 2004 20:04:00 +0100
Received: by blabluga.hell.pl (Postfix, from userid 1000)
        id AE02E1880B; Mon, 12 Jan 2004 20:06:20 +0100 (CET)
From: Artur R.Czechowski <arturcz@xxxxxxx>
To: submit@xxxxxxxxxxxx
Subject: mutt-1.5.4i: gpg sign+encrypt with pgp_retainable_sigs does only 
encrypt but not sign
X-GUUG-CC: 226424@xxxxxxxxxxxxxxx
Message-Id: <20040112190620.AE02E1880B@xxxxxxxxxxxxxxxx>
Date: Mon, 12 Jan 2004 20:06:20 +0100 (CET)
X-Spam-Status: No, hits=-6.1 required=4.0
        tests=AWL,BAYES_01
        version=2.55
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)

Package: mutt
Version: 1.5.4+20031024-1
Severity: normal

[NOTE: this bug report has been submitted to the debian BTS as Bug#226424.
Please Cc all your replies to 226424@xxxxxxxxxxxxxxx .]

From: Holger Hehl <mail@xxxxxxxxxxxxxx>
Subject: mutt-1.5.4i: gpg sign+encrypt with pgp_retainable_sigs does only 
encrypt but not sign
Date: Tue, 6 Jan 2004 15:48:33 +0100

Hello,

when I sign+encrypt a message with the mutt option "pgp_retainable_sigs" set
the resulting message has only been encrypted to the recipient's public key
but not signed by the sender's private key.  Interestingly there occurs no
error while signing the message, the passphrase is correctly asked for.
Such messages get correctly decrypted by either mutt-1.5.4i or mutt-1.3.28i
but the message "PGP signature could NOT be verified." is displayed.

The error has occured with at least gpg versions 1.2.3/1.2.4.

The above error does not occur when "pgp_retainable_sigs" is unset or
mutt-1.3.28i (with/without "pgp_retainable_sigs") is used.
Using /etc/Muttrc from 1.3.28i has not helped either.

This might also be a security issue because the sender thinks that the
message has been sent with a valid signature and/or because the recipient
discards messages with such "bad" signatures.

Greetings,

  Holger Hehl



-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux laptop 2.4.24-laptop #1 Mon Jan 5 22:00:10 CET 2004 i686
Locale: LANG=C, LC_CTYPE=de_DE@euro

Versions of packages mutt depends on:
ii  exim-tls [exim]           3.35-3woody1   Exim Mailer - with TLS (SSL) suppo
ii  exim-tls [mail-transport- 3.35-3woody1   Exim Mailer - with TLS (SSL) suppo
ii  libc6                     2.3.2.ds1-10   GNU C Library: Shared libraries an
ii  libidn9                   0.1.14-2       GNU libidn library, implementation
ii  libncurses5               5.3.20030719-4 Shared libraries for terminal hand
ii  libsasl2                  2.1.15-6       Authentication abstraction library



---------------------------------------
Received: (at 1757-done) by bugs.guug.de; 12 Jan 2004 20:00:43 +0000
>From roessler@xxxxxxxxxxxxxxxxxx Mon Jan 12 21:00:41 2004
Received: from does-not-exist.info ([217.160.221.198] 
helo=kamino.does-not-exist.org)
        by trithemius.gnupg.org with esmtp (Exim 3.35 #1 (Debian))
        id 1Ag8Em-00074W-00
        for <1757-done@xxxxxxxxxxxx>; Mon, 12 Jan 2004 21:00:36 +0100
Received: from voyager.does-not-exist.org (p3E9B9E82.dip0.t-ipconnect.de 
[62.155.158.130])
        (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))
        (No client certificate requested)
        by kamino.does-not-exist.org (Postfix) with ESMTP
        id 20A713140D5; Mon, 12 Jan 2004 21:03:06 +0100 (CET)
Received: by voyager.does-not-exist.org (Postfix, from userid 500)
        id CEB2980C8; Mon, 12 Jan 2004 21:02:47 +0100 (CET)
Date: Mon, 12 Jan 2004 21:02:47 +0100
From: Thomas Roessler <roessler@xxxxxxxxxxxxxxxxxx>
To: "Artur R.Czechowski" <arturcz@xxxxxxx>, 1757-done@xxxxxxxxxxxx
Subject: Re: bug#1757: mutt-1.5.4i: gpg sign+encrypt with pgp_retainable_sigs 
does only encrypt but not sign
Message-ID: <20040112200247.GH5446@xxxxxxxxxxxxxxxxxxxxxxxxxx>
References: <20040112190620.AE02E1880B@xxxxxxxxxxxxxxxx>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="XStn23h1fwudRqtG"
Content-Disposition: inline
In-Reply-To: <20040112190620.AE02E1880B@xxxxxxxxxxxxxxxx>
User-Agent: Mutt/1.5.5.1i
X-Spam-Status: No, hits=-109.6 required=4.0
        tests=AWL,BAYES_00,IN_REP_TO,PGP_SIGNATURE_2,REFERENCES,
              USER_AGENT_MUTT,USER_IN_WHITELIST
        autolearn=ham version=2.55
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)


--XStn23h1fwudRqtG
Content-Type: multipart/mixed; boundary="zaRBsRFn0XYhEU69"
Content-Disposition: inline


--zaRBsRFn0XYhEU69
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2004-01-12 20:06:20 +0100, Artur R.Czechowski wrote:

> This might also be a security issue because the sender thinks
> that the message has been sent with a valid signature and/or
> because the recipient discards messages with such "bad"
> signatures.

Argh.  This is a bad one.  Patch attached, and committed to the CVS.

--=20
Thomas Roessler                       <roessler@xxxxxxxxxxxxxxxxxx>

--zaRBsRFn0XYhEU69
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="patch-1.5.5.1.tlr.retainable_sigs.1"
Content-Transfer-Encoding: quoted-printable

? core.12526
? err
? mutt-1.5.5-extra.tgz
? patch
? patch-1.5.3-CVS.tlr.idna.1
? patch-1.5.4.nr.tag_prefix_cond
? patch-1.5.4.tlr.nodots.1
? patch-1.5.4.tlr.pgpsmimeautoselect.1
? patch-1.5.4.tlr.query_mem.1
? patch-1.5.4.tlr.save_attachment.1
? patch-1.5.4.tlr.tag_prefix.1
? patch-1.5.5.1.tlr.libidncompat.1
? patch-1.5.5.1.tlr.partsign.1
? patch-1.5.5.1.tlr.retainable_sigs.1
? patch-1.5.5.1.tlr.thread_free.1
? patch-1.5.5.1.tlr.unbind.1
? patch-1.5.5.1692
? pgpring.sample
? send.c.new
? sort.c.new
? stamp-h1
? typescript
Index: crypt.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /cvs/mutt/mutt/crypt.c,v
retrieving revision 3.21
diff -u -r3.21 crypt.c
--- crypt.c     30 Dec 2003 13:04:20 -0000      3.21
+++ crypt.c     12 Jan 2004 19:58:49 -0000
@@ -210,6 +210,8 @@
=20
   if ((WithCrypto & APPLICATION_SMIME))
     tmp_smime_pbody =3D msg->content;
+  if ((WithCrypto & APPLICATION_PGP))
+    tmp_pgp_pbody   =3D msg->content;
=20
   if (msg->security & SIGN)
   {
@@ -267,7 +269,7 @@
     if ((WithCrypto & APPLICATION_PGP)
         && (msg->security & APPLICATION_PGP))
     {
-      if (!(pbody =3D crypt_pgp_encrypt_message (msg->content, keylist,
+      if (!(pbody =3D crypt_pgp_encrypt_message (tmp_pgp_pbody, keylist,
                                                flags & SIGN)))
       {
=20
@@ -275,9 +277,9 @@
        if (flags !=3D msg->security)
        {
          /* remove the outer multipart layer */
-         msg->content =3D mutt_remove_multipart (msg->content);
+         tmp_pgp_pbody =3D mutt_remove_multipart (tmp_pgp_pbody);
          /* get rid of the signature */
-         mutt_free_body (&msg->content->next);
+         mutt_free_body (&tmp_pgp_pbody->next);
        }
=20
        return (-1);
@@ -288,8 +290,8 @@
        */
       if (flags !=3D msg->security)
       {
-       mutt_remove_multipart (msg->content);
-       mutt_free_body (&msg->content->next);
+       tmp_pgp_pbody =3D mutt_remove_multipart (tmp_pgp_pbody);
+       mutt_free_body (&tmp_pgp_pbody->next);
       }
     }
   }

--zaRBsRFn0XYhEU69--

--XStn23h1fwudRqtG
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAAv1mA+zWmZc3wN0RAlYLAKCutwt3zbz8fxrhPrzsZY0nPNLilQCfeDaP
tACnPA75bBfrD0NHCw4LcGY=
=GTVL
-----END PGP SIGNATURE-----

--XStn23h1fwudRqtG--
Prev by Date: Re: Workaround for PGP send.c bug introduced between 1.5.3 and 1.5.5.1
Next by Date: Processed: your mail
Previous by thread: [2004-01-12] CVS repository changes
Next by thread: bug#1754: marked as done (missing newline in manual)
Index(es):
- Date
- Thread