Re: [PATCH] Minor bug when displaying clearsigned messages

To: Mutt dev ml <mutt-dev@xxxxxxxx>
Subject: Re: [PATCH] Minor bug when displaying clearsigned messages
From: Alain Bench <veronatif@xxxxxxx>
Date: Thu, 3 Aug 2006 20:22:45 +0200 (CEST)
In-reply-to: <20060803114631.GC9474@xxxxxxxxxxxxxxxxxxxxxxxxxx>
List-unsubscribe: <mailto:mutt-dev-request@mutt.org?Subject="Unsubscribe Mutt Dev"?body=unsubscribe>
Mail-followup-to: Mutt dev ml <mutt-dev@xxxxxxxx>
References: <20050126190438.GA1554@xxxxxxxxxxxxxxx> <20060803105138.GA5133@xxxxxxx> <20060803114631.GC9474@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-mutt-dev@xxxxxxxx
User-agent: Mutt/1.4i-ja.1

 On Thursday, August 3, 2006 at 13:46:31 +0200, Thomas Roessler wrote:

> the semantics of spaces in armor headers are defined quite clearly by
> the spec, no?

    Is it not: "Strip'em all!" from end of lines? Anyway the patch acts
exclusively on header/data separator, not header. Whatever point of
view, a line of spaces can *never* be an armor header. Nor the
continuation line of a folded armor header (there is anyway no such
thing, IIUC).


> Displaying stuff as "signed" that is actually part of the headers
> (which aren't signed!) is a security problem.

    No problem: GnuPG already verifies the signature on the whole data,
even when the separator has spurious spaces. Just like headers, the
separator is also not signed. If the data sig is Good, GnuPG states it,
regardless of the number of spaces on separator. Then later Mutt's pager
displays this verified data, minus the first paragraph (and that's not a
minor bug).

    The problem is not the risk to display more than the data, this
seemingly can't happen (due to trailing spaces). Or if it happens (due
to other manipulations), the sig becomes BAD. The problem is the risk to
display Good data incompletely. And it's not a balance between those two
risks: Fixing the 2nd doesn't increase the 1st (I believe).

    I know it's not used in Mutt, but if GnuPG 1.4.4 is asked to display
the data, it outputs the whole data to stdout:

| $ gpg --decrypt badmail
| foo
| gpg: Signature made mer 26 jan 2005 19:20:43 CET using DSA key ID 49E1CBC9
| gpg: Good signature from "David M. Shaw <dshaw@xxxxxxxxxxxxxxx>" [ultimate]
| gpg: Preferred keyserver: http://www.jabberwocky.com/key.asc
|
| $ gpg --decrypt badmail 2> /dev/null | hex
| 66 6F 6F 0A

    The patch makes Mutt behave consistently with GnuPG: Display only
verified data, but all verified data.

    In fact the classic interface pgp.c code is already consistent with
GnuPG, since 1 year and a half, patch approved by yourself, commited in
Mutt 1.5.7, working OK since 1.5.8. My patch renders the new GPGME
interface consistent too. In theory.

    In practice: If a GPGME user confirms "foo" lacks, I'm fairly sure
my patch will fix it without drawback.


Bye!    Alain.
-- 
libiconv 1.11 is released, with the iconv command having configurable
substitutions for invalid and unconvertable characters.

Follow-Ups:
- Re: [PATCH] Minor bug when displaying clearsigned messages
  - From: Thomas Roessler

References:
- [PATCH] Minor bug when displaying clearsigned messages
  - From: David Shaw
- Re: [PATCH] Minor bug when displaying clearsigned messages
  - From: Alain Bench
- Re: [PATCH] Minor bug when displaying clearsigned messages
  - From: Thomas Roessler

Prev by Date: Re: mutt/2402: damaged regexps in folder-hooks
Next by Date: Re: reply-hook
Previous by thread: Re: [PATCH] Minor bug when displaying clearsigned messages
Next by thread: Re: [PATCH] Minor bug when displaying clearsigned messages
Index(es):
- Date
- Thread