lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <87ek1wkgxe.fsf__31363.8640837327$1140539648$gmane$org@wheatstone.g10code.de>
Date: Tue, 21 Feb 2006 13:57:49 +0100
From: Werner Koch <wk@...pg.org>
To: Marcus Meissner <meissner@...e.de>
Cc: gnupg-devel@...pg.org, bugtraq@...urityfocus.com
Subject: Re: Not completely fixed?

On Mon, 20 Feb 2006 17:14:52 +0100, Marcus Meissner said:

> While files with other content report:
> $ gpg -o xx xx.any
> gpg: no valid OpenPGP data found.
> gpg: processing message failed: eof
> $ echo $?
> 2
> $

Just to explain this one: The code uses a heuristic to test whether it
is a binary or armored messages.  If it decided that it is armored,
the de-armoring code is run and that one will eventually complain that
this does not look like OpenPGP.  We added this diagnostic quite some
time ago on because too often garbled armored messages led to user
confusion.

The thing with binary messages is that gpg will happily parse them if
they look like an OpenPGP packets and only terminate with an error if
they don't.  It is easy to make up OpenPGP data without any actual
use.  Minor changes in the parser may change what gpg considers
acceptable.  The exact semantics have never been defined, so I don't
considere this a bug.  gpg is not a OpenPGP packet validator.

Changing that now will probably break more things than do any good.

There are a few non-security related issues with the last update; we
are right now sorting them out.


Shalom-Salam,

   Werner

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ