* [sup-devel] [PATCH] fix GPG "hang" on malformed PGP message (detached signature)
@ 2010-10-05 11:25 Sascha Silbe
2010-10-08 4:20 ` Rich Lane
2010-10-08 12:53 ` Michael Hamann
0 siblings, 2 replies; 5+ messages in thread
From: Sascha Silbe @ 2010-10-05 11:25 UTC (permalink / raw)
To: sup-devel
A PGP message chunk (bounded by "-----BEGIN PGP MESSAGE-----" and
"-----END PGP MESSAGE-----") can contain a detached signature. By default GPG
will wait for the payload to be supplied on stdin if it gets passed a lone
detached signature. To the user it will appear as GPG (or sup, since they
don't see any output from GPG) hanging.
The best way to solve this would be enabling batch mode, but then passphrase
querying without gpg-agent wouldn't work anymore. So we resort to passing
--multifile which has the side effect of not allowing detached signatures.
Encountered and tested with message
<AANLkTin1Ysn7Fp32Eoyjo3jjhHwVrc=hMuq+okgKNfmr@mail.gmail.com> [1] on the git
mailing list.
[1] http://marc.info/?l=git&m=128623349711269&q=raw
Signed-off-by: Sascha Silbe <sascha-pgp@silbe.org>
---
lib/sup/crypto.rb | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/lib/sup/crypto.rb b/lib/sup/crypto.rb
index 289fb0e..68a57c8 100644
--- a/lib/sup/crypto.rb
+++ b/lib/sup/crypto.rb
@@ -144,7 +144,7 @@ def decrypt payload, armor=false # a RubyMail::Message object
output_fn = Tempfile.new "redwood.output"
output_fn.close
- message = run_gpg "--output #{output_fn.path} --skip-verify --yes --decrypt #{payload_fn.path}", :interactive => true
+ message = run_gpg "--output #{output_fn.path} --multifile --skip-verify --yes --decrypt #{payload_fn.path}", :interactive => true
unless $?.success?
info "Error while running gpg: #{message}"
--
1.7.1
_______________________________________________
Sup-devel mailing list
Sup-devel@rubyforge.org
http://rubyforge.org/mailman/listinfo/sup-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [sup-devel] [PATCH] fix GPG "hang" on malformed PGP message (detached signature)
2010-10-05 11:25 [sup-devel] [PATCH] fix GPG "hang" on malformed PGP message (detached signature) Sascha Silbe
@ 2010-10-08 4:20 ` Rich Lane
2010-10-08 12:53 ` Michael Hamann
1 sibling, 0 replies; 5+ messages in thread
From: Rich Lane @ 2010-10-08 4:20 UTC (permalink / raw)
To: Sascha Silbe; +Cc: sup-devel
Applied to master.
_______________________________________________
Sup-devel mailing list
Sup-devel@rubyforge.org
http://rubyforge.org/mailman/listinfo/sup-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [sup-devel] [PATCH] fix GPG "hang" on malformed PGP message (detached signature)
2010-10-05 11:25 [sup-devel] [PATCH] fix GPG "hang" on malformed PGP message (detached signature) Sascha Silbe
2010-10-08 4:20 ` Rich Lane
@ 2010-10-08 12:53 ` Michael Hamann
2010-10-08 14:36 ` Christopher Bertels
1 sibling, 1 reply; 5+ messages in thread
From: Michael Hamann @ 2010-10-08 12:53 UTC (permalink / raw)
To: sup-devel
Hi,
Excerpts from Sascha Silbe's message of 2010-10-05 13:25:33 +0200:
> - message = run_gpg "--output #{output_fn.path} --skip-verify --yes --decrypt #{payload_fn.path}", :interactive => true
> + message = run_gpg "--output #{output_fn.path} --multifile --skip-verify --yes --decrypt #{payload_fn.path}", :interactive => true
This change breaks GPG decryption completely for me, not a single
message I've tried is decrypted anymore. The error message I'm getting
is Error while running gpg: gpg: --output doesn't work for this command.
I'm using gpg version 1.4.10. The complete gpg command that is executed
is:
LC_MESSAGES=C /usr/bin/gpg --quiet --batch --no-verbose --logger-fd 1 --use-agent --output /tmp/redwood.output20101008-5410-lj1dh3 --multifile --skip-verify --yes --decrypt /tmp/redwood.payload20101008-5410-1qtud0x > /tmp/redwood.output20101008-5410-2rsbb5 2> /dev/null
Michael
_______________________________________________
Sup-devel mailing list
Sup-devel@rubyforge.org
http://rubyforge.org/mailman/listinfo/sup-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [sup-devel] [PATCH] fix GPG "hang" on malformed PGP message (detached signature)
2010-10-08 12:53 ` Michael Hamann
@ 2010-10-08 14:36 ` Christopher Bertels
2010-10-08 20:09 ` Rich Lane
0 siblings, 1 reply; 5+ messages in thread
From: Christopher Bertels @ 2010-10-08 14:36 UTC (permalink / raw)
To: sup-devel
Excerpts from Michael Hamann's message of Fr Okt 08 14:53:56 +0200 2010:
> Hi,
>
> Excerpts from Sascha Silbe's message of 2010-10-05 13:25:33 +0200:
> > - message = run_gpg "--output #{output_fn.path} --skip-verify --yes --decrypt #{payload_fn.path}", :interactive => true
> > + message = run_gpg "--output #{output_fn.path} --multifile --skip-verify --yes --decrypt #{payload_fn.path}", :interactive => true
>
> This change breaks GPG decryption completely for me, not a single
> message I've tried is decrypted anymore. The error message I'm getting
> is Error while running gpg: gpg: --output doesn't work for this command.
> I'm using gpg version 1.4.10. The complete gpg command that is executed
> is:
Yup, same for me :(
>
> LC_MESSAGES=C /usr/bin/gpg --quiet --batch --no-verbose --logger-fd 1 --use-agent --output /tmp/redwood.output20101008-5410-lj1dh3 --multifile --skip-verify --yes --decrypt /tmp/redwood.payload20101008-5410-1qtud0x > /tmp/redwood.output20101008-5410-2rsbb5 2> /dev/null
>
> Michael
--
================================
Christopher Bertels
http://www.fancy-lang.org
http://www.adztec-independent.de
GPG Key ID: 0x2345b203
_______________________________________________
Sup-devel mailing list
Sup-devel@rubyforge.org
http://rubyforge.org/mailman/listinfo/sup-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [sup-devel] [PATCH] fix GPG "hang" on malformed PGP message (detached signature)
2010-10-08 14:36 ` Christopher Bertels
@ 2010-10-08 20:09 ` Rich Lane
0 siblings, 0 replies; 5+ messages in thread
From: Rich Lane @ 2010-10-08 20:09 UTC (permalink / raw)
To: Christopher Bertels; +Cc: sup-devel
Excerpts from Christopher Bertels's message of Fri Oct 08 10:36:04 -0400 2010:
> Excerpts from Michael Hamann's message of Fr Okt 08 14:53:56 +0200 2010:
> > Hi,
> >
> > Excerpts from Sascha Silbe's message of 2010-10-05 13:25:33 +0200:
> > > - message = run_gpg "--output #{output_fn.path} --skip-verify --yes --decrypt #{payload_fn.path}", :interactive => true
> > > + message = run_gpg "--output #{output_fn.path} --multifile --skip-verify --yes --decrypt #{payload_fn.path}", :interactive => true
> >
> > This change breaks GPG decryption completely for me, not a single
> > message I've tried is decrypted anymore. The error message I'm getting
> > is Error while running gpg: gpg: --output doesn't work for this command.
> > I'm using gpg version 1.4.10. The complete gpg command that is executed
> > is:
>
> Yup, same for me :(
>
> >
> > LC_MESSAGES=C /usr/bin/gpg --quiet --batch --no-verbose --logger-fd 1 --use-agent --output /tmp/redwood.output20101008-5410-lj1dh3 --multifile --skip-verify --yes --decrypt /tmp/redwood.payload20101008-5410-1qtud0x > /tmp/redwood.output20101008-5410-2rsbb5 2> /dev/null
> >
> > Michael
Reverted.
_______________________________________________
Sup-devel mailing list
Sup-devel@rubyforge.org
http://rubyforge.org/mailman/listinfo/sup-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2010-10-08 20:14 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-10-05 11:25 [sup-devel] [PATCH] fix GPG "hang" on malformed PGP message (detached signature) Sascha Silbe
2010-10-08 4:20 ` Rich Lane
2010-10-08 12:53 ` Michael Hamann
2010-10-08 14:36 ` Christopher Bertels
2010-10-08 20:09 ` Rich Lane
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox