From ff7aeb3d46a94224095ef514d1a03ae7fdd38e9b Mon Sep 17 00:00:00 2001 From: Andrew Engelbrecht Date: Mon, 27 Jul 2015 17:50:55 -0400 Subject: [PATCH] don't crash when given a corrupted detached sig --- edward | 6 +++-- tests/gpg-flatten-11.eml | 54 ++++++++++++++++++++++++++++++++++++++++ tests/gpg-flatten-11.out | 11 ++++++++ 3 files changed, 69 insertions(+), 2 deletions(-) create mode 100644 tests/gpg-flatten-11.eml create mode 100644 tests/gpg-flatten-11.out diff --git a/edward b/edward index df74017..56d3c25 100755 --- a/edward +++ b/edward @@ -1006,9 +1006,11 @@ def verify_detached_signature (detached_sig, plaintext_bytes, gpgme_ctx): detached_sig_fp = io.BytesIO(detached_sig.encode('ascii')) plaintext_fp = io.BytesIO(plaintext_bytes) - ptxt_fp = io.BytesIO() - result = gpgme_ctx.verify(detached_sig_fp, plaintext_fp, None) + try: + result = gpgme_ctx.verify(detached_sig_fp, plaintext_fp, None) + except gpgme.GpgmeError: + return [] sig_fingerprints = [] for res_ in result: diff --git a/tests/gpg-flatten-11.eml b/tests/gpg-flatten-11.eml new file mode 100644 index 0000000..93b7212 --- /dev/null +++ b/tests/gpg-flatten-11.eml @@ -0,0 +1,54 @@ +From: No One +MIME-Version: 1.0 +To: No One +Subject: =?UTF-8?B?44GT44KT44Gr44Gh44Gv44CB44GK5YWD5rCX44Gn44GZ44GL77yf?= +Content-Type: multipart/signed; micalg=pgp-sha512; + protocol="application/pgp-signature"; + boundary="69pEqCNMs7DnfdpwkAdpUCaf0lwnKu6Vr" + +This is an OpenPGP/MIME signed message (RFC 4880 and 3156) +--69pEqCNMs7DnfdpwkAdpUCaf0lwnKu6Vr +Content-Type: text/plain; charset=utf-8 +Content-Transfer-Encoding: quoted-printable + +thanks for the message! + +> =C3=9Cber Spa=C3=9F. +> +> qual =C3=A8 il suono di una mano sola? +> +> =E3=81=93=E3=82=93=E3=81=AB=E3=81=A1=E3=81=AF=E3=80=81=E3=81=8A=E5=85=83= +=E6=B0=97=E3=81=A7=E3=81=99=E3=81=8B=EF=BC=9F +> + +test. + +-andrew + + + + + + + + + +--69pEqCNMs7DnfdpwkAdpUCaf0lwnKu6Vr +Content-Type: application/pgp-signature; name="signature.asc" +Content-Description: OpenPGP digital signature +Content-Disposition: attachment; filename="signature.asc" + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQEcBAEBCgAGBQJVr7ynAAoJEO8exSA5s25YknEH/isrM1jly/A0uwd6mgh60ob9 +1R6+Z8P68Prx19uGBbURkRQwXQUCv9v/Q7eJAOCi3fFqWtPZjPjW3bC4apOKguEU +2DjjinZ9uBeHZz6W6R9Hs0JhbF038vMBmRz3BGouRqg06gTDwnj1l13RkbaZSsi2 +T/PjyaIS5P8ffEbIEwQt2gmFR2x/+eE3Ot/vzupdR8jZFk4oJ/YxtEOYFIc3Mnav +8km9V1AKBlskASY0cW84R7pngFDTZeB2ElYdGslDu1r1GdeX4qAUhqYZVmZ8O4op +4tv/gR51nw83lqJPgleZFMSFPPaafKb7JjeeYW6w4xjLKJ+xN1OV2Sjd5FM2KJs= +=tTBC +-----END PGP SIGNATURE----- + +--69pEqCNMs7DnfdpwkAdpUCaf0lwnKu6Vr-- + diff --git a/tests/gpg-flatten-11.out b/tests/gpg-flatten-11.out new file mode 100644 index 0000000..ec68436 --- /dev/null +++ b/tests/gpg-flatten-11.out @@ -0,0 +1,11 @@ + + +Your signature could not be verified. + +I'm sorry, I was not able to find your public key. Did you remember to attach it? + +- Edward, the friendly GnuPG bot +The Free Software Foundation created me. + +Can you donate to support their work? +https://www.fsf.org/donate -- 2.25.1