MITKRB5-SA-2004-002: double-free vulnerabilities

Chaskiel M Grundman cg2v at
Wed Sep 1 15:00:08 EDT 2004

--On Wednesday, September 01, 2004 17:25:59 +0000 Mike Friedman
<mikef at ack.Berkeley.EDU> wrote:

> I have no trouble verifying the asn1 (MITKRB5-SA-2004-003) patch with PGP.
> Why can't I get -002 to verify?
> Any other ideas?  I'm doing this on Solaris 8, using PGP 6.5.8.

It appears as though pgp 6 does not properly implement "canonical text"
signatures (or the rfc2440 behavior is intentionally different from that of
pgp6...) 2440 says:

   0x01: Signature of a canonical text document.
         Typically, this means the signer owns it, created it, or
         certifies that it has not been modified.  The signature is
         calculated over the text data with its line endings converted
         to <CR><LF> and trailing blanks removed.

It appears that gnupg removes trailing blanks from every line, and pgp6
does not. The following scriptlet will convert one of these patch files
into a form that pgp 6.5.8/linux is able to verify for me:

perl -ne 'chomp;s/\s+$//;print $_,"\n"' IN.txt > OUT.txt

IN.txt.asc should be able to verify the text in OUT.txt. Note that OUT.txt
will not be valid input to patch, you need to use IN.txt. Also note that
IN.txt and OUT.txt should compare cleanly with gdiff -b.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pkcs7-signature
Size: 3740 bytes
Desc: not available
Url :

More information about the Kerberos mailing list