MITKRB5-SA-2004-002: double-free vulnerabilities
Chaskiel M Grundman
cg2v at andrew.cmu.edu
Wed Sep 1 15:00:08 EDT 2004
--On Wednesday, September 01, 2004 17:25:59 +0000 Mike Friedman
<mikef at ack.Berkeley.EDU> wrote:
> I have no trouble verifying the asn1 (MITKRB5-SA-2004-003) patch with PGP.
> Why can't I get -002 to verify?
> Any other ideas? I'm doing this on Solaris 8, using PGP 6.5.8.
It appears as though pgp 6 does not properly implement "canonical text"
signatures (or the rfc2440 behavior is intentionally different from that of
pgp6...) 2440 says:
0x01: Signature of a canonical text document.
Typically, this means the signer owns it, created it, or
certifies that it has not been modified. The signature is
calculated over the text data with its line endings converted
to <CR><LF> and trailing blanks removed.
It appears that gnupg removes trailing blanks from every line, and pgp6
does not. The following scriptlet will convert one of these patch files
into a form that pgp 6.5.8/linux is able to verify for me:
perl -ne 'chomp;s/\s+$//;print $_,"\n"' IN.txt > OUT.txt
IN.txt.asc should be able to verify the text in OUT.txt. Note that OUT.txt
will not be valid input to patch, you need to use IN.txt. Also note that
IN.txt and OUT.txt should compare cleanly with gdiff -b.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 3740 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20040901/81631083/attachment.bin
More information about the Kerberos