Bug#741213: mutt: pgpring displays an incorrect length for DSA and Elgamal keys

Sun, 09 Mar 2014 17:28:31 -0700 

Package: mutt
Version: 1.5.22-1
Severity: normal
Tags: patch

Dear Maintainer,

As signing-party's pgpring, Mutt's does not look at the right field as
key lengh for DSA and Elgamal keys, which results to an incorrect
output similar to that reported in #602284.  The attached patch, adapted 
from Fabrizio Tarizzo's, fixes the issue; see

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602284

for details.

Cheers,
-- 
Guilhem.


-- Package-specific info:
Mutt 1.5.22 (2013-10-16)
Copyright (C) 1996-2009 Michael R. Elkins and others.
Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
Mutt is free software, and you are welcome to redistribute it
under certain conditions; type `mutt -vv' for details.

System: Linux 3.13-1-686-pae (i686)
ncurses: ncurses 5.9.20140118 (compiled with 5.9)
libidn: 1.28 (compiled with 1.28)
hcache backend: tokyocabinet 1.4.48

Compiler:
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/i486-linux-gnu/4.8/lto-wrapper
Target: i486-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Debian 4.8.2-14' 
--with-bugurl=file:///usr/share/doc/gcc-4.8/README.Bugs 
--enable-languages=c,c++,java,go,d,fortran,objc,obj-c++ --prefix=/usr 
--program-suffix=-4.8 --enable-shared --enable-linker-build-id 
--libexecdir=/usr/lib --without-included-gettext --enable-threads=posix 
--with-gxx-include-dir=/usr/include/c++/4.8 --libdir=/usr/lib --enable-nls 
--with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug 
--enable-libstdcxx-time=yes --enable-gnu-unique-object --disable-libmudflap 
--enable-plugin --with-system-zlib --disable-browser-plugin 
--enable-java-awt=gtk --enable-gtk-cairo 
--with-java-home=/usr/lib/jvm/java-1.5.0-gcj-4.8-i386/jre --enable-java-home 
--with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-4.8-i386 
--with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-4.8-i386 
--with-arch-directory=i386 --with-ecj-jar=/usr/share/java/eclipse-ecj.jar 
--enable-objc-gc --enable-targets=all --enable-multiarch --with-arch-32=i586 
--with-multilib-list=m32,m64,mx32 --with-tune=generic --enable-checking=release 
--build=i486-linux-gnu --host=i486-linux-gnu --target=i486-linux-gnu
Thread model: posix
gcc version 4.8.2 (Debian 4.8.2-14) 

Configure options: '--prefix=/usr' '--sysconfdir=/etc' 
'--mandir=/usr/share/man' '--with-docdir=/usr/share/doc' 
'--with-mailpath=/var/mail' '--disable-dependency-tracking' 
'--enable-compressed' '--enable-debug' '--enable-fcntl' '--enable-hcache' 
'--enable-gpgme' '--enable-imap' '--enable-smtp' '--enable-pop' '--with-curses' 
'--with-gnutls' '--with-gss' '--with-idn' '--with-mixmaster' '--with-sasl' 
'--without-gdbm' '--without-bdb' '--without-qdbm' '--build' 'i486-linux-gnu' 
'build_alias=i486-linux-gnu' 'CFLAGS=-g -O2 -fstack-protector 
--param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wall' 
'LDFLAGS=-Wl,-z,relro' 'CPPFLAGS=-D_FORTIFY_SOURCE=2 -I/usr/include/qdbm'

Compilation CFLAGS: -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat 
-Werror=format-security -Wall

Compile options:
-DOMAIN
+DEBUG
-HOMESPOOL  +USE_SETGID  +USE_DOTLOCK  +DL_STANDALONE  +USE_FCNTL  -USE_FLOCK   
+USE_POP  +USE_IMAP  +USE_SMTP  
-USE_SSL_OPENSSL  +USE_SSL_GNUTLS  +USE_SASL  +USE_GSS  +HAVE_GETADDRINFO  
+HAVE_REGCOMP  -USE_GNU_REGEX  
+HAVE_COLOR  +HAVE_START_COLOR  +HAVE_TYPEAHEAD  +HAVE_BKGDSET  
+HAVE_CURS_SET  +HAVE_META  +HAVE_RESIZETERM  
+CRYPT_BACKEND_CLASSIC_PGP  +CRYPT_BACKEND_CLASSIC_SMIME  +CRYPT_BACKEND_GPGME  
-EXACT_ADDRESS  -SUN_ATTACHMENT  
+ENABLE_NLS  -LOCALES_HACK  +COMPRESSED  +HAVE_WC_FUNCS  +HAVE_LANGINFO_CODESET 
 +HAVE_LANGINFO_YESEXPR  
+HAVE_ICONV  -ICONV_NONTRANS  +HAVE_LIBIDN  +HAVE_GETSID  +USE_HCACHE  
-ISPELL
SENDMAIL="/usr/sbin/sendmail"
MAILPATH="/var/mail"
PKGDATADIR="/usr/share/mutt"
SYSCONFDIR="/etc"
EXECSHELL="/bin/sh"
MIXMASTER="mixmaster"
To contact the developers, please mail to <mutt-...@mutt.org>.
To report a bug, please visit http://bugs.mutt.org/.

0001-__misc__am-maintainer-mode.patch
0002-__features__ifdef.patch
0003-__features__xtitles.patch
0004-__features__trash-folder.patch
0005-__features__purge-message.patch
0006-__features__imap_fast_trash.patch
0007-__features__sensible_browser_position.patch
0008-__features-old__patch-1.5.4.vk.pgp_verbose_mime.patch
0009-__features__compressed-folders.patch
0010-__features__compressed-folders.debian.patch
0011-__debian-specific__Muttrc.patch
0012-__debian-specific__Md.etc_mailname_gethostbyname.patch
0013-__debian-specific__use_usr_bin_editor.patch
0014-__debian-specific__correct_docdir_in_man_page.patch
0015-__debian-specific__dont_document_not_present_feature.patch
0016-__debian-specific__document_debian_defaults.patch
0017-__debian-specific__assumed_charset-compat.patch
0018-__debian-specific__467432-write_bcc.patch
0019-__debian-specific__566076-build_doc_adjustments.patch
0020-__misc__define-pgp_getkeys_command.patch
0021-__misc__gpg.rc-paths.patch
0022-__misc__smime.rc.patch
0023-__misc__fix-configure-test-operator.patch
0024-__upstream__531430-imapuser.patch
0025-__upstream__543467-thread-segfault.patch
0026-__upstream__542817-smimekeys-tmpdir.patch
0027-__upstream__548577-gpgme-1.2.patch
0028-__upstream__553321-ansi-escape-segfault.patch
0029-__upstream__547980-smime_keys-chaining.patch
0030-__upstream__528233-readonly-open.patch
0031-__upstream__228671-pipe-mime.patch
0032-__upstream__383769-score-match.patch
0033-__upstream__603288-split-fetches.patch
0034-__upstream__611410-no-implicit_autoview-for-text-htm.patch
0035-__upstream__path_max.patch
0036-Update-German-translation.patch
0036-__separator__mutt.org.patch

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (800, 'testing'), (700, 'stable'), (1, 
'experimental')
Architecture: i386 (i686)

Kernel: Linux 3.13-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages mutt depends on:
ii  libassuan0        2.1.1-1
ii  libc6             2.18-4
ii  libcomerr2        1.42.9-3
ii  libgnutls26       2.12.23-13
ii  libgpg-error0     1.12-0.2
ii  libgpgme11        1.4.3-0.1
ii  libgssapi-krb5-2  1.12+dfsg-2
ii  libidn11          1.28-1
ii  libk5crypto3      1.12+dfsg-2
ii  libkrb5-3         1.12+dfsg-2
ii  libncursesw5      5.9+20140118-1
ii  libsasl2-2        2.1.26.dfsg1-9
ii  libtinfo5         5.9+20140118-1
ii  libtokyocabinet9  1.4.48-2

Versions of packages mutt recommends:
ii  libsasl2-modules                2.1.26.dfsg1-9
ii  locales                         2.18-4
ii  mime-support                    3.54
ii  postfix [mail-transport-agent]  2.11.0-1+b1

Versions of packages mutt suggests:
ii  aspell           0.60.7~20110707-1
ii  ca-certificates  20130906
ii  gnupg            1.4.16-1.1
pn  mixmaster        <none>
ii  openssl          1.0.1f-1
ii  urlview          0.9-19

Versions of packages mutt is related to:
ii  mutt          1.5.22-1
pn  mutt-dbg      <none>
pn  mutt-patched  <none>

-- no debconf information

--- a/pgppubring.c
+++ b/pgppubring.c
@@ -327,19 +327,15 @@
   p->algorithm = pgp_pkalgbytype (alg);
   p->flags |= pgp_get_abilities (alg);
 
-  if (alg == 17)
-    skip_bignum (buff, l, j, &j, 3);
-  else if (alg == 16 || alg == 20)
-    skip_bignum (buff, l, j, &j, 2);
-
   len = (buff[j] << 8) + buff[j + 1];
   p->keylen = len;
 
-
   if (alg >= 1 && alg <= 3)
     skip_bignum (buff, l, j, &j, 2);
-  else if (alg == 17 || alg == 16 || alg == 20)
-    skip_bignum (buff, l, j, &j, 1);
+  else if (alg == 16 || alg == 20)
+    skip_bignum (buff, l, j, &j, 3);
+  else if (alg == 17)
+    skip_bignum (buff, l, j, &j, 4);
 
   pgp_make_pgp3_fingerprint (buff, j, digest);
   p->fp_len = SHA_DIGEST_LENGTH;

Attachment: signature.asc
Description: Digital signature

Reply via email to