roughconsensusandrunningcode/pgpcontrol
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Version 1.4. Now handles wrapped headers that have been unfolded.

Browse source 
(Though I do believe news software oughtn't be unfolding them.)  Checks to
ensure that the temporary file is really a file, and not a link or some
other weirdness.
This commit is contained in:
David Lawrence 1997-08-12 00:00:35 +00:00
parent ec89fd80e9
commit e124662eb5
1 changed files with 29 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
pgpverify
View file

@ -1,6 +1,12 @@
#! /usr/bin/perl -w #! /usr/bin/perl -w
# written April 1996, tale@uunet.uu.net (David C Lawrence) # written April 1996, tale@uunet.uu.net (David C Lawrence)
# Version 1.3 # Version 1.4
#
# Changes from 1.3 -> 1.4
# -- now handles wrapped headers that have been unfolded.
# (though I do believe news software oughtn't be unfolding them.)
# -- checks to ensure that the temporary file is really a file, and
# not a link or some other weirdness
$pgp = '/usr/local/bin/pgp'; $pgp = '/usr/local/bin/pgp';
# if you keep your keyring somewhere that is not the default used by pgp, # if you keep your keyring somewhere that is not the default used by pgp,
@ -40,14 +46,23 @@ while (<>) {
$pgpheader = "X-PGP-Sig"; $pgpheader = "X-PGP-Sig";
exit 1 unless $_ = $header{$pgpheader}; # no signature exit 1 unless $_ = $header{$pgpheader}; # no signature
# this regexp might be too strict about the structure of pgp signature lines # the regexp below might be too strict about the structure of pgp sig lines
$sep = "\n[ \t]+";
$r64 = '[a-zA-Z0-9+/]';
&fail("$0: $pgpheader not in expected format\n")
unless /^(\S+) (\S+)(($sep$r64{64})+$sep$r64+=?=?$sep=$r64{4})$/;
($version, $signed_headers, $signature) = ($1, $2, $3); # the $sep value means the separator between the radix64 signature lines
$signature =~ s/\n[ \t]+/\n/g; # can have any amount of spaces or tabs, but must have at least one space
# or tab, if there is a newline then the space or tab has to follow the
# newline. any number of newlines can appear as long as each is followed
# by at least one space or tab. *phew*
$sep = "[ \t]*(\n?[ \t]+)+";
# match all of the characters in a radix64 string
$r64 = '[a-zA-Z0-9+/]';
&fail("$0: $pgpheader not in expected format\n")
unless /^(\S+)$sep(\S+)(($sep$r64{64})+$sep$r64+=?=?$sep=$r64{4})$/;
($version, $signed_headers, $signature) = ($1, $3, $4);
$signature =~ s/$sep/\n/g;
$message = "-----BEGIN PGP SIGNED MESSAGE-----\n\n"; $message = "-----BEGIN PGP SIGNED MESSAGE-----\n\n";
$message .= "X-Signed-Headers: $signed_headers\n"; $message .= "X-Signed-Headers: $signed_headers\n";
@ -71,6 +86,12 @@ $message .= $signature;
$message .= "\n-----END PGP SIGNATURE-----\n"; $message .= "\n-----END PGP SIGNATURE-----\n";
open(TMP,"> $tmp") || &fail("$0: open > $tmp: $!\n"); open(TMP,"> $tmp") || &fail("$0: open > $tmp: $!\n");
-f TMP ||
&fail("$0: $tmp not a plain file, possible security violation attempt\n");
(stat(_))[3] == 1 ||
&fail("$0: $tmp has hard links, possible security violation attempt\n");
print TMP $message; print TMP $message;
close(TMP) || warn "$0: close > $tmp: $!\n"; close(TMP) || warn "$0: close > $tmp: $!\n";
&fail("$0: write error for message to check\n") &fail("$0: write error for message to check\n")