[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: golang-go.crypto / CVE-2019-11841


So the header is not signed. Good to know.

I think we can ignore the spoofing issue. Yes it is possible to spoof it but on the other hand you can just omit it even if it is checked. I think this is a minor issue. If at all an issue.

But as always I may have missed some important point.

The important thing is that the accepted checksums are strong. With that in place I fail to see a security issue.

/ Ola

Den sön 13 sep. 2020 09:37Brian May <bam@debian.org> skrev:
Ola Lundqvist <ola@inguza.com> writes:

> Looking at the code and your email I have some concerns.
> Isn't the header part of the "signed" argument? If it is not, then there is
> no point of checking it since you can then just change the header anyway.
> If it is part of the signed message it is possible for the function to
> decode it and check it.
> Do the calling application need to do the check, can't
> CheckDetachedSignature do it?
> Or have I missed something?

CheckDetachedSignature is called like:

openpgp.CheckDetachedSignature(keyring, bytes.NewBuffer(b.Bytes), b.ArmoredSignature.Body)

b.Headers has the header we need to check, but we only pass the body
b.Bytes and the signature b.ArmoredSignature.Body. As in the headers
aren't covered by the signature (I assume there is a good reason...).

Does this make sense now?
Brian May <bam@debian.org>

Reply to: