Re: golang-go.crypto / CVE-2019-11841

To: Brian May <bam@debian.org>
Cc: Ola Lundqvist <ola@inguza.com>, Debian LTS <debian-lts@lists.debian.org>
Subject: Re: golang-go.crypto / CVE-2019-11841
From: Ola Lundqvist <ola@inguza.com>
Date: Mon, 14 Sep 2020 13:44:55 +0200
Message-id: <[🔎] CABY6=0ku8-9tztUoYS_nU=jX_aUP_VVhyGyZefS+a3jh=tv--A@mail.gmail.com>
In-reply-to: <[🔎] 871rj6m8jr.fsf@canidae.wired.pri>
References: <87k0xes8kr.fsf@canidae.wired.pri> <[🔎] 87pn75t6vb.fsf@canidae.wired.pri> <[🔎] 87eenju6qa.fsf@canidae.wired.pri> <[🔎] 877dtatsa2.fsf@canidae.wired.pri> <[🔎] 87r1refqqe.fsf@canidae.wired.pri> <[🔎] CABY6=0nu1DP42xdGA-1whSZVY08fd0JSrarJijHAzAFMycfD7Q@mail.gmail.com> <[🔎] 874ko9p70k.fsf@canidae.wired.pri> <[🔎] CABY6=0nbk71vcgXX3yHeKmm1kYZi=+PduFCbiyNCDx8WXDwEQA@mail.gmail.com> <[🔎] 871rjbq50z.fsf@canidae.wired.pri> <[🔎] CABY6=0mSxsXpjhz-X+=p2wSSeXFuffVf=7X3AQ0GEyy1YRF9-A@mail.gmail.com> <[🔎] 87k0x2edaf.fsf@canidae.wired.pri> <[🔎] CABY6=0=xDdOo1RH9iJiG=xS0T=GaQ48k+w-RSoLPSbTDcZxCUA@mail.gmail.com> <[🔎] 871rj6m8jr.fsf@canidae.wired.pri>

So the header is not signed. Good to know.

I think we can ignore the spoofing issue. Yes it is possible to spoof it but on the other hand you can just omit it even if it is checked. I think this is a minor issue. If at all an issue.

But as always I may have missed some important point.

The important thing is that the accepted checksums are strong. With that in place I fail to see a security issue.

/ Ola

Den sön 13 sep. 2020 09:37Brian May <bam@debian.org> skrev:

Ola Lundqvist <ola@inguza.com> writes:

> Looking at the code and your email I have some concerns.
>
> Isn't the header part of the "signed" argument? If it is not, then there is
> no point of checking it since you can then just change the header anyway.
> If it is part of the signed message it is possible for the function to
> decode it and check it.
>
> Do the calling application need to do the check, can't
> CheckDetachedSignature do it?
>
> Or have I missed something?

CheckDetachedSignature is called like:

openpgp.CheckDetachedSignature(keyring, bytes.NewBuffer(b.Bytes), b.ArmoredSignature.Body)

b.Headers has the header we need to check, but we only pass the body
b.Bytes and the signature b.ArmoredSignature.Body. As in the headers
aren't covered by the signature (I assume there is a good reason...).

Does this make sense now?
--
Brian May <bam@debian.org>

Reply to:

References:
- Re: golang-go.crypto / CVE-2019-11841
  - From: Brian May <bam@debian.org>
- Re: golang-go.crypto / CVE-2019-11841
  - From: Brian May <bam@debian.org>
- Re: golang-go.crypto / CVE-2019-11841
  - From: Brian May <bam@debian.org>
- Re: golang-go.crypto / CVE-2019-11841
  - From: Brian May <bam@debian.org>
- Re: golang-go.crypto / CVE-2019-11841
  - From: Ola Lundqvist <ola@inguza.com>
- Re: golang-go.crypto / CVE-2019-11841
  - From: Brian May <bam@debian.org>
- Re: golang-go.crypto / CVE-2019-11841
  - From: Ola Lundqvist <ola@inguza.com>
- Re: golang-go.crypto / CVE-2019-11841
  - From: Brian May <bam@debian.org>
- Re: golang-go.crypto / CVE-2019-11841
  - From: Ola Lundqvist <ola@inguza.com>
- Re: golang-go.crypto / CVE-2019-11841
  - From: Brian May <bam@debian.org>
- Re: golang-go.crypto / CVE-2019-11841
  - From: Ola Lundqvist <ola@inguza.com>
- Re: golang-go.crypto / CVE-2019-11841
  - From: Brian May <bam@debian.org>

Prev by Date: Re: Backports needed for Firefox/Thunderbird ESR 78 in Buster/Stretch
Next by Date: Re: Backports needed for Firefox/Thunderbird ESR 78 in Buster/Stretch
Previous by thread: Re: golang-go.crypto / CVE-2019-11841
Next by thread: Re: [SECURITY] [DLA 2363-1] asyncpg security update
Index(es):
- Date
- Thread