Bugs
========
9. Bugs
========
9.1 Where should I send bug reports?
Bugs related to MIT PGP should be sent to pgp-bugs@mit.edu. You will
want to check http://www.mit.edu:8001/people/warlord/pgp-faq.html
before reporting a bug to make sure that the bug hasn't been reported
already. If it is a serious bug, you should also post it to
alt.security.pgp. Serious bugs are bugs that affect the security of
the program, not compile errors or small logic errors.
Post all of your bug reports concerning non-MIT versions of PGP to
alt.security.pgp, and forward a copy to me for possible inclusion in
future releases of the FAQ. Please be aware that the authors of PGP
might not acknowledge bug reports sent directly to them. Posting them
on USENET will give them the widest possible distribution in the
shortest amount of time.
The following list of bugs is limited to version 2.4 and later, and is
limited to the most commonly seen and serious bugs. For bugs in
earlier versions, refer to the documentation included with the
program. If you find a bug not on this list, follow the procedure
above for reporting it.
========
MIT PGP 2.6 had a bug in the key generation process which made keys
generated by it much less random. Fixed in 2.6.1.
All versions of PGP except MIT PGP 2.6.2 are susceptible to a "buglet"
in clearsigned messages, making it possible to add text to the
beginning of a clearsigned message. The added text does not appear in
the PGP output after the signature is checked. MIT PGP 2.6.2 now does
not allow header lines before the text of a clearsigned message and
enforces RFC 822 syntax on header lines before the signature. Since
this bug appears at checking time, however, you should be aware of
this bug even if you use MIT PGP 2.6.2 - the reader may check your
signed message with a different version and not read the output.
MIT PGP 2.6.1 was supposed to handle keys between 1024 and 2048 bits
in length, but could not. Fixed in 2.6.2.
MIT PGP 2.6.2 was supposed to enable the generation of keys up to 2048
bits after December 25, 1994; a one-off bug puts that upper limit at
2047 bits instead. It has been reported that this problem does not
appear when MIT PGP is compiled under certain implementations of Unix.
The problem is fixed in versions 2.7.1 and 2.6.2i.
PGP 2.6ui continues to exhibit the bug in 2.3a where conventionally
encrypted messages, when encrypted twice with the same pass phrase,
produce the same ciphertext.
Many of the versions of MacPGP (especially beta versions of MIT
MacPGP) have been reported to not handle text files and ASCII-armored
files correctly, causing some signatures not to validate.
ViaCrypt has reported a bug in freeware PGP affecting at least PGP
2.3a and MIT PGP 2.6, 2.6.1, and 2.6.2. This bug affects signatures
made with keys between 2034 and 2048 bits in length, causing them to
be corrupted. Practically speaking, this bug only affects versions of
PGP that support the longer key lengths. ViaCrypt reports that this
only seems to be a problem when running PGP on a Sun SPARC-based
workstation. ViaCrypt PGP 2.7.1 and PGP 2.6.2i do not suffer from
this bug. The following patch will fix the problem in MIT PGP 2.6.2:
<===== begin patch (cut here)
- --- crypto.c.orig Mon Mar 20 22:30:29 1995
+++ crypto.c Mon Mar 20 22:55:32 1995
@@ -685,7 +685,7 @@
byte class, unitptr e, unitptr d, unitptr p, unitptr q, unitptr u,
unitptr n)
{
- - byte inbuf[MAX_BYTE_PRECISION], outbuf[MAX_BYTE_PRECISION];
+ byte inbuf[MAX_BYTE_PRECISION], outbuf[MAX_BYTE_PRECISION+2];
int i, j, certificate_length, blocksize,bytecount;
word16 ske_length;
word32 tstamp; byte *timestamp = (byte *) &tstamp;
<===== end patch (cut here)
The initial release of PGP 2.6.2i contained a bug related to
clearsigned messages; signed messages containing international
characters would always fail. For that reason, it was immediately
pulled from distribution and re-released later, minus the bug. If you
have problems with 2.6.2i, make sure you downloaded your copy after 7
May 1995.