Page MenuHome GnuPG
Create Task
Maniphest T1119

Gpgme closes file descriptor twice
Closed, ResolvedPublic
Actions

Description

I have found what appears to be a bug in libgpgme causing problems for the
application I'm developing (Licq).

I'm not sure exactly what happens, but Licq uses libgpgme for encryption/
decrypting messages and in my case I have done something wrong in my setup so
the decryption always fails.
The problem is after failing the decryption of some messages, I initiate a file
transfer in Licq which makes it open some network sockets and the next time
gpgme_op_decrypt() is called, it calls close() on what it thinks is an old pipe
but, since the file descriptor number has been reused, causes the socket to be
closed instead.
The effect is that in this situation, file transfers in Licq fails which is
very annoying.

I'm using gpgme 1.1.8 as shipped with debian/unstable for x86_64. Attached is a
patch which solves the problem by making sure gpg_cancel() clears the fd
variable after closing it so it won't close it again the next time it's called.
I guess the real fault is somewhere else since gpg_cancel() is called twice but
I haven't been able to trace this further and the patch is enough to solve the
problem for me.

Details

Version
1.1.8

Related Objects

Event Timeline

flynd set Version to 1.1.8.Aug 26 2009, 9:26 PM
flynd added projects: patch, Bug Report, gpgme.
flynd added a subscriber: flynd.

D102: 246_gpgme-1.1.8-closefiledescriptor.patch

werner added a subscriber: werner.Aug 28 2009, 9:38 AM

Marcus: I recall that you recently changed something in the cancel code - is
that his problem?

werner assigned this task to marcus.Aug 28 2009, 9:38 AM
werner added a subscriber: marcus.
flynd added a comment.Nov 11 2009, 8:06 PM

Is there any chance of getting this fixed? The problem is very annoying as it
causes the library to disturb the application using it and I can't think of any
simple workaround for it.
The patch is just three lines so it should be easy to include, right?

marcus added a comment.Dec 16 2009, 4:45 PM

I think that this is probably fixed in the gpgme 1.2.0 release. The following
patch by Werner has a similar effect to the patch provided by the submitter:

$ svn diff -r 1372:1373

Index: ChangeLog

  • ChangeLog (revision 1372)

+++ ChangeLog (revision 1373)
@@ -1,5 +1,7 @@
2009-06-09 Werner Koch <wk@g10code.com>

+ * engine-gpg.c (gpg_io_event): Test for cmd.fd.
+

  • version.c (gpgme_check_version_internal): Make result const.
  • gpgme.c: Include priv-io.h.

Index: engine-gpg.c

  • engine-gpg.c (revision 1372)

+++ engine-gpg.c (revision 1373)
@@ -171,6 +171,8 @@

  }
else if (gpg->colon.fd[1] == fd)
  gpg->colon.fd[1] = -1;

+ else if (gpg->cmd.fd == fd)
+ gpg->cmd.fd = -1;

else if (gpg->fd_data_map)
  {
    int i;

flynd, can you please test with gpgme 1.2.0?

flynd added a comment.Dec 16 2009, 10:12 PM

I've tried to reproduce the fault with 1.2.0 but could not so it seems to be
fixed.
Thanks.

flynd closed this task as Resolved.Dec 16 2009, 10:12 PM