Page MenuHome GnuPG

pubring.gpg corruption on invalid public key
Closed, ResolvedPublic

Description

While running some tests on an unrelated project, I noticed that gpg 1.4.11
appears to corrupt its pubring.gpg database when presented with certain invalid
public keys.

I've attached the offending public key as well as the pubring.gpg file. The log
follows.

$ mkdir /tmp/gpg-box; chmod go-rx /tmp/gpg-box
$ gpg --homedir=/tmp/gpg-box --list-keys
gpg: keyring `/tmp/gpg-box/pubring.gpg' created
gpg: /tmp/gpg-box/trustdb.gpg: trustdb created
$ gpg --homedir=/tmp/gpg-box --import raw/fuzz-1617.pkr
gpg: keyring `/tmp/gpg-box/secring.gpg' created
gpg: packet(1) too short
gpg: keyring_get_keyblock: read error: invalid packet
gpg: keydb_get_keyblock failed: invalid keyring
gpg: keydb_search failed: invalid keyring
gpg: key FC21FDDE: public key "[User ID not found]" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
$ gpg --homedir=/tmp/gpg-box --list-key
gpg: packet(1) too short
gpg: keyring_get_keyblock: read error: invalid packet
gpg: keydb_get_keyblock failed: invalid keyring
$ gpg --homedir=/tmp/gpg-box --delete-key FC21FDDE
gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: packet(1) too short
gpg: keyring_get_keyblock: read error: invalid packet
gpg: error reading keyblock: invalid keyring
gpg: FC21FDDE: delete key failed: invalid keyring
$

Details

Due Date
Dec 17 2012, 1:00 AM
Version
1.4.11

Event Timeline

kbs added projects: gnupg, Bug Report.
kbs added a subscriber: kbs.

werner set Due Date to Dec 17 2012, 1:00 AM.Dec 15 2012, 9:57 AM

Fixed with commit f795a0d for 1.4. Will fix it for the other branches later the
day.

werner claimed this task.

Fixed also for 2.0 and master.