While running some tests on an unrelated project, I noticed that gpg 1.4.11
appears to corrupt its pubring.gpg database when presented with certain invalid
public keys.
I've attached the offending public key as well as the pubring.gpg file. The log
follows.
$ mkdir /tmp/gpg-box; chmod go-rx /tmp/gpg-box
$ gpg --homedir=/tmp/gpg-box --list-keys
gpg: keyring `/tmp/gpg-box/pubring.gpg' created
gpg: /tmp/gpg-box/trustdb.gpg: trustdb created
$ gpg --homedir=/tmp/gpg-box --import raw/fuzz-1617.pkr
gpg: keyring `/tmp/gpg-box/secring.gpg' created
gpg: packet(1) too short
gpg: keyring_get_keyblock: read error: invalid packet
gpg: keydb_get_keyblock failed: invalid keyring
gpg: keydb_search failed: invalid keyring
gpg: key FC21FDDE: public key "[User ID not found]" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
$ gpg --homedir=/tmp/gpg-box --list-key
gpg: packet(1) too short
gpg: keyring_get_keyblock: read error: invalid packet
gpg: keydb_get_keyblock failed: invalid keyring
$ gpg --homedir=/tmp/gpg-box --delete-key FC21FDDE
gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: packet(1) too short
gpg: keyring_get_keyblock: read error: invalid packet
gpg: error reading keyblock: invalid keyring
gpg: FC21FDDE: delete key failed: invalid keyring
$