Page MenuHome GnuPG

keyring corrupted by key downloaded from keyserver
Closed, ResolvedPublic

Description

Release: 1.2.4

Environment

Linux/x86, Debian 3.0r2 + gnupg 1.2.4-2 backport

Description

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello. I was reading some mailing lists and importing keys as needed from a
keyserver. After importing one of the keys, I was no longer able to
validate any message signatures, run --update-trustdb, or complete a listing
of keys with --list-keys.

Fortunately, I was able to restore the keyring from the "pubring.gpg~"
backup and have that to compare to. I couldn't find any reports of this bug
previously. This "old style partial length" message appears in some bug
reports, but that appears to be due to large files > 4GB. My keyring is
11MB.

I am concerned that someone with malicious intent could sign a message with
a bogus key, causing people to download the key from a keyserver and corrupt
their keyring. This would be a simple but effective DoS attack against gpg
users until they restore their keyring from the ~ backup.

I am posting bzip2'd copies of pubring.gpg.working and pubring.gpg.broken
to my website so you can do a better analysis on them than I have:

http://chris.ruvolo.net/pers/gpg/pubring.gpg.broken.bz2
http://chris.ruvolo.net/pers/gpg/pubring.gpg.working.bz2
 
48cb46bd06dbc1e8e8c1d0f001ddaa09  pubring.gpg.broken.bz2
fe4e219d1c63b05834914bc690e12ad7  pubring.gpg.working.bz2

Thanks for looking at this.

  • -Chris

    > gpg --list-keys --keyring pubring.gpg.broken > /dev/null gpg: [don't know]: old style partial length for invalid packet type gpg: keyring_get_keyblock: read error: invalid packet gpg: keydb_get_keyblock failed: invalid keyring > gpg --update-trustdb --keyring pubring.gpg.broken gpg: [don't know]: old style partial length for invalid packet type gpg: keyring_get_keyblock: read error: invalid packet gpg: keydb_get_keyblock failed: invalid keyring gpg: keydb_search_next failed: invalid keyring gpg: [don't know]: old style partial length for invalid packet type gpg: keyring_get_keyblock: read error: invalid packet gpg: keydb_get_keyblock failed: invalid keyring gpg: validate_key_list failed > gpg --list-packets pubring.gpg.working > packets.working > gpg --list-packets pubring.gpg.broken > packets.broken gpg: [don't know]: old style partial length for invalid packet type > diff -u packets.working packets.broken
  • --- packets.working Fri Feb 13 00:45:58 2004 +++ packets.broken Fri Feb 13 00:48:36 2004 @@ -886283,3 +886283,9 @@ data: [160 bits] data: [159 bits] :trust packet: flag=00 sigcache=03 +:public key packet: + version 4, algo 17, created 1076546293, expires 0 + pkey[0]: [1024 bits] + pkey[1]: [160 bits] + pkey[2]: [1021 bits] + pkey[3]: [1023 bits]

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux)

    iD8DBQFALJbLKO6EG1hc77ERAjNjAJ4pLCGU9avopGuKGRNgmu1bGVhugQCgtdCT OdoGTD3fEcGWwHL3/vgBGZw= =47uq -----END PGP SIGNATURE-----

How To Repeat

Use my pubring.gpg.broken file with the commands in the description.

Fix

Unknown

Event Timeline

dshaw added a subscriber: dshaw.

Fixed for 1.2.5.