Page MenuHome GnuPG
Create Task
Maniphest T2874

sefgfault with gpgsm --sign
Closed, ResolvedPublic
Actions

Description

Dear Maintainers,

(This bug was also opened in the Debian bugtracking system as #847982, see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847982)

When using 'gpgsm --sign' I always get segfaults at the point where pinentry
is called. Apparently, gpgsm crashes right after calling pinentry, because the
pinentry window comes up when DISPLAY is set. When unsetting DISPLAY gpgsm
still crashes.

I run gpgsm on the command line like this:

        gpgsm -v -a --default-key 0xE514473D --sign sss.txt

With strace I get the following (this is the end of the strace log)

-------------------------------------------------------

read(3, "Xsession: X session started for "..., 8192) = 8192
write(1, "-----BEGIN SIGNED MESSAGE-----\nM"..., 8192) = 8192
read(3, "mashell.desktop\"\nksmserver: Star"..., 8192) = 8192
write(1, "YXVuY2hlci4Ka2RlaW5pdDU6IEdv\ndCB"..., 8192) = 8192
read(3, "d NetworkManager::DevicePrivate:"..., 8192) = 6815
write(1, "N0IG9uZSBzY3JlZW4gZW5hYmxl\nZCwgV"..., 8192) = 8192
read(3, "", 8192) = 0
read(3, "", 8192) = 0
write(1, "b3BlcnR5ICJMbGRwTmVpZ2hi\nb3JzIgp"..., 8192) = 8192
write(2, "gpgsm: DBG: ", 12) = 12
write(2, "chan_4 -> RESET\n", 16) = 16
write(4, "RESET", 5) = 5
write(4, "\n", 1) = 1
read(4, "OK\n", 1002) = 3
write(2, "gpgsm: DBG: ", 12) = 12
write(2, "chan_4 <- OK\n", 13) = 13
write(2, "gpgsm: DBG: ", 12) = 12
write(2, "chan_4 -> SIGKEY 93CE69599AA7B13"..., 58) = 58
write(4, "SIGKEY 93CE69599AA7B13D1BB3E01DF"..., 47) = 47
write(4, "\n", 1) = 1
read(4, "OK\n", 1002) = 3
write(2, "gpgsm: DBG: ", 12) = 12
write(2, "chan_4 <- OK\n", 13) = 13
write(2, "gpgsm: DBG: ", 12) = 12
write(2, "chan_4 -> SETKEYDESC Please+ente"..., 258) = 258
write(4, "SETKEYDESC Please+enter+the+pass"..., 247) = 247
write(4, "\n", 1) = 1
read(4, "OK\n", 1002) = 3
write(2, "gpgsm: DBG: ", 12) = 12
write(2, "chan_4 <- OK\n", 13) = 13
write(2, "gpgsm: DBG: ", 12) = 12
write(2, "chan_4 -> SETHASH 8 1B8644822812"..., 85) = 85
write(4, "SETHASH 8 1B8644822812C3871EBB82"..., 74) = 74
write(4, "\n", 1) = 1
read(4, "OK\n", 1002) = 3
write(2, "gpgsm: DBG: ", 12) = 12
write(2, "chan_4 <- OK\n", 13) = 13
write(2, "gpgsm: DBG: ", 12) = 12
write(2, "chan_4 -> PKSIGN\n", 17) = 17
write(4, "PKSIGN", 6) = 6
write(4, "\n", 1) = 1
read(4, "INQUIRE PINENTRY_LAUNCHED 1891 q"..., 1002) = 40
write(2, "gpgsm: DBG: ", 12) = 12
write(2, "chan_4 <- INQUIRE PINENTRY_LAUNC"..., 50) = 50

  • SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x11} ---

munmap(0x7f604ebfb000, 16384) = 0
write(2, "\n", 1) = 1
write(2, "gpgsm", 5) = 5
write(2, ": signal ", 9) = 9
write(2, "Segmentation fault", 18) = 18
write(2, " caught ... exiting\n", 20) = 20
rt_sigaction(SIGSEGV, {SIG_DFL, [], SA_RESTORER, 0x7f604daba040}, NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [SEGV], 8) = 0
getpid() = 1889
gettid() = 1889
tgkill(1889, 1889, SIGSEGV) = 0
rt_sigprocmask(SIG_SETMASK, [SEGV], NULL, 8) = 0
rt_sigreturn({mask=[]}) = 94557693787450

  • SIGSEGV {si_signo=SIGSEGV, si_code=SI_TKILL, si_pid=1889, si_uid=1000} ---

+++ killed by SIGSEGV +++

With gdb I get the following backtrace:

-------------------------------------------------------

Program received signal SIGSEGV, Segmentation fault.
0x00005555555677d5 in ?? ()
(gdb) bt
#0 0x00005555555677d5 in ?? ()
#1 0x0000555555567edc in ?? ()
#2 0x00007ffff747165b in assuan_transact () from /lib/x86_64-linux-
gnu/libassuan.so.0
#3 0x00005555555685b6 in ?? ()
#4 0x0000555555570192 in ?? ()
#5 0x000055555557976b in ?? ()
#6 0x0000555555562328 in ?? ()
#7 0x00007ffff6ea12b1 in __libc_start_main (main=0x55555555fa80, argc=7,
argv=0x7fffffffe008, init=<optimized out>,

fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffdff8)

at ../csu/libc-start.c:291

#8 0x00005555555624ba in ?? ()

... the gpgsm-dbgsym package seems unavailable for amd64.

I'm using my .gnupg/ subdir with my DFN/PKI X.509 keys that have been working
fine before under Ubuntu and some time ago under Debian.

When creating a new login with a fresh home dir but the same .gnupg subdir
it also segfaults. When removing the .gnupg subdir and importing my keys anew
then it also segfaults.

Other subcommands like 'gpgsm --dump-secret-keys' or 'gpgsm -k' work fine,
though.

I also tried the unstable packages for gpgsm and gnupg-agent. It still
segfaults.

Do you have any hint how to find out the source of the problem? I couldn't find
something in the debian bugtracker or upstream.

  • System Information:

Debian Release: stretch/sid

APT prefers testing
APT policy: (500, 'testing')

Architecture: amd64 (x86_64)

Kernel: Linux 4.8.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gpgsm depends on:
ii gnupg-agent 2.1.16-2
ii libassuan0 2.4.3-2
ii libc6 2.24-7
ii libgcrypt20 1.7.3-2
ii libgpg-error0 1.25-1
ii libksba8 1.3.5-2
ii libreadline7 7.0-1

Versions of packages gpgsm recommends:
ii dirmngr 2.1.16-2

gpgsm suggests no packages.

  • no debconf information

Update 1

There is one addition. In the end, removing the .gnupg/ subdir and importing
all keys anew did solve the problem. But only after logging in the next time
with the test login. The same procedure solved it for my regular login.

I guess this still makes it a bug because there should be an error message
instead of a segfault. But it is a less severe bug now.

Update 2

I have another update: the segfaults in gpgsm are back almost the same way as
before.

After I moved the old ./gnupg subdir out of the way, created a new one, and
imported my keys it worked for a day or two.

Now I see the same segfaults. In the meantime a lot of X.509 public keys from
others have been imported.

There is one difference, though. After gpgsm segfaulted the pinentry window is
still open. When I enter my passphrase anyway it seems to be cached (for 10
minutes or so). If I start the same gpgsm command again right away, then it
somehow uses the cached passphrase, is not opening pinentry again, and it is
working fine. No segfault now! I guess, this is important to narrow down the
bug.

Thank you very much for your efforts, Andreas

Details

External Link
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847982
Version
2.1.16-2

Related Objects

Event Timeline

knue set Version to 2.1.16-2.Dec 15 2016, 3:59 PM
knue added projects: Debian, Bug Report.
knue set External Link to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847982.
knue added a subscriber: knue.
aheinecke added a subscriber: aheinecke.Dec 16 2016, 3:15 PM

Thank you for your excellent bug report!

I can reproduce the problem with current git master. Using my regular homedir /
certificates. I was having that for some time now but did not notice as I
thought it was a bug in using old kmail with 2.1 and I rarely use S/MIME. For me
KMail always showed "encryption failed" for S/MIME but the pinentry came up. I
entered my pin and hit sent again and it worked because the agent had cached my
passphrase and pinentry would not come up ;-)

Backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x000000000040fc65 in gpgsm_proxy_pinentry_notify (ctrl=ctrl@entry=0x1,

line=line@entry=0x68f548 "PINENTRY_LAUNCHED 14400 unknown 0.9.8-beta24") at

../../sm/server.c:1492
1492 if (!ctrl || !ctrl->server_local
(gdb) bt
#0 0x000000000040fc65 in gpgsm_proxy_pinentry_notify (ctrl=ctrl@entry=0x1,

line=line@entry=0x68f548 "PINENTRY_LAUNCHED 14400 unknown 0.9.8-beta24") at

../../sm/server.c:1492
#1 0x00000000004102da in default_inq_cb (opaque=0x7fffffffd990, line=0x68f548
"PINENTRY_LAUNCHED 14400 unknown 0.9.8-beta24")

at ../../sm/call-agent.c:197

#2 0x00007ffff747663c in assuan_transact (ctx=0x68f3f0, command=<optimized
out>, data_cb=0x443080 <put_membuf_cb>,

data_cb_arg=0x7fffffffd9a0, inquire_cb=0x4102b0 <default_inq_cb>,

inquire_cb_arg=0x7fffffffd990, status_cb=0x0,

status_cb_arg=0x0) at client.c:291

#3 0x0000000000410882 in gpgsm_agent_pksign (ctrl=0x1, keygrip=0x68bffc "",
desc=0x7fffffffd9f2 "", digest=0x68bffc "",

digestlen=20, digestalgo=2, r_buf=0x7fffffffdec8, r_buflen=0x7fffffffde18)

at ../../sm/call-agent.c:269
#4 0x00000000004179c2 in gpgsm_create_cms_signature (ctrl=0x7fffffffe0a0,
cert=0x6b2e20, md=0x69d650, mdalgo=2,

r_sigval=0x7fffffffdec8) at ../../sm/certcheck.c:430

#5 0x00000000004203e5 in gpgsm_sign (ctrl=0x7fffffffe0a0, signerlist=0x68f548,
data_fd=0, detached=1, detached@entry=0, out_fp=0x0)

at ../../sm/sign.c:707

#6 0x000000000040aa65 in main (argc=1, argv=0x7fffffffe230) at
../../sm/gpgsm.c:1798

I can easily provide more debug output.

justus closed this task as Resolved.Dec 16 2016, 4:05 PM
justus claimed this task.
justus added a subscriber: justus.

Fixed in 3c7d6a1769ed6cc90d86247a814a0dce341512a3.

werner added a project: gnupg.Feb 3 2017, 12:31 PM