Page MenuHome GnuPG

with --tofu-default-policy=ask, Assertion "conflict_set" in get_trust failed (../../g10/tofu.c:2787)
Closed, ResolvedPublic

Description

Using the attached example.key, we see a bug when doing --fingerprint with the
tofu database is present and "--tofu-default-policy ask":

export GNUPGHOME=$(mktemp -d)
gpg --import < example.key
gpg --trust-model tofu+pgp --tofu-default-policy ask --fingerprint

results in:

gpg: Ohhhh jeeee: Assertion "conflict_set" in get_trust failed
(../../g10/tofu.c:2787)
Aborted

This is https://bugs.debian.org/854829

Details

External Link
https://bugs.debian.org/854829
Version
2.1.18

Event Timeline

dkg set External Link to https://bugs.debian.org/854829.
dkg set Version to 2.1.18.

I note that even if i drop the "--trust-model tofu+pgp" and subsequently invoke
just "gpg --tofu-default-policy ask --fingerprint" i get the same crash.

however, if i just execute that in a fresh homedir without ever having set
"--trust-model tofu+pgp" i don't get a crash. so there is some sort of state
being set up that is then tickling the assertion later.

werner raised the priority of this task from Normal to Unbreak Now!.Mar 15 2017, 4:37 PM
werner added a subscriber: werner.

Neal, this is still not fixed in 2.1.19.

Thanks for reporting this. I can reproduce it and will hopefully have a good
fix soon.

This should be fixed in b1106b4 . The problem had to do with an incorrect
assumption that a key with policy 'ask' necessarily had at least one conflict.
This assumption may not hold if --tofu-default-policy is set to ask.
Thankfully, the assertion caught this.

neal added a project: Restricted Project.Mar 17 2017, 2:49 PM