Page MenuHome GnuPG
Create Task
Maniphest T5830

SIGBUS with gpgme_op_interact
Closed, ResolvedPublic
Actions

Description

Using GPGme 1.17.0 (compiled from source, git commit 72bb46b34f5191f672a5356e2f152e6ad9440554) with GnuPG 2.2.27 (from Debian 11 package):

I call gpgme_op_interact to change the trust level of a key (trying to implement this Stackoverflow question in C++: https://stackoverflow.com/questions/70645830/changing-key-trust-level-validity-with-gpgme/71085476#71085476) with this trivial callback function:

gpgme_error_t trust_callback(void *opaque, const char *keyword, const char *args, int fd)  {
    /* some debug output to stderr here */
    return 0;
}

The callback function gets called once and receives these parameters:

text
keyword: >KEY_CONSIDERED<
args:    >4BBD09DDD1DEC441820B37CEE05D1580053BE6FF 0<
fd:       -1

After that, a Bus error occurs in GPGme's src/debug.c in line 450:

val = buffer[idx++];

The value of buffer is 0xf8458b48f87d8948.

Even if I am using that callback completely wrong, a bus error seems a bit drastic...

Details

External Link
https://github.com/gpg/gpgme/blob/master/src/debug.c#L450
Version
2.2.27

Related Objects

Event Timeline

ilka created this task.Feb 13 2022, 10:47 PM
ikloecker added a subscriber: ikloecker.Feb 14 2022, 9:13 AM

Since you are using C++, I suggest that you have a look at GpgSetOwnerTrustEditInteractor in the C++ bindings of gpgme. Have a look at QGpgMEChangeOwnerTrustJob in the Qt bindings of gpgme to see how it's used even if you do not want to use Qt.

About the SIGBUS: My guess is that buffer is pointing at an invalid memory location. Did you initialize gpgme before using it?

Have a look at some of the tests, in particular, the run* programs. Base your program on one of those programs. Unfortunately, there doesn't seem to be a test that shows how to use an EditInteractor.

ilka added a comment.Feb 14 2022, 3:55 PM

Found it: I did not initialize gpgme_op_interact's last parameter out with gpgme_data_new. The error is now gone.

It looks to me like this can not be exploited, so I guess the issue can be closed.

ikloecker closed this task as Resolved.Feb 14 2022, 4:25 PM
ikloecker claimed this task.