Page MenuHome GnuPG

Creating an overlong notation hits a fatal error.
Open, WishlistPublic

Description

If I tell gpg to create a notation name that is too long, gpg hits a BUG().

Edit: This can be reproduced as follows:

# create a keypair as usual, details don’t matter
long_str=$(python3 -c '"a" * 100000')
gpg2 --sign -N "a@b.invalid=$long_str" -o /dev/null /dev/null

Details

Version
2.3.4

Event Timeline

DemiMarie created this object in space S1 Public.

Please read at least one article that explains how to write a good bug report. I'm pretty sure that you will find plenty of good articles using your favorite search engine.

One of the most important aspects of a good bug report is an easy to understand description how to reproduce the problem. In the case of gpg this could be a command line that triggers the bug.

werner triaged this task as Wishlist priority.Thu, Jun 16, 6:54 PM
werner edited projects, added gnupg, Bug Report; removed g10.

{please add comments instead of adding the description - a changed description makes it hard to understand follow up comments. I will change the title, though for clarity.]

The length limit of the signature sub packets are not reasy to pre-compute. Better to have a fatal error than a corrupt message. I am not sure whether we want to change this to a regualar error message - at that point we anyway need to stop.

werner renamed this task from Creating an overlong notation crashes gpg to Creating an overlong notation hits a fatal error..Thu, Jun 16, 6:54 PM

{please add comments instead of adding the description - a changed description makes it hard to understand follow up comments. I will change the title, though for clarity.]

Good to know, will do in the future.

The length limit of the signature sub packets are not easy to pre-compute. Better to have a fatal error than a corrupt message. I am not sure whether we want to change this to a regualar error message - at that point we anyway need to stop.

I’m fine with stopping, but a BUG() is a very poor error message, as it does not tell the user what they did wrong and instead implies that the problem is with GnuPG itself.