Page MenuHome GnuPG

gpg: No error status when encrypting to full disk
Open, HighPublic

Description

To reproduce I have a native disk, which I filled up until only little space was left. Then I tried encrypting a file. Kleopatra shows the system error without error code from T6526

Gpgtar probably does the same, but I left it out of testing to have the most simple version to reproduce this:

Command line:

F:\>gpg --status-fd 1 --verbose --debug io -o battlepresets.gpg -er largefile "ldata-test\Empire Total War\data\battlepresets.pack"
gpg: reading options from 'C:/Users/Andre Heinecke/AppData/Roaming/gnupg/gpg.conf'
gpg: reading options from '[cmdline]'
gpg: unknown debug flag 'io' ignored
gpg: enabled debug flags: memstat
gpg: enabled compatibility flags:
[GNUPG:] KEY_CONSIDERED E2AFED40E9EB19AA85DD35E90DAC780060A465D3 0
gpg: using pgp trust model
gpg: key 0D2BCA3D499F0E37: accepted as trusted key
gpg: key 49C3A4D4848D585F: accepted as trusted key
gpg: key F7E017CAED158080: accepted as trusted key
gpg: key 06673A58E125DFCE: accepted as trusted key
gpg: key 41FAC215ADE1CB46: accepted as trusted key
gpg: key EE77B3D57243F72E: accepted as trusted key
gpg: key 298B0D99CB96F5BC: accepted as trusted key
gpg: key 4BAA787CA5E951D6: accepted as trusted key
gpg: key D78D8BB4CA553DA3: accepted as trusted key
gpg: key E27313528F72EFBA: accepted as trusted key
gpg: key 0DAC780060A465D3: accepted as trusted key
gpg: using subkey C2CF90025CE3C419 instead of primary key 0DAC780060A465D3
[GNUPG:] KEY_CONSIDERED E2AFED40E9EB19AA85DD35E90DAC780060A465D3 0
gpg: This key belongs to us
gpg: reading from 'ldata-test\\Empire Total War\\data\\battlepresets.pack'
File 'battlepresets.gpg' exists. Overwrite? (y/N) y
gpg: writing to 'battlepresets.gpg'
gpg: ECDH/AES256.OCB encrypted for: "C2CF90025CE3C419 largefile-test <gogol@da.da>"
[GNUPG:] BEGIN_ENCRYPTION 0 9 2
gpg: battlepresets.gpg: write error: ec=112
gpg: do_plaintext(): wrote 1428226048 bytes but expected 1536763945 bytes
gpg: battlepresets.gpg: write error: ec=112
gpg: IOBUFCTRL_FREE failed on close: Success
[GNUPG:] END_ENCRYPTION
gpg: keydb: handles=2 locks=0 parse=2 get=2
gpg:        build=0 update=0 insert=0 delete=0
gpg:        reset=0 found=2 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=4 cached=0 good=0 bad=0
gpg: objcache: keys=2/2/0 chains=381,1..1 buckets=383/20 attic=254
gpg: objcache: uids=1/1/0 chains=106,1..1 buckets=107/20
gpg: random usage: poolsize=600 mixed=286 polls=0/6 added=164/167602
              outmix=4 getlvl1=3/79 getlvl2=0/0
gpg: rndjent stat: collector=0x02a70d30 calls=4 bytes=128
gpg: secmem usage: 1568/32768 bytes in 3 blocks

Event Timeline

aheinecke renamed this task from gpg: No error status when disk full to gpg: No error status when encrypting to full disk.Jun 9 2023, 2:25 PM
aheinecke triaged this task as High priority.
aheinecke created this task.

Seems to be gnupg 2.4. ec 112 is ERROR_DISK_FULL.

werner added projects: gnupg24, gnupg22, Restricted Project.

Actually two bugs. Easy to test on Unix with a small (e.g. 10MiB partition).

  1. The error is actually emitted using log_error and thus gpg will return with failure. However a STATUS is not returned except for the END_ENCRYPTION. We should see a STATUS_ERROR here too.
  1. The code in do_plaintext assumes that iobuf_copy returns (size_t)(-1) on error which it never does for write error. However the iobuf_error() returns the error code but it is only queried if iobuf_copy returns an error due to a read failure.

re 1: We should catch such missing status errors by emitting a STATUS_FAILURE but we don't do that in fear of breaking existing applications.

re 2: We need to properly return the error to the caller

With my fixes I now get this:

$ gpg -z0 --status-fd 2 --chunk-size 6 -v -er toweltest --no-encrypt-to --always-trust --yes -o smalldisk/towelrack.gpg <towelrack.txt
[...]
gpg: reading from '[stdin]'
gpg: writing to 'smalldisk/towelrack.gpg'
gpg: ECDH/AES256.OCB encrypted for: "339BB4386319B338 toweltest@example.net"
[GNUPG:] BEGIN_ENCRYPTION 0 9 2
gpg: smalldisk/towelrack.gpg: write error: No space left on device
gpg: build_packet failed: No space left on device
[GNUPG:] FAILURE encrypt 32859
gpg: [stdin]: encryption failed: No space left on device

$ gpg -z0 --status-fd 2 --chunk-size 6 -v -er toweltest --no-encrypt-to --always-trust --yes -o smalldisk/towelrack.gpg towelrack.txt
[...]
gpg: reading from 'towelrack.txt'
gpg: writing to 'smalldisk/towelrack.gpg'
gpg: ECDH/AES256.OCB encrypted for: "339BB4386319B338 toweltest@example.net"
[GNUPG:] BEGIN_ENCRYPTION 0 9 2
gpg: smalldisk/towelrack.gpg: write error: No space left on device
gpg: do_plaintext(): wrote 7536640 bytes but expected 13071240 bytes
gpg: build_packet failed: No space left on device
[GNUPG:] FAILURE encrypt 32859
gpg: towelrack.txt: encryption failed: No space left on device

Note that gpg has now also removed the partly written towelrack.gpg file. Needs to be tested on Windows but this is a generic error.

I get a failure status, but a different one.
Seems to be an other issue? But wasn't (ec=112) disk full?
And the disk of the Windows VM must have been running full with that file, before the start there were ~2,6 GB free:

C:\Users\g10code.WIN-TEST3\Documents>gpg -v --status-fd 2 -o GB_33.gpg -er Ted 3G.txt
[...]
gpg: Lesen von '3G.txt'
gpg: Schreiben nach 'GB_33.gpg'
gpg: Hinweis: Schlüssel CD573B2B0736643A besitzt nicht die AEAD Eigenschaft
gpg: RSA/AES256.CFB verschlüsselt für: "CD573B2B0736643A Ted Tester <Ted.Tester@demo.gnupg.com>"
[GNUPG:] BEGIN_ENCRYPTION 2 9
gpg: GB_33.gpg: write error: Unknown error (ec=112)
gpg: DBG: deflate: iobuf_write failed
gpg: do_plaintext(): wrote 2853896192 bytes but expected 3221225472 bytes
gpg: build_packet failed: No such file or directory
gpg: GB_33.gpg: write error: Unknown error (ec=112)
gpg: DBG: deflate: iobuf_write failed
[GNUPG:] FAILURE encrypt 32849
gpg: 3G.txt: encryption failed: No such file or directory
gpg: DBG: chan_0x00000178 -> BYE
gpg: secmem usage: 1568/32768 bytes in 3 blocks
ebo moved this task from QA to WiP on the gnupg24 board.Jul 4 2023, 8:27 AM

No. Missing mapping in iobuf.

with the new gpg.exe you gave me for testing it looks good now:

C:\Users\g10code.WIN-TEST3\Documents>gpg -v --status-fd 2 -o GB_33.txt.gpg -er Ted 3G.txt
[...]
[GNUPG:] BEGIN_ENCRYPTION 2 9
gpg: GB_33.txt.gpg: write error: No space left on device (ec=28)
gpg: DBG: deflate: iobuf_write failed
gpg: do_plaintext(): wrote 2776104960 bytes but expected 3221225472 bytes
gpg: build_packet failed: No space left on device
gpg: GB_33.txt.gpg: write error: No space left on device (ec=28)
gpg: DBG: deflate: iobuf_write failed
[GNUPG:] FAILURE encrypt 32859
gpg: 3G.txt: encryption failed: No space left on device
werner edited projects, added gnupg24 (gnupg-2.4.3); removed gnupg24.
werner changed the task status from Open to Testing.Jul 5 2023, 11:56 AM
werner moved this task from WiP to QA on the gnupg22 board.
ebo changed the task status from Testing to Open.Thu, Sep 21, 4:17 PM
ebo moved this task from QA to WiP on the gnupg22 board.

Does not work yet on VS-Desktop-3.2.0.0-beta214:

C:\Users\g10code.WIN-TEST3\Documents>gpg --status-fd 2 --verbose -o 5G.txt.gpg -er Ted 5G.txt
[...]
[GNUPG:] BEGIN_ENCRYPTION 2 9
gpg: 5G.txt.gpg: write error: Unknown error (ec=112)
gpg: build_packet failed: Systemfehler ohne gesetzten Systemfehlercode
[GNUPG:] FAILURE encrypt 16381
gpg: 5G.txt: encryption failed: Systemfehler ohne gesetzten Systemfehlercode