Page MenuHome GnuPG

gpgkeys_hkp crashes when the query contains non-ASCII UTF-8 characters
Closed, ResolvedPublic


Release: 1.4.4


i386, Linux, ELF


gpg --keyserver --search-key é (the last character is e acute) crashes.

The curl_escape() function (curl-shim.c:309) is accidentally passing the first byte of é as a signed char into sprintf(), at which point the value is getting sign-extended to a signed integer. When sprintf() interprets the value on the stack as an unsigned integer, the value doesn't fit into the buffer it's been passed.


Cast the value to an unsigned char before passing it to sprintf().

Event Timeline

Fixed, thanks! I also took care of a similar potential
problem in gpgkeys_ldap.c (it wasn't a problem as the
delimiter was 7-bit clean, but best to fix it anyway).