Page MenuHome GnuPG

gpg fails to parse sensitive revokers from param files
Closed, ResolvedPublic

Description

gpg --batch --gen-key params outputs

[...]
/home/tobias/params:11: invalid revocation key
[...]

This is caused by the for loop iterating over the fingerprint trying to parse a space character as a hex byte. The for loop only terminates after 32 bytes or when the line ends, which doesn't happen yet for a 20 byte fingerprint with sensitive.

Can be fixed by additionally checking for a space:

diff --git a/g10/keygen.c b/g10/keygen.c
index 2f8528278..b1b69dae6 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -4079,7 +4079,7 @@ parse_revocation_key (const char *fname,
 
   pn++;
 
-  for(i=0;i<MAX_FINGERPRINT_LEN && *pn;i++,pn+=2)
+  for(i=0;i<MAX_FINGERPRINT_LEN && *pn && *pn != ' ';i++,pn+=2)
     {
       int c=hextobyte(pn);
       if(c==-1)

(params file:)

%ask-passphrase
Key-Type:EdDSA
Key-Curve:ed25519
Key-Usage:sign cert
Subkey-Type:ECDH
Subkey-Usage:encrypt
Subkey-Curve:cv25519
Expire-Date:2027-01-08
Name-Real:asdf
Name-Email:asfaf@sdasdf
Revoker:19:86D167297BF7623E5DF4FA5225B1CC51C69D4238 sensitive