Page MenuHome GnuPG

gpg is not properly handling IPGP entries
Open, NormalPublic

Description

When reading IPGP entries the processing fails with "public key not found".

Based on my debugging the issue is that gpg_dirmngr_dns_cert always returns an r_key stream, which causes the caller to assume a key was returned (i.e., that a PGP entry was found), but that it has no valid key.

I added a patch that seems to fix this for me, though not sure it's the right use of the estream.

Details

Version
2.4.5, but AFAICT also 2.6.x

Revisions and Commits

Related Objects

Event Timeline

wteiken updated the task description. (Show Details)

Thank you for the bug report and your patch.

I read RFC 4398 and IIUC, it is indirect key reference by fpr or url, with no key data, and the return line by dirmngr is nothing but status lines for fpr and/or url (only).

I'm afraid accessing internal field of estream is ok or not. If it's not OK, something like following would be equivalent:

diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c
index ed2cf9dc2..02edfefea 100644
--- a/g10/call-dirmngr.c
+++ b/g10/call-dirmngr.c
@@ -1198,7 +1198,7 @@ gpg_dirmngr_dns_cert (ctrl_t ctrl, const char *name, const char *certtype,
   if (err)
     goto leave;
 
-  if (r_key)
+  if (es_ftell (parm.memfp) != 0 && r_key)
     {
       es_rewind (parm.memfp);
       *r_key = parm.memfp;
gniibe triaged this task as Normal priority.