gpg is not properly handling IPGP entries
Open, NormalPublic
Actions

Assigned To

Authored By

	wteiken
	Sun, Sep 8, 6:50 AM

Description

When reading IPGP entries the processing fails with "public key not found".

Based on my debugging the issue is that gpg_dirmngr_dns_cert always returns an r_key stream, which causes the caller to assume a key was returned (i.e., that a PGP entry was found), but that it has no valid key.

I added a patch that seems to fix this for me, though not sure it's the right use of the estream.

x1.patch386 BDownload

Details

Version: 2.4.5, but AFAICT also 2.6.x

Revisions and Commits

rG GnuPG
	rG7e321c2c2a15 gpg: Fix getting key by IPGP.

Related Objects

Mentioned In: T7191: Release GnuPG 2.5.1

Event Timeline

wteiken created this task.Sun, Sep 8, 6:50 AM

wteiken updated the task description. (Show Details)

• werner added projects: gnupg, dirmngr, dns.Sun, Sep 8, 9:48 AM

Thank you for the bug report and your patch.

I read RFC 4398 and IIUC, it is indirect key reference by fpr or url, with no key data, and the return line by dirmngr is nothing but status lines for fpr and/or url (only).

I'm afraid accessing internal field of estream is ok or not. If it's not OK, something like following would be equivalent:

diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c
index ed2cf9dc2..02edfefea 100644
--- a/g10/call-dirmngr.c
+++ b/g10/call-dirmngr.c
@@ -1198,7 +1198,7 @@ gpg_dirmngr_dns_cert (ctrl_t ctrl, const char *name, const char *certtype,
   if (err)
     goto leave;
 
-  if (r_key)
+  if (es_ftell (parm.memfp) != 0 && r_key)
     {
       es_rewind (parm.memfp);
       *r_key = parm.memfp;

• gniibe claimed this task.Wed, Sep 11, 6:45 AM

• gniibe triaged this task as Normal priority.

• gniibe added a commit: rG7e321c2c2a15: gpg: Fix getting key by IPGP..Wed, Sep 11, 6:56 AM

• werner mentioned this in T7191: Release GnuPG 2.5.1.Thu, Sep 12, 12:22 PM