Page MenuHome GnuPG
Create Task
Maniphest T947

GnuPG doesn't detect timestamp overflow
Closed, ResolvedPublic
Actions

Description

If an expiration date is specified beyond the range supported by the 32-bit
unsigned int specified in RFC 4880 section 3.5, GnuPG doesn't seem to detect the
overflow. For example:

0 rex:~$ gpg --gen-key
gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:

(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)

Your selection?
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.

   0 = key does not expire
<n>  = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years

Key is valid for? (0) 100y
Key expires at Wed 07 Jun 1972 02:21:32 PM UTC
Is this correct? (y/N)
gpg: Interrupt caught ... exiting

130 rex:~$

This happens on both 32- and 64-bit systems. On a 64-bit system, it should be
easier to detect overflows that fit into the 64-bit range at least.

Details

Version
1.4.9, 2.0.9

Event Timeline

dkg added projects: gnupg, Bug Report.Aug 7 2008, 11:08 PM
dkg set Version to 1.4.9, 2.0.9.
dkg added a subscriber: dkg.
dkg added a comment.Aug 8 2008, 12:39 AM

Interestingly, batch mode appears to detect the overflow. In that case,
overflows are silently rewritten to the creation timestamp plus one second:

0 wt215@squeak:~$ echo -e 'Key-Type: RSA\nKey-Length:1024\nName-Real: Foo T.
Bar\nExpire-Date:100y' | gpg --batch --gen-key
.+++++
.......+++++
gpg: key F65B6589 marked as ultimately trusted
0 wt215@squeak:~$ gpg --list-secret-keys --with-colons --fixed-list-mode
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
sec::1024:1:4D637C93F65B6589:1218148680:1218148681:::::::::
uid:::::::807F3C007DF72CB80DAA24751A6F078D93B1E054::Foo T. Bar:
0 wt215@squeak:~$

werner added a project: Restricted Project.Aug 11 2008, 9:45 AM
werner added a subscriber: werner.

Fixed in SVN for both versions (rev 4812). The batch generation will not be
fixed but I have documented that pitfall in doc/DETAILS.

werner closed this task as Resolved.Sep 30 2008, 8:34 PM
werner claimed this task.
werner removed a project: Restricted Project.