Which version of GnUPG are you using?
Which operating system?
Can you please provide the commands you used?

I can't decide right now whether this might be a bug; You may also want to ask
on gnupg-users for help.

Which version of GnuPG are you using?

Sorry for the delay. Here is the complete log:

• SNIP ---

languitar@bird ~> gpg --card-edit

Reader ...........: REINER SCT cyberJack RFID standard (XXXXX) 00 00
Application ID ...: XXXXXX
Version ..........: 2.0
Manufacturer .....: Yubico
Serial number ....: XXXXXX
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 0 3 3
Signature counter : 3
Signature key ....: Some Stuff

created ....: Some Stuff

Encryption key....: Some Stuff

created ....: Some Stuff

Authentication key: Some Stuff

created ....: Some Stuff

General key info..: pub rsa2048/0xXXXXXXXXXXXXX somedate somename
<somemail@example.org>
sec> rsa2048/0xXXXXXXXXXXXXXXXX created: somedate expires: never

card-no: 0006 XXXXXX

ssb> rsa2048/0xXXXXXXXXXXXXXXXX created: somedate expires: never

card-no: 0006 XXXXXX

ssb> rsa2048/0xXXXXXXXXXXXXXXXX created: somedate expires: never

                                  card-no: 0006 XXXXXX

gpg/card> admin
Admin commands are allowed

gpg/card> unblock

[GUI asks for admin PIN and new PIN, which I entered]

gpg: OpenPGP card no. XXXXXX detected
Error changing the PIN: Conditions of use not satisfied

gpg/card> passwd
gpg: OpenPGP card no. XXXXXX detected

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Your selection? 2
Error unblocking the PIN: Conditions of use not satisfied

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Your selection? q

gpg/card> q
languitar@bird ~> gpg --version
gpg (GnuPG) 2.1.12
libgcrypt 1.7.0
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later https://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,

CAMELLIA128, CAMELLIA192, CAMELLIA256

Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
languitar@bird ~> uname -a
Linux bird 4.5.4-1-ARCH #1 SMP PREEMPT Wed May 11 22:21:28 CEST 2016 x86_64 GNU/Linux

• SNIP ---

Same thing works without problems using an older version of GPG on my mac.

Anything else I can do to help?

We had the same effect here and it was caused by a V3 public key in the
keyring.
This key does not show up while listing the public keys with GnuPG 2.1.12. We
could only identify and remove it by accessing the keyring with a GnuPG 1.4.x
installation.
It should be considered to either

• display the key also during the list-keys command (to help the user to track

down the problem)
or

• ignore it silently while building the trust db.

PS: forget the --homedir thing, it is even reprodicable in the default folder in
%appdata%.

Sorry, forgot my import cmdline:

C:\Program Files (x86)\GNU\GnuPG\2.1.12\bin>gpg --batch --homedir
%tmp%\_tempKeyring --import "P:\2EEC2B65A2B4B3EF.sec.asc"
gpg: Die "Keybox" `C:/Users/ranftd/AppData/Local/Temp/_tempKeyring/pubring.kbx'
wurde erstellt
gpg: C:/Users/ranftd/AppData/Local/Temp/_tempKeyring/trustdb.gpg: trust-db erzeugt
gpg: Schlüssel A2B4B3EF: Öffentlicher Schlüssel "Daniel Ranft (Giegerich &
Partner GmbH)" importiert
gpg: Schlüssel A2B4B3EF: "Daniel Ranft (Giegerich & Partner GmbH)" nicht geändert
gpg: Schlüssel A2B4B3EF: geheimer Schlüssel importiert
gpg: Anzahl insgesamt bearbeiteter Schlüssel: 4
gpg: importiert: 1
gpg: unverändert: 1
gpg: gelesene geheime Schlüssel: 3
gpg: unveränderte geh. Schl.: 2
gpg: keine ultimativ vertrauenswürdigen Schlüssel gefunden

Please ask on the gnupg-users mailibng list for help.

Hmm, it is not about the maintainer mode...

commit 2a9fc56 fixes the access to uninitialized buffers. Given that GnuPG puts
all senstive data into a special memory area which is cleared before a free, I
don't see a problem with a possible data leak.

What is left is the problem that the parser does not always detect invalid
encodings. This can be improved but I am not anymore convinced about that table
driven parser.

Fixed in 83a90a916e8e2f8e44c3b11d11e1dd75f65a87fb (master).

This patch seems to solve the segfault for me, thanks!

Thank you for the report and your cooperation.
At least, this fix is needed.

D367: 835_sig-check-correction.diff

Include trace.log

Thanks. I would actually prefer to handle this by mail because this makes
communication easier and faster. It would also be useful to known on what you
are working or plan to work on, so that we do not need to rush out releases
while there are other obvious things to fix.

Now I regret reporting so many different problems as a single ticket. Note that if possible
information leaks are the only thing we are concerned with, all the issues in this ticket can be
solved by systematically initializing dynamically allocated memory, so they have that in common.

This won't solve the problems that several inconsistent .crt files are in fact accepted as valid,
showing contents of the freshly initialized allocated memory in place of information that should have
come from the .crt file. I would much prefer fixing these logic errors individually so that use of
uninitialized memory can remain a useful symptom of other logic errors, but ultimately, this is your
choice to make.

Here is a fourth instance of use of uninitialized memory (uninitialized4.crt).

The tis-interpreter diagnostic is:

Certificate in `t.crt':

  serial....:

02

3A

83

  issuer....:

`CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US'

  subject...:

`CN=Google Internet Authority G2,O=Google Inc,C=US'

  notBefore.:

2013-04-05 15:15:56

  notAfter..:

2016-12-31 23:59:59

  hash algo.: (null)

Extn: 2.5.29.35 at 517 with length 24

SubjectKeyIdentifier:

none
src/ber-help.c:213:[kernel] warning: accessing uninitialized left-value:

assert \initialized(buf);                  
stack: _ksba_ber_parse_tl :: src/cert.c:1836 <-
       _ksba_cert_get_auth_key_id :: src/visibility.c:280 <-
       ksba_cert_get_auth_key_id :: tests/cert-basic.c:190 <-
       list_extensions :: tests/cert-basic.c:546 <-
       one_file :: tests/cert-basic.c:593 <-
       main

src/ber-help.c:213:[kernel] warning: completely indeterminate value in mallocksba_malloc_l130_935 with offsets 4152 bits.

In order to make the use of uninitialized memory visible, apply the following patch:

~/instrumented/libksba-1.3.4$ diff -u src/ber-
ber-decoder.c ber-decoder.lo ber-dump ber-help.c ber-help.h ber-help.o
ber-decoder.h ber-decoder.o ber-dump.c ber-help.c~ ber-help.lo
pascal@TrustInSoft-Box-VII:~/instrumented/libksba-1.3.4$ diff -u src/ber-help.c{~,}

• src/ber-help.c~ 2016-05-03 18:12:09.000000000 +0200

+++ src/ber-help.c 2016-05-11 03:04:34.361037076 +0200
@@ -210,7 +210,7 @@

/* Get the tag */
if (!length)
  return premature_eof (ti);

• c = *buf++; length--;

+ c = *buf++; printf("|%02hhX|\n", c); length--;

   ti->buf[ti->nhdr++] = c;
   ti->class = (c & 0xc0) >> 6;

With the above instrumentation in place, the command "./tests/cert-basic uninitialized4.crt" shows:

Certificate in `uninitialized4.crt':

serial....: (#023A83#)
issuer....: `CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US'
subject...: `CN=Google Internet Authority G2,O=Google Inc,C=US'
notBefore.: 2013-04-05 15:15:56
notAfter..: 2016-12-31 23:59:59
hash algo.: (null)

Extn: 2.5.29.35 at 517 with length 24
SubjectKeyIdentifier: none

cert-basic.c:219: ksba_cert_get_auth_key_id: Invalid certificate object
KeyUsage: Not specified
ExtKeyUsages: none
CertificatePolicies: none
cert-basic.c:557: expected EOF but got: BER error

The line |3E| indicates access to uninitialized memory.

Here is a third instance, much like the second one. As the read from uninitialized memory happens in append_ucs2_value(),
the uninitialized memory is harder to recognize in the output.

tis-interpreter information:

Certificate in `t.crt':

  serial....:

02

3A

83
src/dn.c:522:[kernel] warning: accessing uninitialized left-value:

assert \initialized(tmp_1);
(tmp_1 from s++)
stack: append_ucs2_value :: src/dn.c:619 <-
       append_atv :: src/dn.c:667 <-
       dn_to_str :: src/dn.c:692 <-
       _ksba_dn_to_str :: src/cert.c:609 <-
       get_name :: src/cert.c:744 <-
       _ksba_cert_get_issuer :: src/visibility.c:190 <-
       ksba_cert_get_issuer :: tests/cert-basic.c:424 <-
       one_file :: tests/cert-basic.c:593 <-
       main

src/dn.c:522:[kernel] warning: completely indeterminate value in mallocksba_malloc_l130_935 with offset 1384 bits.

re: T2324 (justus on Apr 18 2016, 05:22 PM / Roundup)

2. gpg --export-secret-key should export unprotected keys that are stored w/o a passphrase"

That would violate the policy we implement in gpg-agent. The
gpg-agent is responsible for private keys and a client may not use a
private key without the agent's consent. If we would allow that by
default there won't be any protection at all and keys can be easily
exported and used. A required confirmation via the Pinentry would
solve the practical problem. However, there is the question what to
do on unattended systems - the only way it can be done right now is
configuring gpg-agent to use a custom pinentry, or by extending the
loopback mode.

Thanks. Fixed in the repo.

I see. I just pushed two fixes.

Thanks. Fix released with 2.0.30 and 2.1.12.
We can close this bug after the release of 1.4.21

Fixed in all branches.

Master 2.1: d9f9b3be036747c9f55060aed47896f951bfb853
1.4: d957e4388f72581b1ec801613b5629b5ea3f586d
2.0: eb7806d63df63663170ba86f0673caa34b944c28

For some reason, the commit messages of 1.4 and 2.0 refers
master commit of 2f3e42047d17313eeb38d354048f343158402a8d.
Perhaps, I did in my repo and it was 2f3e420 and apply it to 1.4 and 2.0.
Then, I pushed 1.4, 2.0, and 2.1. and 2.1 was failed because of
non-fast-forward. Then I rebased for 2.1.

Patch applied in dc417bf0c555a7416d0aedde6645fd1087660f92 (Dec 15, 2015)

iirc, we removed the patch from 2.1 due to some problems. We plan to work on it
in 2.3.

Neal, what is the status of this bug?

We still need to check whether has been fixed for 1.4 and 2.0.

Duplicate of T2348

For which branches has this been fixed?
Do we have releases for all of them?

2.1.12 does a verbose check and fix during --edit-key. We will eventually call
that reorder function during import. But let's wait for bug reports with the
--edit-key triggered code.

Fixed in 2.1.12

closing due to the release of 2.1.12.

Fixed in 2.1.12

Given that a released version of libgpg-error does now exist, the problem should
be solved even for further versions taken from the repo.