User Details
- User Since
- Mar 27 2017, 4:48 PM (398 w, 2 d)
- Availability
- Available
Oct 18 2020
Fair enough with regards to portability, and this is not a hill I will die on, but can you comment on the security concerns of using %n?
Oct 17 2020
Hi Werner,
Nov 17 2017
Shall we close this?
Nov 7 2017
So is 380bce13d94f the correct fix? If so, I will update the OpenBSD port including this as a local patch.
Nov 6 2017
I confirm that applying the patch fixes the hang under a VM, and does not adversely affect running on a bare metal machine either.
Oct 28 2017
Here are a couple of traces of the hanging t-protect test under the VM. I just let it run for a bit under gdb and pressed ctrl+c on a couple of occasions:
I've been experimenting.
Oct 27 2017
Mar 31 2017
Mar 28 2017
Thanks, sounds like you have plans to address all three of the problems then.
Cheers
Oct 2 2015
No problem!
Regarding ipv6. It's not that my OS doesn't support it, it's that the network I
am currently connected to (on my laptop) is not providing IPv6. There's nothing
to say that I won't move to another network that does.
Detecting IPv6 capability would be useful, but (I think) difficult. Especially
since I can move between networks in the lifetime of a single dirmngr. If I move
from a network *without* IPv6 to a network *with* IPv6, should dirmngr realise
and re-enable IPv6?
Anyway, we should open a new bug for this?
P.S.
The fix is applied to OpenBSD ports 2.1.8.
Cheers
Sep 29 2015
The unusable hosts is a separate issue. I don't have IPv6 connectivity. I can
work around this by using the ipv4 sks pool.
OK, I think the crash is a use-after free, caused by a realloc followed by a use
of the old dangling pointer.
The following patch fixes this. Can someone on the GPG team review and commit
this for me? I can deal with fixing this in the OpenBSD ports tree. Thanks.
- dirmngr/ks-engine-hkp.c.orig Tue Sep 29 15:05:02 2015
+++ dirmngr/ks-engine-hkp.c Tue Sep 29 15:05:26 2015
@@ -512,7 +512,7 @@ map_host (ctrl_t ctrl, const char *name, int force_res
xfree (reftbl); return err; }
- qsort (reftbl, refidx, sizeof *reftbl, sort_hostpool);
+ qsort (hi->pool, refidx, sizeof *reftbl, sort_hostpool);
} else xfree (reftbl);
Sep 22 2015
FWIW, after setting MALLOC_FLAGS="s", I get:
dirmngr[16846.0]: getnameinfo returned for 'pool.sks-keyservers.net': 'openpgp.us' dirmngr[16846.0]: getnameinfo returned for 'pool.sks-keyservers.net': 'jupiter.zaledia.com' dirmngr[16846.0]: getnameinfo returned for 'pool.sks-keyservers.net': 'schluesselbruecke.de' dirmngr[16846.0]: getnameinfo returned for 'pool.sks-keyservers.net': 'keys- 02.licoho.de' dirmngr[16846.0]: getnameinfo returned for 'pool.sks-keyservers.net': 'host- 550b4a17.sileman.net.pl' dirmngr[16846.0]: getnameinfo returned for 'pool.sks-keyservers.net': 'keyserver.mattrude.com' dirmngr[16846.0]: getnameinfo returned for 'pool.sks-keyservers.net': 'dreamcoat.che.uct.ac.za' dirmngr[16846.0]: getnameinfo returned for 'pool.sks-keyservers.net': '194.94.127.122' dirmngr[16846.0]: getnameinfo returned for 'pool.sks-keyservers.net': 'RESISP- 209-135-211-141.smf.ragingwire.net' dirmngr[16846.0]: getnameinfo returned for 'pool.sks-keyservers.net': 'pkqs.net' dirmngr[16846.0]: getnameinfo returned for 'pool.sks-keyservers.net': 'openpgp- keyserver.de' dirmngr[16846.0]: getnameinfo returned for 'pool.sks-keyservers.net': '[2001:4d88:1ffc:477::7]' dirmngr[16846.0]: getnameinfo returned for 'pool.sks-keyservers.net': '[2001:67c:2050:1000::3:4]' dirmngr[16846.0]: getnameinfo returned for 'pool.sks-keyservers.net': '[2a01:a500:385:1::9:1]' dirmngr[16846.0]: getnameinfo returned for 'pool.sks-keyservers.net': 'mira.cbaines.net' dirmngr[16846.0]: getnameinfo returned for 'pool.sks-keyservers.net': '[2001:bc8:3d90:103::]' dirmngr[16846.0]: getnameinfo returned for 'pool.sks-keyservers.net': '[2001:470:b2a7:1:225:90ff:fe93:e9fc]' dirmngr[16846.0]: getnameinfo returned for 'pool.sks-keyservers.net': '[2001:1488:ac15:fffe::4]' dirmngr[16846.0]: getnameinfo returned for 'pool.sks-keyservers.net': '[2a00:b9c0:e::4]' dirmngr[16846.0]: getnameinfo returned for 'pool.sks-keyservers.net': '[2604:a880:800:10::688:e001]' dirmngr[16846.0]: can't connect to '2001:470:b2a7:1:225:90ff:fe93:e9fc': No route to host dirmngr[16846.0]: error connecting to 'http://[2001:470:b2a7:1:225:90ff:fe93:e9fc]:11371': No route to host dirmngr[16846.0]: command 'KS_SEARCH' failed: No route to host ERR 167804970 No route to host <Dirmngr>
I ran again and got:
KEYSERVER --clear hkp://pool.sks-keyservers.net KS_SEARCH blah@sometesst.ext OK dirmngr[16131.0]: getnameinfo returned for 'pool.sks-keyservers.net': 'RESISP- 209-135-211-141.smf.ragingwire.net' dirmngr[16131.0]: getnameinfo returned for 'pool.sks-keyservers.net': 'dreamcoat.che.uct.ac.za' dirmngr[16131.0]: getnameinfo returned for 'pool.sks-keyservers.net': 'pkqs.net' dirmngr[16131.0]: getnameinfo returned for 'pool.sks-keyservers.net': 'host- 550b4a17.sileman.net.pl' dirmngr[16131.0]: getnameinfo returned for 'pool.sks-keyservers.net': 'keys- 02.licoho.de' dirmngr[16131.0]: getnameinfo returned for 'pool.sks-keyservers.net': 'jupiter.zaledia.com' dirmngr[16131.0]: getnameinfo returned for 'pool.sks-keyservers.net': '194.94.127.122' dirmngr[16131.0]: getnameinfo returned for 'pool.sks-keyservers.net': 'schluesselbruecke.de' dirmngr[16131.0]: getnameinfo returned for 'pool.sks-keyservers.net': 'openpgp.us' dirmngr[16131.0]: getnameinfo returned for 'pool.sks-keyservers.net': 'keyserver.mattrude.com' dirmngr[16131.0]: getnameinfo returned for 'pool.sks-keyservers.net': '[2604:a880:800:10::688:e001]' dirmngr[16131.0]: getnameinfo returned for 'pool.sks-keyservers.net': '[2a00:b9c0:e::4]' dirmngr[16131.0]: getnameinfo returned for 'pool.sks-keyservers.net': '[2001:470:b2a7:1:225:90ff:fe93:e9fc]' dirmngr[16131.0]: getnameinfo returned for 'pool.sks-keyservers.net': 'openpgp- keyserver.de' dirmngr[16131.0]: getnameinfo returned for 'pool.sks-keyservers.net': '[2001:4d88:1ffc:477::7]' dirmngr[16131.0]: getnameinfo returned for 'pool.sks-keyservers.net': 'mira.cbaines.net' dirmngr[16131.0]: getnameinfo returned for 'pool.sks-keyservers.net': '[2001:1488:ac15:fffe::4]' dirmngr[16131.0]: getnameinfo returned for 'pool.sks-keyservers.net': '[2001:67c:2050:1000::3:4]' dirmngr[16131.0]: getnameinfo returned for 'pool.sks-keyservers.net': '[2a01:a500:385:1::9:1]' dirmngr[16131.0]: getnameinfo returned for 'pool.sks-keyservers.net': '[2001:bc8:3d90:103::]' dirmngr[16131.0]: error accessing 'http://194.94.127.122:11371/pks/lookup? op=index&options=mr&search=blah%40sometesst%2Eext': http status 404 dirmngr[16131.0]: command 'KS_SEARCH' failed: No data ERR 167772218 No data <Dirmngr>
Seems like it doesn't crash with malloc flags on (which is weird). I'm not sure
how dirmngr is supposed to work, but from what i gather the SKS pool has loads
of broken hosts. I've not gotten a working one yet. Surely this can't be right?