[Pkg-gnupg-maint] Bug#771263: Bug#771263: gnupg fails (buffer overflow detected) to encrypt archive when called from duplicity

Pandu Rao pandu.rao at gmail.com
Sat Dec 6 00:44:57 UTC 2014 

I used to have a Debian wheezy 32-bit x86 installation. I upgraded to
Jessie 64-bit amd64. This error first showed up on the day I made the
switch.

i.e. The previous archive was made using 32-bit wheezy duplicity, and
a remote archive of a large directory (~622 Mib).

This issue only showed up only when all the above points were true.

I could not reproduce it with a local duplicity backup, or an ssh
backup of the same local archive.

Since, I had the same local archive, I simply deleted the remote
archive and ran duplicity again. It worked.

This leads me to believe that the remote duplicity archive may have
been corrupt.

I would close this issue as not reproducible. I will keep a close
watch on it and If it recurs, I will have a more useful bug report.



On Wed, Dec 3, 2014 at 4:42 PM, NIIBE Yutaka <gniibe at fsij.org> wrote:
> On 11/29/2014 04:35 AM, Pandu Rao wrote:
>> Both /dev/random and /dev/urandom seem to work fine.
>
> Thanks for your checking.
>
> It would be good if you have a small test case which can reproduce the
> failure.  I tried duplicity with scp myself, but I couldn't reproduce
> the bug.
>
> The error occured with the message:
>
>> *** buffer overflow detected ***: gpg terminated
>
> If this is caused by __fdelt_chk, it means that the file descriptor is
>> 1024, which is not likely in usual conditions.
>
> Attached is my own test case which can reproduce this error message.
> It artificially uses more than 1024 file descriptors, and it kicks the
> point of GnuPG.
>
> But, I am not sure if your case is really like that.
>
> I modified /usr/lib/python2.7/dist-packages/duplicity/gpginterface.py
> to see the file descriptors in actual use (by the output to stderr).
>
> Invoking duplicity, the maximum number was 12 (for me with ssh), far
> lower than 1024.
>
> I suspect if duplicity has some bug not closing file.
>
> --- gpginterface.py~    2014-05-09 22:27:39.000000000 +0900
> +++ gpginterface.py     2014-11-28 16:05:14.089967785 +0900
> @@ -404,6 +404,7 @@
>              # if we are writing
>              if _fd_modes[fh_name] == 'w': pipe = (pipe[1], pipe[0])
>              process._pipes[fh_name] = Pipe(pipe[0], pipe[1], 0)
> +            print >> sys.stderr, ("PIPE: %d" % pipe[0])
>
>          for fh_name, fh in attach_fhs.items():
>              process._pipes[fh_name] = Pipe(fh.fileno(), fh.fileno(), 1)
> --

More information about the Pkg-gnupg-maint mailing list