[Pkg-gnupg-maint] Bug#503853: gnupg: Sometimes hangs on truncated binary input

Adrian Irving-Beer wisq-deb at wisq.net
Tue Oct 28 19:31:00 UTC 2008 

Package: gnupg
Version: 1.4.9-3
Severity: normal

Here's the sequence of events:

    % echo '1234' | gpg --sign > foo
	<I enter my passphrase>
    % ls -l foo
    -rw-r--r-- 1 wisq wisq 98 2008-10-28 15:19 foo
    % dd if=foo of=bar bs=1 count=97
    97+0 records in
    97+0 records out
    97 bytes (97 B) copied, 0.000480021 s, 202 kB/s
    % gpg --verify bar
	<hangs>

Note that this only hangs sometimes.  Other times, it correctly detects
the error:

    % gpg --verify bar
    gpg: fatal: zlib inflate problem: invalid distance code
    secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768

When it hangs, the output of --debug-all shows

    gpg: DBG: enter inflate: avail_in=1, avail_out=8071
    gpg: DBG: leave inflate: avail_in=0, avail_out=8070, zrc=0
    gpg: DBG: iobuf-1.0: underflow: eof (no filter)
    gpg: DBG: enter inflate: avail_in=1, avail_out=8070
    gpg: DBG: leave inflate: avail_in=0, avail_out=8069, zrc=0
    gpg: DBG: iobuf-1.0: underflow: eof (no filter)
    gpg: DBG: enter inflate: avail_in=1, avail_out=8069
    gpg: DBG: leave inflate: avail_in=0, avail_out=8068, zrc=0
    gpg: DBG: iobuf-1.0: underflow: eof (no filter)

etc., looping forever.

The main problem is that this renders GnuPG much less useful for
unattended operation on arbitrary binary data supplied by untrusted
peers -- e.g. for a service that verifies incoming data and takes
action on the data if it trusts the signature, like the one I'm
designing (to handle dynamic DNS updates).

For such a service, this would constitute a local denial-of-service if
the process limits its GnuPG workers, or a system-wide denial-of-
service if it doesn't.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages gnupg depends on:
ii  gpgv                   1.4.9-3           GNU privacy guard - signature veri
ii  libbz2-1.0             1.0.5-1           high-quality block-sorting file co
ii  libc6                  2.7-14            GNU C Library: Shared libraries
ii  libreadline5           5.2-3             GNU readline and history libraries
ii  libusb-0.1-4           2:0.1.12-12       userspace USB programming library
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

Versions of packages gnupg recommends:
ii  libldap-2.4-2                 2.4.11-1   OpenLDAP libraries

Versions of packages gnupg suggests:
pn  gnupg-doc           <none>               (no description available)
ii  imagemagick         7:6.3.7.9.dfsg1-2+b2 image manipulation programs
pn  libpcsclite1        <none>               (no description available)
ii  xloadimage          4.1-16               Graphics file viewer under X11

-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20081028/780a9bc6/attachment.pgp

More information about the Pkg-gnupg-maint mailing list