[Pkg-gnupg-maint] Bug#702400: gnupg eMail validation rejects some valid addresses
Matthew Wronka
debian-bugs at projects.matt.wronka.org
Wed Mar 6 03:14:00 UTC 2013
Package: gnupg
Version: 1.4.10-4+squeeze1
Severity: normal
Tags: upstream patch
In the latest upstream 1.4 and 2.0 branches of GNU Privacy Guard, the
eMail validation routine rejects many valid (but uncommon) eMail addressess
prohibiting these addresess from being used to create new keys.
The routines are basically identical between 1.4 and 2.0 branches, and a patch
for 1.4 is at the end, or at the following URL:
http://matt.wronka.org/stuff/projects/icpp/gnupg/gnupg-1.4.13-emailvalidator.diff
-- System Information:
Debian Release: 6.0.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages gnupg depends on:
ii dpkg 1.15.8.12 Debian package management system
ii gpgv 1.4.10-4 GNU privacy guard - signature veri
ii install-info 4.13a.dfsg.1-6 Manage installed documentation in
ii libbz2-1.0 1.0.5-6+squeeze1 high-quality block-sorting file co
ii libc6 2.11.3-3 Embedded GNU C Library: Shared lib
ii libreadline6 6.1-3 GNU readline and history libraries
ii libusb-0.1-4 2:0.1.12-16 userspace USB programming library
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages gnupg recommends:
pn gnupg-curl <none> (no description available)
ii libldap-2.4-2 2.4.23-7.2 OpenLDAP libraries
Versions of packages gnupg suggests:
pn gnupg-doc <none> (no description available)
pn libpcsclite1 <none> (no description available)
pn xloadimage | imagemagick | eo <none> (no description available)
-- no debconf information
--- gnupg-1.4.13/g10/misc.c 2012-12-20 12:22:27.000000000 -0500
+++ gnupg-1.4.13-modified/g10/misc.c 2013-03-05 03:12:07.166027420 -0500
@@ -1166,21 +1166,51 @@
has_invalid_email_chars (const char *s)
{
int at_seen=0;
+ int in_quoted=0;
const char *valid_chars=
"01234567890_-.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+ const char *valid_local_chars=
+ "0123456789_-abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!#$%&'*+/=?^`|~{}";
- for ( ; *s; s++ )
+ /* Verify we have txt, and the first character is valid */
+ if( s == NULL || *s == '.' || *s == '@' )
+ return 1;
+ if( *s == '"')
{
- if ( *s & 0x80 )
+ in_quoted = 1;
+ s++;
+ }
+
+ for ( ; *s; s++ )
+ {
+ if ( (*s & 0x80) )
continue; /* We only care about ASCII. */
- if ( *s == '@' )
- at_seen=1;
- else if ( !at_seen && !( !!strchr( valid_chars, *s ) || *s == '+' ) )
- return 1;
else if ( at_seen && !strchr( valid_chars, *s ) )
return 1;
+ else if ( !! strchr( valid_local_chars, *s ) )
+ continue;
+ else if ( in_quoted )
+ {
+ if ( *s == '"' )
+ {
+ if ( *(++s) == '@' )
+ at_seen=1;
+ else
+ return 1;
+ }
+ else if ( *s == '\\' )
+ {
+ ++s;
+ if ( *s < 33 && *s > 126 )
+ return 1;
+ }
+ else if ( ! ( *s >= 33 && *s <= 126 && *s != 34 && *s != 92 ) )
+ return 1;
+ }
+ else if ( *s == '@' )
+ at_seen=1;
}
- return 0;
+ return !at_seen;
}
@@ -1192,11 +1222,10 @@
return !( !name
|| !*name
|| has_invalid_email_chars (name)
- || string_count_chr (name,'@') != 1
|| *name == '@'
|| name[strlen(name)-1] == '@'
|| name[strlen(name)-1] == '.'
- || strstr (name, "..") );
+ );
}
More information about the Pkg-gnupg-maint
mailing list