[pkg-gnupg-maint] Bug#878812: Segfaults when encrypting to certain keys

Guido Günther agx at sigxcpu.org
Mon Oct 16 20:35:15 UTC 2017 

Hi,
On Mon, Oct 16, 2017 at 10:02:09PM +0200, Guido Günther wrote:
> Package: gnupg
> Version: 2.2.1-2
> Severity: normal
> 
> Encrypting to 1A6F3E639A4467E8C3476525DF6D76C44D696F6B makes GPG here
> segfault like:
> 
> $ coredumpctl dump
>            PID: 21438 (gpg)
>            UID: 1000 (agx)
>            GID: 1000 (agx)
>         Signal: 6 (ABRT)
>      Timestamp: Mon 2017-10-16 21:57:08 CEST (36s ago)
>   Command Line: gpg --enable-special-filenames --batch --no-sk-comments --lc-messages en_US.UTF-8 --lc-ctype de_DE.UTF-8 --status-fd 5 --no-tty --charset utf8 --enable-progress-filter --exit-on-status-write-error --display :0 --ttyname /dev/pts/5 --ttytype xterm-256color --encrypt --armor --always-trust -r 1A6F3E639A4467E8C3476525DF6D76C44D696F6B -r 0DB3932762F78E592F6522AFBB5A2C77584122D3 -r 0DB3932762F78E592F6522AFBB5A2C77584122D3 --output - -- -&8
>     Executable: /usr/bin/gpg
>  Control Group: /user.slice/user-1000.slice/user at 1000.service/gnome-terminal-server.service
>           Unit: user at 1000.service
>      User Unit: gnome-terminal-server.service
>          Slice: user-1000.slice
>      Owner UID: 1000 (agx)
>        Boot ID: 4ef1bf5cd7da4bfcb061d19089fe468e
>     Machine ID: 15e9777086166538c724eaba52d14fa1
>       Hostname: bogon
>        Storage: /var/lib/systemd/coredump/core.gpg.1000.4ef1bf5cd7da4bfcb061d19089fe468e.21438.1508183828000000.lz4
>        Message: Process 21438 (gpg) of user 1000 dumped core.
>                 
>                 Stack trace of thread 21438:
>                 #0  0x00007fd58eef3fff __GI_raise (libc.so.6)
>                 #1  0x00007fd58eef542a __GI_abort (libc.so.6)
>                 #2  0x0000556a0f291f09 do_logv (gpg)
>                 #3  0x0000556a0f29290d log_log (gpg)
>                 #4  0x0000556a0f29306f bug_at (gpg)
>                 #5  0x0000556a0f243c1e do_we_trust (gpg)
>                 #6  0x0000556a0f243fff find_and_check_key (gpg)
>                 #7  0x0000556a0f2455b6 find_and_check_key (gpg)
>                 #8  0x0000556a0f24b6c2 encrypt_crypt (gpg)
>                 #9  0x0000556a0f203563 main (gpg)
>                 #10 0x00007fd58eee12e1 __libc_start_main (libc.so.6)
>                 #11 0x0000556a0f2054da _start (gpg)


And here's the backtrace from gdb:

(gdb) bt
#0  __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007fd58eef542a in __GI_abort () at abort.c:89
#2  0x0000556a0f291f09 in do_logv (level=6, ignore_arg_ptr=<optimized out>, extrastring=0x0, prefmt=<optimized out>, fmt=<optimized out>, arg_ptr=0x7ffc0d74f950) at ../../common/logging.c:859
#3  0x0000556a0f29290d in log_log (level=level at entry=6, fmt=fmt at entry=0x556a0f2c72c3 "... this is a bug (%s:%d:%s)\n") at ../../common/logging.c:872
#4  0x0000556a0f29306f in bug_at (file=file at entry=0x556a0f2b7a42 "../../g10/pkclist.c", line=line at entry=417, func=func at entry=0x556a0f2b87f0 <__FUNCTION__.10242> "do_we_trust") at ../../common/logging.c:1074
#5  0x0000556a0f243c1e in do_we_trust (trustlevel=<optimized out>, pk=0x1) at ../../g10/pkclist.c:417
#6  do_we_trust_pre (ctrl=ctrl at entry=0x556a108e0ce0, pk=pk at entry=0x556a108ffbe0, trustlevel=<optimized out>) at ../../g10/pkclist.c:474
#7  0x0000556a0f243fff in find_and_check_key (ctrl=ctrl at entry=0x556a108e0ce0, name=name at entry=0x556a108df95c "1A6F3E639A4467E8C3476525DF6D76C44D696F6B", use=use at entry=2, mark_hidden=0, from_file=0, 
    pk_list_addr=pk_list_addr at entry=0x7ffc0d74fb20) at ../../g10/pkclist.c:885
#8  0x0000556a0f2455b6 in find_and_check_key (pk_list_addr=0x7ffc0d74fb20, from_file=<optimized out>, mark_hidden=<optimized out>, use=2, name=0x556a108df95c "1A6F3E639A4467E8C3476525DF6D76C44D696F6B", 
    ctrl=0x556a108e0ce0) at ../../g10/pkclist.c:1301
#9  build_pk_list (ctrl=ctrl at entry=0x556a108e0ce0, rcpts=rcpts at entry=0x556a108df9d0, ret_pk_list=ret_pk_list at entry=0x7ffc0d74fc18) at ../../g10/pkclist.c:1301
#10 0x0000556a0f24b6c2 in encrypt_crypt (ctrl=0x556a108e0ce0, filefd=-1, filename=0x7ffc0d75324f "-&8", remusr=0x556a108df9d0, use_symkey=0, provided_keys=0x0, outputfd=-1) at ../../g10/encrypt.c:523
#11 0x0000556a0f203563 in main (argc=<optimized out>, argv=<optimized out>) at ../../g10/gpg.c:4155

> 
> 
> I'm using the debian keyring to provide that key:
> 
>     keyring /usr/share/keyrings/debian-keyring.gpg
> 
> Cheers,
>  -- Guido
> 
> 
> -- System Information:
> Debian Release: buster/sid
>   APT prefers testing
>   APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-updates'), (500, 'oldoldstable'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
> 
> Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
> Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> 
> Versions of packages gnupg depends on:
> ii  dirmngr         2.2.1-2
> ii  gnupg-l10n      2.2.1-2
> ii  gnupg-utils     2.2.1-2
> ii  gpg             2.2.1-2
> ii  gpg-agent       2.2.1-2
> ii  gpg-wks-client  2.2.1-2
> ii  gpg-wks-server  2.2.1-2
> ii  gpgsm           2.2.1-2
> ii  gpgv            2.2.1-2
> 
> gnupg recommends no packages.
> 
> Versions of packages gnupg suggests:
> pn  parcimonie  <none>
> pn  xloadimage  <none>
> 
> -- no debconf information

More information about the pkg-gnupg-maint mailing list