[pkg-gnupg-maint] Bug#928963: gpg-agent READKEY emits an invalid S-expression when private key file has comment (on 64-bit big-endian platforms)

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue May 14 05:38:43 BST 2019

Package: gpg-agent
Severity: serious
Version: 2.2.12-1
Control: found -1 2.2.13-1
Control: found -1 2.2.14-1
Control: found -1 2.2.15-1
Control: affects -1 src:monkeysphere
Control: tags -1 patch upstream
Control: forwarded -1 https://dev.gnupg.org/T4501

On sparc64, powerpc64, and s390x (debian's three 64-bit big-endian
platforms), gpg is unable to create a new OpenPGP certificate from some
secret keys that it already knows about.

In particular, "gpg --batch --generate" from a Key-Grip: line that
refers to a key file in private-keys-v1.d/ that contains a comment
sublist will fail with "Invalid S-expression" on those platforms.

This is due to a buggy invocation of gcry_sexp_build_array that is only
tickled when int is smaller than size_t and the platform is big-endian,
which causes the comment string to be set to zero length, which itself
is interpreted as an error of GPG_ERR_SEXP_ZERO_PREFIX.

However, this failure causes necessary functionality for
"monkeysphere-host import-key" as of monkeysphere version 0.43-3 to
break on these platforms, making monkeysphere FTBFS because the failure
is caught by its test suite.

The attached patch resolves the issue when i test it on
zelenka.debian.org (s390x), and should also work on the other two


-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-agent-correct-length-for-uri-and-comment-on-64-bit-b.patch
Type: text/x-diff
Size: 2180 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20190514/76ed22e0/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20190514/76ed22e0/attachment.sig>

More information about the pkg-gnupg-maint mailing list